signed-off-checker.php 2.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-License-Identifier: AGPL-3.0-or-later
  5. */
  6. /**
  7. * Script to verify that all commits have been signed-off, if a commit doesn't end
  8. * with a signed-off message the script is failing.
  9. */
  10. $baseDir = __DIR__ . '/../';
  11. $pullRequestNumber = getenv('DRONE_PULL_REQUEST');
  12. $repoOwner = getenv('DRONE_REPO_OWNER');
  13. $repoName = getenv('DRONE_REPO_NAME');
  14. $droneEvent = getenv('DRONE_BUILD_EVENT');
  15. $githubToken = getenv('GITHUB_TOKEN');
  16. if (is_string($droneEvent) && $droneEvent === 'push') {
  17. echo("Push event - no signed-off check required.\n");
  18. exit(0);
  19. }
  20. if (!is_string($pullRequestNumber) || $pullRequestNumber === '') {
  21. echo("The environment variable DRONE_PULL_REQUEST has no proper value.\n");
  22. exit(1);
  23. }
  24. if (!is_string($repoOwner) || $repoOwner === '') {
  25. echo("The environment variable DRONE_REPO_OWNER has no proper value.\n");
  26. exit(1);
  27. }
  28. if (!is_string($repoName) || $repoName === '') {
  29. echo("The environment variable DRONE_REPO_NAME has no proper value.\n");
  30. exit(1);
  31. }
  32. if (!is_string($githubToken) || $githubToken === '') {
  33. echo("The environment variable GITHUB_TOKEN has no proper value.\n");
  34. exit(1);
  35. }
  36. $ch = curl_init();
  37. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  38. curl_setopt($ch, CURLOPT_URL, 'https://api.github.com/repos/' . $repoOwner . '/' . $repoName . '/pulls/' . $pullRequestNumber . '/commits');
  39. curl_setopt($ch, CURLOPT_USERAGENT, 'CI for Nextcloud (https://github.com/nextcloud/server)');
  40. curl_setopt($ch, CURLOPT_HTTPHEADER, ['Authorization: token ' . $githubToken]);
  41. $response = curl_exec($ch);
  42. curl_close($ch);
  43. $decodedResponse = json_decode($response, true);
  44. if (!is_array($decodedResponse) || count($decodedResponse) === 0) {
  45. echo("Could not decode JSON response from GitHub API.\n");
  46. exit(1);
  47. }
  48. // Get all commits SHAs
  49. $commits = [];
  50. foreach ($decodedResponse as $commit) {
  51. if (!isset($commit['sha'])) {
  52. echo("No SHA specified in $commit\n");
  53. exit(1);
  54. }
  55. if (!isset($commit['commit']['message'])) {
  56. echo("No commit message specified in $commit\n");
  57. exit(1);
  58. }
  59. $commits[$commit['sha']] = $commit['commit']['message'];
  60. }
  61. if (count($commits) < 1) {
  62. echo("Could not read commits.\n");
  63. exit(1);
  64. }
  65. $notSignedCommits = [];
  66. foreach ($commits as $commit => $message) {
  67. if ($commit === '') {
  68. continue;
  69. }
  70. $signOffMessage = false;
  71. $commitMessageLines = explode("\n", $message);
  72. foreach ($commitMessageLines as $line) {
  73. if (preg_match('/^Signed-off-by: .* <.*@.*>$/', $line)) {
  74. echo "$commit is signed-off with \"$line\"\n";
  75. $signOffMessage = true;
  76. continue;
  77. }
  78. }
  79. if ($signOffMessage === true) {
  80. continue;
  81. }
  82. $notSignedCommits[] = $commit;
  83. }
  84. if ($notSignedCommits !== []) {
  85. echo("\n");
  86. echo("Some commits were not signed off!\n");
  87. echo("Missing signatures on:\n");
  88. foreach ($notSignedCommits as $commit) {
  89. echo("- " . $commit . "\n");
  90. }
  91. echo("Build has failed\n");
  92. exit(1);
  93. } else {
  94. exit(0);
  95. }