signed-off-checker.php 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
  4. *
  5. * @author Lukas Reschke <lukas@statuscode.ch>
  6. *
  7. * @license GNU AGPL version 3 or any later version
  8. *
  9. * This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License as
  11. * published by the Free Software Foundation, either version 3 of the
  12. * License, or (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. */
  23. /**
  24. * Script to verify that all commits have been signed-off, if a commit doesn't end
  25. * with a signed-off message the script is failing.
  26. */
  27. $baseDir = __DIR__ . '/../';
  28. $pullRequestNumber = getenv('DRONE_PULL_REQUEST');
  29. $repoOwner = getenv('DRONE_REPO_OWNER');
  30. $repoName = getenv('DRONE_REPO_NAME');
  31. $droneEvent = getenv('DRONE_BUILD_EVENT');
  32. $githubToken = getenv('GITHUB_TOKEN');
  33. if(is_string($droneEvent) && $droneEvent === 'push') {
  34. echo("Push event - no signed-off check required.\n");
  35. exit(0);
  36. }
  37. if(!is_string($pullRequestNumber) || $pullRequestNumber === '') {
  38. echo("The environment variable DRONE_PULL_REQUEST has no proper value.\n");
  39. exit(1);
  40. }
  41. if(!is_string($repoOwner) || $repoOwner === '') {
  42. echo("The environment variable DRONE_REPO_OWNER has no proper value.\n");
  43. exit(1);
  44. }
  45. if(!is_string($repoName) || $repoName === '') {
  46. echo("The environment variable DRONE_REPO_NAME has no proper value.\n");
  47. exit(1);
  48. }
  49. if(!is_string($githubToken) || $githubToken === '') {
  50. echo("The environment variable GITHUB_TOKEN has no proper value.\n");
  51. exit(1);
  52. }
  53. $ch = curl_init();
  54. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  55. curl_setopt($ch, CURLOPT_URL, 'https://api.github.com/repos/' . $repoOwner . '/' . $repoName . '/pulls/' . $pullRequestNumber . '/commits');
  56. curl_setopt($ch, CURLOPT_USERAGENT, 'CI for Nextcloud (https://github.com/nextcloud/server)');
  57. curl_setopt($ch, CURLOPT_HTTPHEADER, ['Authorization: token ' . $githubToken]);
  58. $response = curl_exec($ch);
  59. curl_close($ch);
  60. $decodedResponse = json_decode($response, true);
  61. if(!is_array($decodedResponse) || count($decodedResponse) === 0) {
  62. echo("Could not decode JSON response from GitHub API.\n");
  63. exit(1);
  64. }
  65. // Get all commits SHAs
  66. $commits = [];
  67. foreach($decodedResponse as $commit) {
  68. if(!isset($commit['sha'])) {
  69. echo("No SHA specified in $commit\n");
  70. exit(1);
  71. }
  72. if(!isset($commit['commit']['message'])) {
  73. echo("No commit message specified in $commit\n");
  74. exit(1);
  75. }
  76. $commits[$commit['sha']] = $commit['commit']['message'];
  77. }
  78. if(count($commits) < 1) {
  79. echo("Could not read commits.\n");
  80. exit(1);
  81. }
  82. $notSignedCommits = [];
  83. foreach($commits as $commit => $message) {
  84. if($commit === '') {
  85. continue;
  86. }
  87. $signOffMessage = false;
  88. $commitMessageLines = explode("\n", $message);
  89. foreach($commitMessageLines as $line) {
  90. if(preg_match('/^Signed-off-by: .* <.*@.*>$/', $line)) {
  91. echo "$commit is signed-off with \"$line\"\n";
  92. $signOffMessage = true;
  93. continue;
  94. }
  95. }
  96. if($signOffMessage === true) {
  97. continue;
  98. }
  99. $notSignedCommits[] = $commit;
  100. }
  101. if($notSignedCommits !== []) {
  102. echo("\n");
  103. echo("Some commits were not signed off!\n");
  104. echo("Missing signatures on:\n");
  105. foreach ($notSignedCommits as $commit) {
  106. echo("- " . $commit . "\n");
  107. }
  108. echo("Build has failed\n");
  109. exit(1);
  110. } else {
  111. exit(0);
  112. }