feat(amend): support GPG-signing

tommyip · tommyip · commit 7e55067ab632 · 2023-06-14T20:18:14.000+01:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/git-branchless-lib/Cargo.toml b/git-branchless-lib/Cargo.toml
@@ -57,6 +57,7 @@ eyre = "0.6.8"
 futures = "0.3.28"
 git-record = { version = "0.3", path = "../git-record" }
 git2 = { version = "0.17.2", default-features = false }
+git2-ext = "0.6.0"
 indicatif = { version = "0.17.5", features = ["improved_unicode"] }
 itertools = "0.10.3"
 lazy_static = "1.4.0"
diff --git a/git-branchless-lib/src/core/rewrite/execute.rs b/git-branchless-lib/src/core/rewrite/execute.rs
@@ -628,12 +628,12 @@ mod in_memory {
                     };
                     let rebased_commit_oid = repo
                         .create_commit(
-                            None,
                             &commit_to_apply.get_author(),
                             &committer_signature,
                             commit_message,
                             &commit_tree,
                             vec![&current_commit],
+                            None,
                         )
                         .wrap_err("Applying rebased commit")?;
 
@@ -748,12 +748,12 @@ mod in_memory {
                     };
                     let rebased_commit_oid = repo
                         .create_commit(
-                            None,
                             &replacement_commit.get_author(),
                             &committer_signature,
                             replacement_commit_message,
                             &replacement_tree,
                             parents.iter().collect(),
+                            None,
                         )
                         .wrap_err("Applying rebased commit")?;
 
diff --git a/git-branchless-lib/src/git/mod.rs b/git-branchless-lib/src/git/mod.rs
@@ -8,6 +8,7 @@ mod oid;
 mod reference;
 mod repo;
 mod run;
+mod sign;
 mod snapshot;
 mod status;
 mod test;
@@ -27,6 +28,7 @@ pub use repo::{
     Time,
 };
 pub use run::{GitRunInfo, GitRunOpts, GitRunResult};
+pub use sign::get_signer;
 pub use snapshot::{WorkingCopyChangesType, WorkingCopySnapshot};
 pub use status::{FileMode, FileStatus, StatusEntry};
 pub use test::{
diff --git a/git-branchless-lib/src/git/repo.rs b/git-branchless-lib/src/git/repo.rs
@@ -24,6 +24,7 @@ use chrono::NaiveDateTime;
 use cursive::theme::BaseColor;
 use cursive::utils::markup::StyledString;
 use git2::DiffOptions;
+use git2_ext::ops::Sign;
 use itertools::Itertools;
 use thiserror::Error;
 use tracing::{instrument, warn};
@@ -1152,31 +1153,81 @@ impl Repo {
     }
 
     /// Create a new commit.
-    #[instrument]
+    #[instrument(skip(signer))]
     pub fn create_commit(
         &self,
-        update_ref: Option<&str>,
         author: &Signature,
         committer: &Signature,
         message: &str,
         tree: &Tree,
         parents: Vec<&Commit>,
+        signer: Option<&dyn Sign>,
     ) -> Result<NonZeroOid> {
         let parents = parents
             .iter()
             .map(|commit| &commit.inner)
             .collect::<Vec<_>>();
-        let oid = self
-            .inner
-            .commit(
-                update_ref,
-                &author.inner,
-                &committer.inner,
-                message,
-                &tree.inner,
-                parents.as_slice(),
-            )
-            .map_err(Error::CreateCommit)?;
+        let oid = git2_ext::ops::commit(
+            &self.inner,
+            &author.inner,
+            &committer.inner,
+            message,
+            &tree.inner,
+            parents.as_slice(),
+            signer,
+        )
+        .map_err(Error::CreateCommit)?;
+        Ok(make_non_zero_oid(oid))
+    }
+
+    /// Amend a commit with all non-`None` values
+    #[instrument(skip(signer))]
+    pub fn amend_commit(
+        &self,
+        commit_to_amend: &Commit,
+        author: Option<&Signature>,
+        committer: Option<&Signature>,
+        message: Option<&str>,
+        tree: Option<&Tree>,
+        signer: Option<&dyn Sign>,
+    ) -> Result<NonZeroOid> {
+        macro_rules! owning_unwrap_or {
+            ($name:ident, $value_source:expr) => {
+                let owned_value;
+                let $name = if let Some(value) = $name {
+                    value
+                } else {
+                    owned_value = $value_source;
+                    &owned_value
+                };
+            };
+        }
+        owning_unwrap_or!(author, commit_to_amend.get_author());
+        owning_unwrap_or!(committer, commit_to_amend.get_committer());
+        owning_unwrap_or!(
+            message,
+            commit_to_amend
+                .inner
+                .message_raw()
+                .ok_or(Error::DecodeUtf8 {
+                    item: "raw message",
+                })?
+        );
+        owning_unwrap_or!(tree, commit_to_amend.get_tree()?);
+
+        let parents = commit_to_amend.get_parents();
+        let parents = parents.iter().map(|parent| &parent.inner).collect_vec();
+
+        let oid = git2_ext::ops::commit(
+            &self.inner,
+            &author.inner,
+            &committer.inner,
+            message,
+            &tree.inner,
+            parents.as_slice(),
+            signer,
+        )
+        .map_err(Error::Amend)?;
         Ok(make_non_zero_oid(oid))
     }
 
