Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow git to follow global tagsign config #185

Closed
wants to merge 1 commit into from

Conversation

junderw
Copy link
Contributor

@junderw junderw commented Apr 4, 2019

Current Behavior:

  • git config commit.gpgsign and tag.gpgsign are true
  • npm config not set anywhere, all defaults
  • npm version xxxx
  • commit signed, tag not signed

Expected Behavior:

  • both commit and tag signatures should either happen or not happen.

My fix:

  • both commit and tag signatures now follow git config if set.

Other possible fix:

  • both don't sign, and both must be explicitly set in npm config

-a tells git to "ignore the git config for signing tags"

that is all it does.

Default is "not signed" anyways, so why not listen to the git config? Why explicitly forbid signing when the commit option follows git config and does not explicitly forbid signing unless the npm config says so?

If there is an explicit reason for forbidding signatures, I would like to hear it.

If this is a bug than it is a simple BUGFIX.

Workaround I've been using: (TIL about the npm config option to add tag signing)

npmversion() {
  if [ -z "$1" ]; then
    echo "need to specify version type (major, minor, patch)"
    return 1
  fi
  MYNPMVER=$(npm version $1)
  git tag -d $MYNPMVER > /dev/null
  git tag -s $MYNPMVER -m "${MYNPMVER/v/}"
  echo $MYNPMVER
  git verify-tag $MYNPMVER
}

So perhaps another way to fix this is to forbid signing of git commit without explicitly naming in npm config.

I think this difference between tag and commit handling is a bug.

Thank you for your review.

-a tells git to "ignore the git config for signing tags"

that is all it does.
@junderw junderw requested a review from a team as a code owner April 4, 2019 02:18
@junderw
Copy link
Contributor Author

junderw commented Apr 4, 2019

npm config set sign-git-tag true works well... but I use git configs extensively on a repo per repo basis.

ie. this repo I want to sign tags and commits with this key, this repo I don't want to sign at all etc.

So I use git config --local key value a lot and leave it out of my command args.

I would appreciate if tag signing would do the same as commit signing and respect the git config by not explicitly disabling it.

@isaacs isaacs added semver:patch semver patch level for changes semver:minor new backwards-compatible feature and removed semver:patch semver patch level for changes labels Jun 26, 2019
@isaacs
Copy link
Contributor

isaacs commented Jun 26, 2019

This will be in 6.10

isaacs pushed a commit that referenced this pull request Jun 28, 2019
-a tells git to "ignore the git config for signing tags"

that is all it does.

Close: #185

Note: SemVer minor -- @isaacs
isaacs pushed a commit that referenced this pull request Jun 29, 2019
-a tells git to "ignore the git config for signing tags"

that is all it does.

Close: #185

Note: SemVer minor -- @isaacs
@isaacs isaacs mentioned this pull request Jul 1, 2019
@isaacs isaacs closed this in 39d473a Jul 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
semver:minor new backwards-compatible feature
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants