ci(workflow): ⚡ update commit signing

sebastianlujan · sebastianlujan · commit ac68d2a39c37 · 2025-02-13T13:58:57.000-03:00
diff --git a/.husky/scripts/check-commit.sh b/.husky/scripts/check-commit.sh
@@ -1,8 +1,10 @@
 #!/usr/bin/env bash  
 set -euo pipefail
 
-COMMIT_MSG_FILE="${1:-}" 
-COMMIT_MSG=$(cat $COMMIT_MSG_FILE)
+COMMIT_MSG_FILE="$1"  
+COMMIT_MSG=$(cat "$COMMIT_MSG_FILE")
+TYPES="feat|fix|chore|docs|test|style|refactor|perf|build|ci|revert"
+SCOPE="\(.+\)"
 
 _validate_commit_message() {
   if [ ! -f "$COMMIT_MSG_FILE" ]; then
@@ -20,9 +22,6 @@ check_commit_convention() {
   local commit_msg_file="$1"
   _validate_commit_message "$commit_msg_file"
 
-  TYPES="feat|fix|chore|docs|test|style|refactor|perf|build|ci|revert"
-  SCOPE="\(.+\)"
-
   echo "Commit message: $COMMIT_MSG"
 
   if ! echo "$COMMIT_MSG" | grep -qE "^($TYPES)($SCOPE)?:"; then
@@ -31,4 +30,7 @@ check_commit_convention() {
     echo -e "Format should be: <type>(optional scope): <description> \n"
     exit 1
   fi
-}
+}
+
+# Main execution
+check_commit_convention "$COMMIT_MSG_FILE"
diff --git a/.husky/scripts/check-coverage.sh b/.husky/scripts/check-coverage.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash  
-# Exit on error, unset vars, and pipeline failures
+# Exit on error, unset vars, and pipeline failures, like strict mode in JS
 set -euo pipefail
 
 MIN_COVERAGE=70
diff --git a/.husky/scripts/dont-trust.sh b/.husky/scripts/dont-trust.sh
@@ -9,14 +9,35 @@ set -euo pipefail
 dont_trust() {
     echo "🔏 Verifying commit signature..."
 
+    # Check GPG signature configuration
+     if ! git config --get user.signingkey >/dev/null; then
+        echo "❌ No GPG signing key configured"
+        
+        echo "Run: git config --global user.signingkey YOUR_KEY_ID"
+        echo "1. Generate a key: gpg --full-generate-key"
+        echo "2. List keys: gpg --list-secret-keys --keyid-format LONG"
+        echo "3. Configure Git: git config --global user.signingkey YOUR_KEY_ID"
+        exit 1
+    fi
+
+    # Check if commit signing is enabled
+    if [ "$(git config --get commit.gpgsign)" != "true" ]; then
+        echo "❌ Error: Commit signing not enabled"
+        echo "Run: git config --global commit.gpgsign true"
+        exit 1
+    fi
+
+    # https://git-scm.com/docs/git-log#Documentation/git-log.txt-emGem
+    # Get detailed signing information
     VERIFY_SIGNING=$(git log -1 --pretty=%G?)
 
-    if [[ "$VERIFY_SIGNING" != 'G' && "$VERIFY_SIGNING" != 'E' ]]; then
+    if [[ "$VERIFY_SIGNING" != 'G']]; then
         echo "❌ Error: Commit is not signed"
-        echo "Please sign your commit."
+        echo "Please sign your commit with a valid GPG key."
+        echo "Run: git config --global commit.gpgsign true"
         exit 1
     fi
 
     echo "🔑 Commit signed!"
-
+    echo "✅ Valid signature from: ${SIGNER_INFO}
 }