@@ -1365,12 +1416,12 @@ impl Repo {
             vec![]
         };
         let dehydrated_commit_oid = self.create_commit(
-            None,
             &signature,
             &signature,
             &message,
             &dehydrated_tree,
             parents.iter().collect_vec(),
+            None,
         )?;
         let dehydrated_commit = self.find_commit_or_fail(dehydrated_commit_oid)?;
         Ok(dehydrated_commit)
diff --git a/git-branchless-lib/src/git/sign.rs b/git-branchless-lib/src/git/sign.rs
@@ -0,0 +1,65 @@
+use tracing::instrument;
+
+use super::{repo::Result, Repo, RepoError};
+
+/// Get commit signer configured from CLI arguments and repository configurations.
+#[instrument]
+pub fn get_signer(
+    repo: &Repo,
+    gpg_sign: &Option<String>,
+    no_gpg_sign: bool,
+) -> Result<Option<Box<dyn git2_ext::ops::Sign>>> {
+    if no_gpg_sign {
+        return Ok(None);
+    }
+    let config = repo.inner.config().map_err(RepoError::ReadConfig)?;
+    let sign_config = config.get_bool("commit.gpgsign").ok();
+    let signer = match (sign_config, gpg_sign.as_deref()) {
+        (Some(false) | None, None) => return Ok(None),
+        (_, Some("") | None) => {
+            let signer = git2_ext::ops::UserSign::from_config(&repo.inner, &config)
+                .map_err(RepoError::ReadConfig)?;
+            Box::new(signer) as Box<dyn git2_ext::ops::Sign>
+        }
+        (_, Some(keyid)) => {
+            let format = config
+                .get_string("gpg.format")
+                .unwrap_or_else(|_| "openpgp".to_owned());
+            match format.as_str() {
+                "openpgp" => {
+                    let program = config
+                        .get_string("gpg.openpgp.program")
+                        .or_else(|_| config.get_string("gpg.program"))
+                        .unwrap_or_else(|_| "gpg".to_owned());
+
+                    Box::new(git2_ext::ops::GpgSign::new(program, keyid.to_string()))
+                        as Box<dyn git2_ext::ops::Sign>
+                }
+                "x509" => {
+                    let program = config
+                        .get_string("gpg.x509.program")
+                        .unwrap_or_else(|_| "gpgsm".to_owned());
+
+                    Box::new(git2_ext::ops::GpgSign::new(program, keyid.to_string()))
+                        as Box<dyn git2_ext::ops::Sign>
+                }
+                "ssh" => {
+                    let program = config
+                        .get_string("gpg.ssh.program")
+                        .unwrap_or_else(|_| "ssh-keygen".to_owned());
+
+                    Box::new(git2_ext::ops::SshSign::new(program, keyid.to_string()))
+                        as Box<dyn git2_ext::ops::Sign>
+                }
+                format => {
+                    return Err(RepoError::ReadConfig(git2::Error::new(
+                        git2::ErrorCode::Invalid,
+                        git2::ErrorClass::Config,
+                        format!("invalid value for gpg.format: {}", format),
+                    )))
+                }
+            }
+        }
+    };
+    Ok(Some(signer))
+}
diff --git a/git-branchless-lib/src/git/snapshot.rs b/git-branchless-lib/src/git/snapshot.rs
@@ -213,7 +213,7 @@ branchless: automated working copy snapshot
             parents
         };
         let commit_oid =
-            repo.create_commit(None, &signature, &signature, &message, &tree, parents)?;
+            repo.create_commit(&signature, &signature, &message, &tree, parents, None)?;
 
