Merge bitcoin/bitcoin#22744: ci: Re-enable verify-commits.py check

fa001602cd ci: Re-enable verify-commits.py check (MarcoFalke) fa880b10d6 ci: Unconditionally set the global git author name in cirrys.yml (MarcoFalke) Pull request description: Might be useful to detect bugs in the script itself or an accidentally missed signature. ACKs for top commit: josibake: ACK fa001602cd Zero-1729: tACK fa001602cd fanquake: untested ACK fa001602cd Tree-SHA512: 8a13a67d325f2477f4088d1034f0d5e4e04937a01ee3c738435fe66394c02b9f33225529952ad331b0ba19b63ca4b2f26911cb5d264890159840cf3e09085969
2026-06-02 09:15:04 +02:00 · 2021-08-31 20:45:23 +08:00
parent 7be143a960 fa001602cd
commit 19aa5afcae
2 changed files with 12 additions and 5 deletions
--- a/ci/lint/06_script.sh
+++ b/ci/lint/06_script.sh
@@ -23,10 +23,15 @@ test/lint/git-subtree-check.sh src/crc32c
 test/lint/check-doc.py
 test/lint/lint-all.sh

-if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ -n "$CIRRUS_CRON" ]; then
-    git log --merges --before="2 days ago" -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit
+if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ "$CIRRUS_PR" = "" ] ; then
+    # Sanity check only the last few commits to get notified of missing sigs,
+    # missing keys, or expired keys. Usually there is only one new merge commit
+    # per push on the master branch and a few commits on release branches, so
+    # sanity checking only a few (10) commits seems sufficient and cheap.
+    git log HEAD~10 -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit
+    git log HEAD~10 -1 --format='%H' > ./contrib/verify-commits/trusted-git-root
    ${CI_RETRY_EXE}  gpg --keyserver hkps://keys.openpgp.org --recv-keys $(<contrib/verify-commits/trusted-keys) &&
-    ./contrib/verify-commits/verify-commits.py --clean-merge=2;
+    ./contrib/verify-commits/verify-commits.py;
 fi

 echo