mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-26 13:29:12 -05:00
Highlight signed tags like signed commits
This makes signed tags show a badge in the tag list similar to signed commits in the commit list, and a more verbose block when viewing a single tag. Works for both GPG and SSH signed tags. Fixes #1316. Work sponsored by @glts. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
This commit is contained in:
parent
9ecd041975
commit
923035e418
6 changed files with 186 additions and 2 deletions
|
@ -11,6 +11,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"code.gitea.io/gitea/models"
|
"code.gitea.io/gitea/models"
|
||||||
|
"code.gitea.io/gitea/models/asymkey"
|
||||||
"code.gitea.io/gitea/models/db"
|
"code.gitea.io/gitea/models/db"
|
||||||
git_model "code.gitea.io/gitea/models/git"
|
git_model "code.gitea.io/gitea/models/git"
|
||||||
repo_model "code.gitea.io/gitea/models/repo"
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
|
@ -18,6 +19,7 @@ import (
|
||||||
user_model "code.gitea.io/gitea/models/user"
|
user_model "code.gitea.io/gitea/models/user"
|
||||||
"code.gitea.io/gitea/modules/base"
|
"code.gitea.io/gitea/modules/base"
|
||||||
"code.gitea.io/gitea/modules/git"
|
"code.gitea.io/gitea/modules/git"
|
||||||
|
"code.gitea.io/gitea/modules/gitrepo"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/markup"
|
"code.gitea.io/gitea/modules/markup"
|
||||||
"code.gitea.io/gitea/modules/markup/markdown"
|
"code.gitea.io/gitea/modules/markup/markdown"
|
||||||
|
@ -192,6 +194,7 @@ func Releases(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.Data["Releases"] = releases
|
ctx.Data["Releases"] = releases
|
||||||
|
addVerifyTagToContext(ctx)
|
||||||
|
|
||||||
numReleases := ctx.Data["NumReleases"].(int64)
|
numReleases := ctx.Data["NumReleases"].(int64)
|
||||||
pager := context.NewPagination(int(numReleases), listOptions.PageSize, listOptions.Page, 5)
|
pager := context.NewPagination(int(numReleases), listOptions.PageSize, listOptions.Page, 5)
|
||||||
|
@ -201,6 +204,44 @@ func Releases(ctx *context.Context) {
|
||||||
ctx.HTML(http.StatusOK, tplReleasesList)
|
ctx.HTML(http.StatusOK, tplReleasesList)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func verifyTagSignature(ctx *context.Context, r *repo_model.Release) (*asymkey.ObjectVerification, error) {
|
||||||
|
if err := r.LoadAttributes(ctx); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
gitRepo, err := gitrepo.OpenRepository(ctx, r.Repo)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer gitRepo.Close()
|
||||||
|
|
||||||
|
tag, err := gitRepo.GetTag(r.TagName)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if tag.Signature == nil {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
verification := asymkey.ParseTagWithSignature(ctx, gitRepo, tag)
|
||||||
|
return verification, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func addVerifyTagToContext(ctx *context.Context) {
|
||||||
|
ctx.Data["VerifyTag"] = func(r *repo_model.Release) *asymkey.ObjectVerification {
|
||||||
|
v, err := verifyTagSignature(ctx, r)
|
||||||
|
if err != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
ctx.Data["HasSignature"] = func(verification *asymkey.ObjectVerification) bool {
|
||||||
|
if verification == nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return verification.Reason != "gpg.error.not_signed_commit"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// TagsList render tags list page
|
// TagsList render tags list page
|
||||||
