joshua/dash-docs
1
0
Fork 0
mirror of https://github.com/seigler/dash-docs synced 2025-07-27 01:36:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Build Scripts: Require GPG-signed Commits

Browse source 
- Update build script

- Add authorized keys
This commit is contained in:
David A. Harding 2015-06-25 19:53:57 -04:00
parent 887b63d10e
commit 3b50ddbad2
No known key found for this signature in database
GPG key ID: 4B29C30FF29EC4B7
2 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
_build/auto-build-committers.gnupg/pubring.gpg Normal file
View file

Binary file not shown.

26
_build/update_site.sh
View file

@ -7,6 +7,7 @@ PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin
source /etc/profile.d/rvm.sh source /etc/profile.d/rvm.sh
AUTHORIZED_SIGNERS_DIR=/bitcoin.org/auto-build-committers.gnupg
REPO='https://github.com/bitcoin-dot-org/bitcoin.org.git' REPO='https://github.com/bitcoin-dot-org/bitcoin.org.git'
SITEDIR='/bitcoin.org/site' SITEDIR='/bitcoin.org/site'
DESTDIR='build@bitcoinorgsite:/var/www/site' DESTDIR='build@bitcoinorgsite:/var/www/site'
@ -39,6 +40,31 @@ fi
git reset --hard origin/master git reset --hard origin/master
git clean -x -f -d git clean -x -f -d
## Whether to auto-build or force-build
case "${1:-nil}" in
auto)
## From git-log(1):
## %G?: show "G" for a Good signature, "B" for a Bad signature, "U"
## for a good, untrusted signature and "N" for no signature
if ! GNUPGHOME=$AUTHORIZED_SIGNERS_DIR git log --format='%G?' -1 | egrep -q '^(G|U)$'
then
echo "Commit tree tip not signed by an authorized signer. Terminating build."
exit 1
fi
;;
force)
true
;;
*)
echo "$0 <auto|force>"
echo
echo "auto: only builds if the latest commit is GPG signed by an authorized key"
echo "force: builds latest commit no matter what"
;;
esac
# Copy files to temporary directory # Copy files to temporary directory
rsync -rt --delete "$SITEDIR/" "$WORKDIR/" rsync -rt --delete "$SITEDIR/" "$WORKDIR/"