         Ok(WorkingCopySnapshot {
             base_commit: repo.find_commit_or_fail(commit_oid)?,
@@ -365,12 +365,12 @@ branchless: automated working copy snapshot
             }
         );
         let commit = repo.create_commit(
-            None,
             &signature,
             &signature,
             &message,
             &tree_unstaged,
             Vec::from_iter(head_commit),
+            None,
         )?;
         Ok(commit)
     }
@@ -452,7 +452,6 @@ branchless: automated working copy snapshot
             }
         );
         let commit_oid = repo.create_commit(
-            None,
             &signature,
             &signature,
             &message,
@@ -461,6 +460,7 @@ branchless: automated working copy snapshot
                 Some(parent_commit) => vec![parent_commit],
                 None => vec![],
             },
+            None,
         )?;
         Ok(commit_oid)
     }
diff --git a/git-branchless-opts/src/lib.rs b/git-branchless-opts/src/lib.rs
@@ -178,6 +178,26 @@ pub struct SwitchOptions {
     pub target: Option<String>,
 }
 
+/// Options for signing commits
+#[derive(Args, Debug)]
+pub struct SignOptions {
+    /// GPG-sign commits. The `keyid` argument is optional and defaults to the committer
+    /// identity.
+    #[clap(
+        short = 'S',
+        long = "gpg-sign",
+        value_name = "keyid",
+        conflicts_with = "no_gpg_sign",
+        num_args(0..=1),
+        default_missing_value(""),
+    )]
+    pub gpg_sign: Option<String>,
+
+    /// Countermand `commit.gpgSign` configuration variable.
+    #[clap(long = "no-gpg-sign", conflicts_with = "gpg_sign")]
+    pub no_gpg_sign: bool,
+}
+
 /// Internal use.
 #[derive(Debug, Parser)]
 pub enum HookSubcommand {
@@ -420,6 +440,10 @@ pub enum Command {
         /// formatting or refactoring changes.
         #[clap(long)]
         reparent: bool,
+
+        /// Options for signing commits.
+        #[clap(flatten)]
+        sign_options: SignOptions,
     },
 
     /// Gather information about recent operations to upload as part of a bug
diff --git a/git-branchless-test/src/lib.rs b/git-branchless-test/src/lib.rs
@@ -1969,12 +1969,12 @@ fn apply_fixes(
                 .try_collect()?;
             let fixed_tree = repo.find_tree_or_fail(fixed_tree_oid)?;
             let fixed_commit_oid = repo.create_commit(
-                None,
                 &original_commit.get_author(),
                 &original_commit.get_committer(),
                 commit_message,
                 &fixed_tree,
                 parents.iter().collect(),
+                None,
             )?;
             if original_commit_oid == fixed_commit_oid {
                 continue;
diff --git a/git-branchless/Cargo.toml b/git-branchless/Cargo.toml
@@ -40,6 +40,7 @@ git-branchless-submit = { version = "0.7.0", path = "../git-branchless-submit" }
 git-branchless-test = { version = "0.7.0", path = "../git-branchless-test" }
 git-branchless-undo = { version = "0.7.0", path = "../git-branchless-undo" }
 git-record = { version = "0.3", path = "../git-record" }
+git2-ext = "0.6.0"
 itertools = "0.10.5"
 lazy_static = "1.4.0"
 lib = { package = "git-branchless-lib", version = "0.7.0", path = "../git-branchless-lib" }
diff --git a/git-branchless/src/commands/amend.rs b/git-branchless/src/commands/amend.rs
diff --git a/git-branchless/src/commands/mod.rs b/git-branchless/src/commands/mod.rs