func TagsList(ctx *context.Context) {
|
func TagsList(ctx *context.Context) {
|
||||||
ctx.Data["PageIsTagList"] = true
|
ctx.Data["PageIsTagList"] = true
|
||||||
|
@ -240,6 +281,7 @@ func TagsList(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.Data["Releases"] = releases
|
ctx.Data["Releases"] = releases
|
||||||
|
addVerifyTagToContext(ctx)
|
||||||
|
|
||||||
numTags := ctx.Data["NumTags"].(int64)
|
numTags := ctx.Data["NumTags"].(int64)
|
||||||
pager := context.NewPagination(int(numTags), opts.PageSize, opts.Page, 5)
|
pager := context.NewPagination(int(numTags), opts.PageSize, opts.Page, 5)
|
||||||
|
@ -304,6 +346,7 @@ func SingleRelease(ctx *context.Context) {
|
||||||
if release.IsTag && release.Title == "" {
|
if release.IsTag && release.Title == "" {
|
||||||
release.Title = release.TagName
|
release.Title = release.TagName
|
||||||
}
|
}
|
||||||
|
addVerifyTagToContext(ctx)
|
||||||
|
|
||||||
ctx.Data["PageIsSingleTag"] = release.IsTag
|
ctx.Data["PageIsSingleTag"] = release.IsTag
|
||||||
if release.IsTag {
|
if release.IsTag {
|
||||||
|
|
|
@ -60,6 +60,7 @@
|
||||||
<div class="markup desc">
|
<div class="markup desc">
|
||||||
{{$release.RenderedNote}}
|
{{$release.RenderedNote}}
|
||||||
</div>
|
</div>
|
||||||
|
{{template "repo/tag/verification_line" (dict "ctxData" $ "release" $release)}}
|
||||||
<div class="divider"></div>
|
<div class="divider"></div>
|
||||||
<details class="download" {{if eq $idx 0}}open{{end}}>
|
<details class="download" {{if eq $idx 0}}open{{end}}>
|
||||||
<summary class="tw-my-4">
|
<summary class="tw-my-4">
|
||||||
|
|
|
@ -16,12 +16,13 @@
|
||||||
{{range $idx, $release := .Releases}}
|
{{range $idx, $release := .Releases}}
|
||||||
<tr>
|
<tr>
|
||||||
<td class="tag">
|
<td class="tag">
|
||||||
<h3 class="release-tag-name tw-mb-2">
|
<h3 class="release-tag-name tw-mb-2 tw-flex">
|
||||||
{{if $canReadReleases}}
|
{{if $canReadReleases}}
|
||||||
<a class="tw-flex tw-items-center" href="{{$.RepoLink}}/releases/tag/{{.TagName | PathEscapeSegments}}" rel="nofollow">{{.TagName}}</a>
|
<a class="tw-flex tw-items-center" href="{{$.RepoLink}}/releases/tag/{{.TagName | PathEscapeSegments}}" rel="nofollow">{{.TagName}}</a>
|
||||||
{{else}}
|
{{else}}
|
||||||
<a class="tw-flex tw-items-center" href="{{$.RepoLink}}/src/tag/{{.TagName | PathEscapeSegments}}" rel="nofollow">{{.TagName}}</a>
|
<a class="tw-flex tw-items-center" href="{{$.RepoLink}}/src/tag/{{.TagName | PathEscapeSegments}}" rel="nofollow">{{.TagName}}</a>
|
||||||
{{end}}
|
{{end}}
|
||||||
|
{{template "repo/tag/verification_box" (dict "ctxData" $ "release" $release)}}
|
||||||
</h3>
|
</h3>
|
||||||
<div class="download tw-flex tw-items-center">
|
<div class="download tw-flex tw-items-center">
|
||||||
{{if $.Permission.CanRead $.UnitTypeCode}}
|
{{if $.Permission.CanRead $.UnitTypeCode}}
|
||||||
|
|
27
templates/repo/tag/verification_box.tmpl
Normal file
27
templates/repo/tag/verification_box.tmpl
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{{$v := call .ctxData.VerifyTag .release}}
|
||||||
|
{{if call .ctxData.HasSignature $v}}
|
||||||
|
{{$class := "isSigned"}}
|
||||||
|
{{$href := ""}}
|
||||||
|
{{if $v.Verified}}
|
||||||
|
{{$href = $v.SigningUser.HomeLink}}
|
||||||
|
{{$class = (print $class " isVerified")}}
|
||||||
|
{{else}}
|
||||||
|
{{$class = (print $class " isWarning")}}
|
||||||
|
{{end}}
|
||||||
|
|
||||||
|
<a {{if $href}}href="{{$href}}"{{end}} class="ui label tw-ml-2 {{$class}}">
|
||||||
|
{{if $v.Verified}}
|
||||||
|
<div title="{{$v.Reason}}">
|
||||||
|
{{if ne $v.SigningUser.ID 0}}
|
||||||
|
{{svg "gitea-lock"}}
|
||||||
|
{{ctx.AvatarUtils.Avatar $v.SigningUser 28 "signature"}}
|
||||||
|
{{else}}
|
||||||
|
<span title="{{ctx.Locale.Tr "gpg.default_key"}}">{{svg "gitea-lock-cog"}}</span>
|
||||||
|
{{ctx.AvatarUtils.AvatarByEmail $v.Verification.SigningEmail "" 28 "signature"}}
|
||||||
|
{{end}}
|
||||||
|
</div>
|
||||||
|
{{else}}
|
||||||
|
<span title="{{ctx.Locale.Tr $v.Reason}}">{{svg "gitea-unlock"}}</span>
|
||||||
|
{{end}}
|
||||||
|
</a>
|
||||||
|
{{end}}
|
80
templates/repo/tag/verification_line.tmpl
Normal file
80
templates/repo/tag/verification_line.tmpl
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
{{$v := call .ctxData.VerifyTag .release}}
|
||||||
|
{{if call .ctxData.HasSignature $v}}
|
||||||
|
{{$class := "isSigned"}}
|
||||||
|
{{$href := ""}}
|
||||||
|
{{if $v.Verified}}
|
||||||
|
{{$href = $v.SigningUser.HomeLink}}
|
||||||
|
{{$class = (print $class " isVerified")}}
|
||||||
|
{{else}}
|
||||||
|
{{$class = (print $class " isWarning")}}
|
||||||
|
{{end}}
|
||||||
|
|
||||||
|
<div class="ui bottom attached message tw-text-left tw-flex tw-content-center tw-justify-between tag-signature-row tw-flex-wrap tw-mb-0 {{$class}}">
|
||||||
|
<div class="tw-flex tw-content-center">
|
||||||
|
{{if $v.Verified}}
|
||||||
|
{{if ne $v.SigningUser.ID 0}}
|
||||||
|
{{svg "gitea-lock" 16 "tw-mr-2"}}
|
||||||
|
<span class="ui text tw-mr-2">{{ctx.Locale.Tr "repo.commits.signed_by"}}</span>
|
||||||
|
{{ctx.AvatarUtils.Avatar $v.SigningUser 28 "tw-mr-2"}}
|
||||||
|
<a href="{{$v.SigningUser.HomeLink}}"><strong>{{$v.SigningUser.GetDisplayName}}</strong></a>
|
||||||
|
{{else}}
|
||||||
|
<span title="{{ctx.Locale.Tr "gpg.default_key"}}">{{svg "gitea-lock-cog" 16 "tw-mr-2"}}</span>
|
||||||
|
<span class="ui text tw-mr-2">{{ctx.Locale.Tr "repo.commits.signed_by"}}:</span>
|
||||||
|
{{ctx.AvatarUtils.AvatarByEmail $v.SigningEmail "" 28 "tw-mr-2"}}
|
||||||
|
<strong>{{$v.SigningUser.GetDisplayName}}</strong>
|
||||||
|
{{end}}
|
||||||
|
{{else}}
|
||||||
|
{{svg "gitea-unlock" 16 "tw-mr-2"}}
|
||||||
|
<span class="ui text">{{ctx.Locale.Tr $v.Reason}}</span>
|
||||||
|
{{end}}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="tw-flex tw-content-center">
|
||||||
|
{{if $v.Verified}}
|
||||||
|
{{if ne $v.SigningUser.ID 0}}
|
||||||
|
{{svg "octicon-verified" 16 "tw-mr-2"}}
|
||||||
|
{{if $v.SigningSSHKey}}
|
||||||
|
<span class="ui text tw-mr-2">{{ctx.Locale.Tr "repo.commits.ssh_key_fingerprint"}}:</span>
|
||||||
|
{{$v.SigningSSHKey.Fingerprint}}
|
||||||
|
{{else}}
|
||||||
|
<span class="ui text tw-mr-2">{{ctx.Locale.Tr "repo.commits.gpg_key_id"}}:</span>
|
||||||
|
{{$v.SigningKey.PaddedKeyID}}
|
||||||
|
{{end}}
|
||||||
|
{{else}}
|
||||||
|
{{svg "octicon-unverified" 16 "tw-mr-2"}}
|
||||||
|
{{if $v.SigningSSHKey}}
|
||||||
|
<span class="ui text tw-mr-2" data-tooltip-content="{{ctx.Locale.Tr "gpg.default_key"}}">{{ctx.Locale.Tr "repo.commits.ssh_key_fingerprint"}}:</span>
|
||||||
|
{{$v.SigningSSHKey.Fingerprint}}
|
||||||
|
{{else}}
|
||||||
|
<span class="ui text tw-mr-2" data-tooltip-content="{{ctx.Locale.Tr "gpg.default_key"}}">{{ctx.Locale.Tr "repo.commits.gpg_key_id"}}:</span>
|
||||||
|
{{$v.SigningKey.PaddedKeyID}}
|
||||||
|
{{end}}
|
||||||
|
{{end}}
|
||||||
|
{{else if $v.Warning}}
|
||||||
|
{{svg "octicon-unverified" 16 "tw-mr-2"}}
|
||||||
|
{{if $v.SigningSSHKey}}
|
||||||
|
