release-plz and it's tests hangs indefinitely if automatic signing of tags is configured

Question

release-plz and it's tests hangs indefinitely if automatic signing of tags is configured

zvolin opened this issue 6 months ago · comments

Bug description

release-plz release as well as cargo test hangs if someone has enabled automatic signing of tags.

From what I see release-plz tries to create lightweight tags. If someone has automatic signing, then git will try to create an annotated tag instead and the git_cmd will hang waiting for the tag's message. Git itself advertises lightweight tags as only to be used locally during the development and to use the annotated tags everywhere else, so it might not be bad idea to just slap there some message like: 'release {tag-name}' and have the annotated tag instead?

From git help tag:

Tag objects (created with -a, -s, or -u) are called "annotated" tags; they contain a creation date, the tagger name and e-mail, a tagging message, and an optional GnuPG signature.
Whereas a "lightweight" tag is simply a name for an object (usually a commit object).

Also adding -m implies -a so bare -m "message" would work.

Would you like to work on a fix? [y]

To Reproduce

add following to the ~.gitconfig

[user]
  ...
  signingkey = SIGNINGKEY
[tag]
  gpgSign = true

Expected behavior

The tag should be created.

Environment

OS: archlinux 6.6.10-zen
release-plz version: 0.3.39

Marco Ieni · Answer 1 · Tue Feb 06 2024 21:41:14 GMT+0800 (China Standard Time)

Hey 👋 sorry for the delay on this, but I can't reproduce it on my mac.
However, the release command has some issues for sure because it's hanging as well for me, but it's not related to the git tag I think 🤔
Are you able to reproduce it in a docker container?
Btw I don't remember why I'm using lightweight tags. We can move to the annotated ones if it's a best practice. But we need to make sure that they work in the same way in github actions.
I remember I has some issues in the past with GitHub actions tags, so if we do this change we need to test it very carefully.

Maciej Zwoliński · Answer 2 · Wed Feb 07 2024 01:39:37 GMT+0800 (China Standard Time)

so if you make a Dockerfile with this content:

FROM rust:latest

RUN git clone https://github.com/MarcoIeni/release-plz

WORKDIR /release-plz

# Generate a GPG key
RUN gpg --batch --gen-key <<EOF
Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048
Name-Real: example
Name-Email: example@example.com
Expire-Date: 0
%no-protection
EOF

# Create a .gitconfig with signing tags
RUN cat <<EOF > /root/.gitconfig
[user]
  name = example
  email = example@example.com
  signingkey = $(gpg --list-secret-keys --keyid-format=long | awk -F' +|/' '/sec/ {print $3}')
[commit]
  gpgSign = true
[tag]
  gpgSign = true
EOF

# try to run the release plz test
CMD ["cargo", "test", "-p", "git_cmd", "--", "existing_tag_is_recognized"]

You can see a reproduction:

docker buildx build . -t signing-test
docker run signing-test

running 2 tests
test tests::non_existing_tag_is_recognized ... FAILED
test tests::existing_tag_is_recognized ... FAILED

failures:

---- tests::non_existing_tag_is_recognized stdout ----
thread 'tests::non_existing_tag_is_recognized' panicked at crates/git_cmd/src/lib.rs:467:28:
called `Result::unwrap()` on an `Err` value: error while running git with args `["tag", "v1.0.0"]:
- stderr: error: Terminal is dumb, but EDITOR unset
Please supply the message using either -m or -F option.
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

---- tests::existing_tag_is_recognized stdout ----
thread 'tests::existing_tag_is_recognized' panicked at crates/git_cmd/src/lib.rs:453:27:
called `Result::unwrap()` on an `Err` value: error while running git with args `["tag", "v1.0.0"]:
- stderr: error: Terminal is dumb, but EDITOR unset
Please supply the message using either -m or -F option.


failures:
    tests::existing_tag_is_recognized
    tests::non_existing_tag_is_recognized

test result: FAILED. 0 passed; 2 failed; 0 ignored; 0 measured; 6 filtered out; finished in 0.11s

error: test failed, to rerun pass `-p git_cmd --lib`

Maciej Zwoliński · Answer 3 · Wed Feb 07 2024 01:43:22 GMT+0800 (China Standard Time)

here it doesn't hang as we're just executing the image. You can reproduce hanging by running

docker run -it --rm signing-test bash
apt update -y && apt install vim -y
EDITOR=vim cargo test -p git_cmd -- existing_tag

Maciej Zwoliński · Answer 4 · Wed Feb 07 2024 01:50:07 GMT+0800 (China Standard Time)

you can add the following before the CMD in the Dockerfile above to resolve the issue in reproduction

RUN sed -i 's/"tag", name/"tag", "-m", "anything", name/' crates/git_cmd/src/lib.rs

Maciej Zwoliński · Answer 5 · Wed Feb 07 2024 01:51:35 GMT+0800 (China Standard Time)

It's not that this is big of an issue, I just have to remember to disable the signing when working on a release-plz itself 😅 but if you agree I can open a PR with fix

Marco Ieni · Answer 6 · Wed Feb 07 2024 02:08:22 GMT+0800 (China Standard Time)

oh, I see why I wasn't able to reproduce your issue.
I only had this in my config:

[commit]
	gpgsign = true

but I missed

[tag]
	gpgsign = true

Yeah, please open the PR to fix this and I will test it 👍