From 868208bfef9f6fb0730ea39c03942ea546af78bc Mon Sep 17 00:00:00 2001
From: Andrey Kuznetsov <fear@loathing.in>
Date: Tue, 19 Jan 2021 12:19:07 +0300
Subject: [PATCH] fix: configure signing for each repo (#8314)

---
 lib/util/git/index.ts            |  5 +++--
 lib/util/git/private-key.spec.ts | 17 ++++++++++++-----
 lib/util/git/private-key.ts      | 13 ++++++++++---
 3 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/lib/util/git/index.ts b/lib/util/git/index.ts
index aa4e9de0e4..4f6dd12c0c 100644
--- a/lib/util/git/index.ts
+++ b/lib/util/git/index.ts
@@ -20,7 +20,7 @@ import { logger } from '../../logger';
 import { ExternalHostError } from '../../types/errors/external-host-error';
 import { GitOptions, GitProtocol } from '../../types/git';
 import { Limit, incLimitedValue } from '../../workers/global/limits';
-import { writePrivateKey } from './private-key';
+import { configSigningKey, writePrivateKey } from './private-key';
 
 export * from './private-key';
 
@@ -580,9 +580,10 @@ export async function commitFiles({
   await syncGit();
   logger.debug(`Committing files to branch ${branchName}`);
   if (!privateKeySet) {
-    await writePrivateKey(config.localDir);
+    await writePrivateKey();
     privateKeySet = true;
   }
+  await configSigningKey(config.localDir);
   try {
     await git.reset(ResetMode.HARD);
     await git.raw(['clean', '-fd']);
diff --git a/lib/util/git/private-key.spec.ts b/lib/util/git/private-key.spec.ts
index 61a9a32b03..ca3e61f77f 100644
--- a/lib/util/git/private-key.spec.ts
+++ b/lib/util/git/private-key.spec.ts
@@ -1,6 +1,10 @@
 import { getName, mocked } from '../../../test/util';
 import * as exec_ from '../exec';
-import { setPrivateKey, writePrivateKey } from './private-key';
+import {
+  configSigningKey,
+  setPrivateKey,
+  writePrivateKey,
+} from './private-key';
 
 jest.mock('fs-extra');
 jest.mock('../exec');
@@ -10,7 +14,8 @@ const exec = mocked(exec_);
 describe(getName(__filename), () => {
   describe('writePrivateKey()', () => {
     it('returns if no private key', async () => {
-      await expect(writePrivateKey('/tmp/some-repo')).resolves.not.toThrow();
+      await expect(writePrivateKey()).resolves.not.toThrow();
+      await expect(configSigningKey('/tmp/some-repo')).resolves.not.toThrow();
     });
     it('throws error if failing', async () => {
       setPrivateKey('some-key');
@@ -18,7 +23,7 @@ describe(getName(__filename), () => {
         stderr: `something wrong`,
         stdout: '',
       });
-      await expect(writePrivateKey('/tmp/some-repo')).rejects.toThrow();
+      await expect(writePrivateKey()).rejects.toThrow();
     });
     it('imports the private key', async () => {
       setPrivateKey('some-key');
@@ -26,10 +31,12 @@ describe(getName(__filename), () => {
         stderr: `gpg: key BADC0FFEE: secret key imported\nfoo\n`,
         stdout: '',
       });
-      await expect(writePrivateKey('/tmp/some-repo')).resolves.not.toThrow();
+      await expect(writePrivateKey()).resolves.not.toThrow();
+      await expect(configSigningKey('/tmp/some-repo')).resolves.not.toThrow();
     });
     it('does not import the key again', async () => {
-      await expect(writePrivateKey('/tmp/some-repo')).resolves.not.toThrow();
+      await expect(writePrivateKey()).resolves.not.toThrow();
+      await expect(configSigningKey('/tmp/some-repo')).resolves.not.toThrow();
     });
   });
 });
diff --git a/lib/util/git/private-key.ts b/lib/util/git/private-key.ts
index a0e927bbe1..1b5a911b84 100644
--- a/lib/util/git/private-key.ts
+++ b/lib/util/git/private-key.ts
@@ -29,17 +29,24 @@ async function importKey(): Promise<void> {
   await fs.remove(keyFileName);
 }
 
-export async function writePrivateKey(cwd: string): Promise<void> {
+export async function writePrivateKey(): Promise<void> {
   if (!gitPrivateKey) {
     return;
   }
   logger.debug('Setting git private key');
   try {
     await importKey();
-    await exec(`git config user.signingkey ${keyId}`, { cwd });
-    await exec(`git config commit.gpgsign true`, { cwd });
   } catch (err) {
     logger.warn({ err }, 'Error writing git private key');
     throw new Error(PLATFORM_GPG_FAILED);
   }
 }
+
+export async function configSigningKey(cwd: string): Promise<void> {
+  if (!gitPrivateKey) {
+    return;
+  }
+  logger.debug('Configuring commits signing');
+  await exec(`git config user.signingkey ${keyId}`, { cwd });
+  await exec(`git config commit.gpgsign true`, { cwd });
+}
-- 
GitLab