mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-23 13:20:23 -07:00
Only use git verify-tag
when verifying annotated tags (#26414)
* Only use `git verify-tag` when verifying annotated tags The command `git verify-tag` only applies to annotated tags. When verifying lightweight tags, which are more similar to non-moving branches, one has to use `git verify-commit` instead. Using ':' as a separator is appropriate since that is one of the characters not allowed in a Git reference name. See also https://www.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html * Improve testing of the Git module's gpg verification
This commit is contained in:
parent
779d05aec4
commit
593297d7a2
5 changed files with 248 additions and 63 deletions
|
@ -590,15 +590,17 @@ def get_branches(git_path, module, dest):
|
|||
return branches
|
||||
|
||||
|
||||
def get_tags(git_path, module, dest):
|
||||
def get_annotated_tags(git_path, module, dest):
|
||||
tags = []
|
||||
cmd = '%s tag' % (git_path,)
|
||||
cmd = [git_path, 'for-each-ref', 'refs/tags/', '--format', '%(objecttype):%(refname:short)']
|
||||
(rc, out, err) = module.run_command(cmd, cwd=dest)
|
||||
if rc != 0:
|
||||
module.fail_json(msg="Could not determine tag data - received %s" % out, stdout=out, stderr=err)
|
||||
for line in to_native(out).split('\n'):
|
||||
if line.strip():
|
||||
tags.append(line.strip())
|
||||
tagtype, tagname = line.strip().split(':')
|
||||
if tagtype == 'tag':
|
||||
tags.append(tagname)
|
||||
return tags
|
||||
|
||||
|
||||
|
@ -887,7 +889,7 @@ def switch_version(git_path, module, dest, remote, version, verify_commit, depth
|
|||
|
||||
|
||||
def verify_commit_sign(git_path, module, dest, version):
|
||||
if version in get_tags(git_path, module, dest):
|
||||
if version in get_annotated_tags(git_path, module, dest):
|
||||
git_sub = "verify-tag"
|
||||
else:
|
||||
git_sub = "verify-commit"
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue