From e63b693f28bf752f617bd0aa2f375db701d1600a Mon Sep 17 00:00:00 2001
From: Alexis Reigel <mail@koffeinfrei.org>
Date: Mon, 10 Jul 2017 13:19:50 +0200
Subject: [PATCH] generate gpg signature on push

---
 app/services/git_push_service.rb              |  8 +++
 app/workers/create_gpg_signature_worker.rb    | 20 ++++++
 config/sidekiq_queues.yml                     |  1 +
 spec/services/git_push_service_spec.rb        | 18 ++++++
 .../create_gpg_signature_worker_spec.rb       | 61 +++++++++++++++++++
 5 files changed, 108 insertions(+)
 create mode 100644 app/workers/create_gpg_signature_worker.rb
 create mode 100644 spec/workers/create_gpg_signature_worker_spec.rb

diff --git a/app/services/git_push_service.rb b/app/services/git_push_service.rb
index 20d1fb29289..bb7680c5054 100644
--- a/app/services/git_push_service.rb
+++ b/app/services/git_push_service.rb
@@ -56,6 +56,8 @@ class GitPushService < BaseService
     perform_housekeeping
 
     update_caches
+
+    update_signatures
   end
 
   def update_gitattributes
@@ -80,6 +82,12 @@ class GitPushService < BaseService
     ProjectCacheWorker.perform_async(@project.id, types, [:commit_count, :repository_size])
   end
 
+  def update_signatures
+    @push_commits.each do |commit|
+      CreateGpgSignatureWorker.perform_async(commit.sha, @project.id)
+    end
+  end
+
   # Schedules processing of commit messages.
   def process_commit_messages
     default = is_default_branch?
diff --git a/app/workers/create_gpg_signature_worker.rb b/app/workers/create_gpg_signature_worker.rb
new file mode 100644
index 00000000000..6fbd6e1a3f3
--- /dev/null
+++ b/app/workers/create_gpg_signature_worker.rb
@@ -0,0 +1,20 @@
+class CreateGpgSignatureWorker
+  include Sidekiq::Worker
+  include DedicatedSidekiqQueue
+
+  def perform(commit_sha, project_id)
+    project = Project.find_by(id: project_id)
+
+    unless project
+      return Rails.logger.error("CreateGpgSignatureWorker: couldn't find project with ID=#{project_id}, skipping job")
+    end
+
+    commit = project.commit(commit_sha)
+
+    unless commit
+      return Rails.logger.error("CreateGpgSignatureWorker: couldn't find commit with commit_sha=#{commit_sha}, skipping job")
+    end
+
+    commit.signature
+  end
+end
diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml
index cf0f5719683..7496bfa4fbb 100644
--- a/config/sidekiq_queues.yml
+++ b/config/sidekiq_queues.yml
@@ -30,6 +30,7 @@
   - [emails_on_push, 2]
   - [mailers, 2]
   - [invalid_gpg_signature_update, 2]
+  - [create_gpg_signature, 2]
   - [upload_checksum, 1]
   - [use_key, 1]
   - [repository_fork, 1]
diff --git a/spec/services/git_push_service_spec.rb b/spec/services/git_push_service_spec.rb
index f801506f1b6..34cd44460c6 100644
--- a/spec/services/git_push_service_spec.rb
+++ b/spec/services/git_push_service_spec.rb
@@ -681,6 +681,24 @@ describe GitPushService, services: true do
     end
   end
 
+  describe '#update_signatures' do
+    let(:service) do
+      described_class.new(
+        project,
+        user,
+        oldrev: sample_commit.parent_id,
+        newrev: sample_commit.id,
+        ref: 'refs/heads/master'
+      )
+    end
+
+    it 'calls CreateGpgSignatureWorker.perform_async for each commit' do
+      expect(CreateGpgSignatureWorker).to receive(:perform_async).with(sample_commit.id, project.id)
+
+      execute_service(project, user, @oldrev, @newrev, @ref)
+    end
+  end
+
   def execute_service(project, user, oldrev, newrev, ref)
     service = described_class.new(project, user, oldrev: oldrev, newrev: newrev, ref: ref )
     service.execute
diff --git a/spec/workers/create_gpg_signature_worker_spec.rb b/spec/workers/create_gpg_signature_worker_spec.rb
new file mode 100644
index 00000000000..a23f0d6c34a
--- /dev/null
+++ b/spec/workers/create_gpg_signature_worker_spec.rb
@@ -0,0 +1,61 @@
+require 'spec_helper'
+
+describe CreateGpgSignatureWorker do
+  context 'when GpgKey is found' do
+    it 'calls Commit#signature' do
+      commit_sha = '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33'
+      project = create :project
+      commit = instance_double(Commit)
+
+      allow(Project).to receive(:find_by).with(id: project.id).and_return(project)
+      allow(project).to receive(:commit).with(commit_sha).and_return(commit)
+
+      expect(commit).to receive(:signature)
+
+      described_class.new.perform(commit_sha, project.id)
+    end
+  end
+
+  context 'when Commit is not found' do
+    let(:nonexisting_commit_sha) { 'bogus' }
+    let(:project) { create :project }
+
+    it 'logs CreateGpgSignatureWorker process skipping' do
+      expect(Rails.logger).to receive(:error)
+        .with("CreateGpgSignatureWorker: couldn't find commit with commit_sha=bogus, skipping job")
+
+      described_class.new.perform(nonexisting_commit_sha, project.id)
+    end
+
+    it 'does not raise errors' do
+      expect { described_class.new.perform(nonexisting_commit_sha, project.id) }.not_to raise_error
+    end
+
+    it 'does not call Commit#signature' do
+      expect_any_instance_of(Commit).not_to receive(:signature)
+
+      described_class.new.perform(nonexisting_commit_sha, project.id)
+    end
+  end
+
+  context 'when Project is not found' do
+    let(:nonexisting_project_id) { -1 }
+
+    it 'logs CreateGpgSignatureWorker process skipping' do
+      expect(Rails.logger).to receive(:error)
+        .with("CreateGpgSignatureWorker: couldn't find project with ID=-1, skipping job")
+
+      described_class.new.perform(anything, nonexisting_project_id)
+    end
+
+    it 'does not raise errors' do
+      expect { described_class.new.perform(anything, nonexisting_project_id) }.not_to raise_error
+    end
+
+    it 'does not call Commit#signature' do
+      expect_any_instance_of(Commit).not_to receive(:signature)
+
+      described_class.new.perform(anything, nonexisting_project_id)
+    end
+  end
+end