<span class="ui text tw-mr-2">{{ctx.Locale.Tr "repo.commits.ssh_key_fingerprint"}}:</span>
|
||||||
|
{{$v.SigningSSHKey.Fingerprint}}
|
||||||
|
{{else}}
|
||||||
|
<span class="ui text tw-mr-2">{{ctx.Locale.Tr "repo.commits.gpg_key_id"}}:</span>
|
||||||
|
{{$v.SigningKey.PaddedKeyID}}
|
||||||
|
{{end}}
|
||||||
|
{{else}}
|
||||||
|
{{if $v.SigningKey}}
|
||||||
|
{{if ne $v.SigningKey.KeyID ""}}
|
||||||
|
{{svg "octicon-verified" 16 "tw-mr-2"}}
|
||||||
|
<span class="ui text tw-mr-2">{{ctx.Locale.Tr "repo.commits.gpg_key_id"}}:</span>
|
||||||
|
{{$v.SigningKey.PaddedKeyID}}
|
||||||
|
{{end}}
|
||||||
|
{{end}}
|
||||||
|
{{if $v.SigningSSHKey}}
|
||||||
|
{{if ne $v.SigningSSHKey.Fingerprint ""}}
|
||||||
|
{{svg "octicon-verified" 16 "tw-mr-2"}}
|
||||||
|
<span class="ui text tw-mr-2">{{ctx.Locale.Tr "repo.commits.ssh_key_fingerprint"}}:</span>
|
||||||
|
{{$v.SigningSSHKey.Fingerprint}}
|
||||||
|
{{end}}
|
||||||
|
{{end}}
|
||||||
|
{{end}}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{{end}}
|
|
@ -1878,6 +1878,31 @@
|
||||||
border-bottom: 1px solid var(--color-warning-border);
|
border-bottom: 1px solid var(--color-warning-border);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.repository .release-tag-name .ui.label.isSigned,
|
||||||
|
.repository .release-list-title .ui.label.isSigned {
|
||||||
|
padding: 0 0.5em;
|
||||||
|
box-shadow: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.repository .release-tag-name .ui.label.isSigned .avatar,
|
||||||
|
.repository .release-list-title .ui.label.isSigned .avatar {
|
||||||
|
margin-left: .5rem;
|
||||||
|
}
|
||||||
|
|
||||||
|
.repository .release-tag-name .ui.label.isSigned.isVerified,
|
||||||
|
.repository .release-list-title .ui.label.isSigned.isVerified {
|
||||||
|
border: 1px solid var(--color-success-border);
|
||||||
|
background-color: var(--color-success-bg);
|
||||||
|
color: var(--color-success-text);
|
||||||
|
}
|
||||||
|
|
||||||
|
.repository .release-tag-name .ui.label.isSigned.isWarning,
|
||||||
|
.repository .release-list-title .ui.label.isSigned.isWarning {
|
||||||
|
border: 1px solid var(--color-warning-border);
|
||||||
|
background-color: var(--color-warning-bg);
|
||||||
|
color: var(--color-warning-text);
|
||||||
|
}
|
||||||
|
|
||||||
.repository .segment.reactions.dropdown .menu,
|
.repository .segment.reactions.dropdown .menu,
|
||||||
.repository .select-reaction.dropdown .menu {
|
.repository .select-reaction.dropdown .menu {
|
||||||
right: 0 !important;
|
right: 0 !important;
|
||||||
|
@ -2111,12 +2136,19 @@
|
||||||
padding-top: 15px;
|
padding-top: 15px;
|
||||||
}
|
}
|
||||||
|
|
||||||
.commit-header-row {
|
.commit-header-row,
|
||||||
|
.tag-signature-row {
|
||||||
min-height: 50px !important;
|
min-height: 50px !important;
|
||||||
padding-top: 0 !important;
|
padding-top: 0 !important;
|
||||||
padding-bottom: 0 !important;
|
padding-bottom: 0 !important;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.tag-signature-row div {
|
||||||
|
margin-top: auto !important;
|
||||||
|
margin-bottom: auto !important;
|
||||||
|
display: inline-block !important;
|
||||||
|
}
|
||||||
|
|
||||||
.settings.webhooks .list > .item:not(:first-child),
|
.settings.webhooks .list > .item:not(:first-child),
|
||||||
.settings.githooks .list > .item:not(:first-child),
|
.settings.githooks .list > .item:not(:first-child),
|
||||||
.settings.actions .list > .item:not(:first-child) {
|
.settings.actions .list > .item:not(:first-child) {
|
||||||
|
|
Loading…
Reference in a new issue