Skip to content

feat(gerrit): enable push signing when gitPrivateKey is set#44228

Open
felipecrs wants to merge 3 commits into
renovatebot:mainfrom
felipecrs:git-push-sign
Open

feat(gerrit): enable push signing when gitPrivateKey is set#44228
felipecrs wants to merge 3 commits into
renovatebot:mainfrom
felipecrs:git-push-sign

Conversation

@felipecrs

@felipecrs felipecrs commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Changes

Amongst the platforms supported by Renovate, Gerrit is the only one that supports git push signing.

In fact, Gerrit does not support commit signing. It only supports push signing. It is harmless to sign Gerrit commits though, as Gerrit won't reject them. It's still useful in case some additional repository browser is used, like GerritHub which replicates the commits back to GitHub.

This PR enables push signing for Gerrit whenever gitPrivateKey is set. Push signing is enabled as if-asked, which means that git will only sign the push if the remote signals support for it.

I decided not to add a new config option because no one else beside Gerrit users would be able to use it anyway, and also we already have too many config options.

Because of if-asked, it would have been safe to enable it for all platforms, but I decided not to do it because the git push command issues a warning when the remote does not support it. That would be confusing for users of other platforms.

The implementation is done so that it can be easily extended to other platforms in the future, if the other platforms ever add support for it.

Context

Please select one of the following:

  • This closes an existing Issue, Closes: #
  • This doesn't close an Issue, but I accept the risk that this PR may be closed if maintainers disagree with its opening or implementation

AI assistance disclosure

Did you use AI tools to create any part of this pull request?

Please select one option and, if yes, briefly describe how AI was used (e.g., code, tests, docs) and which tool(s) you used.

  • No — I did not use AI for this contribution.
  • Yes — minimal assistance (e.g., IDE autocomplete, small code completions, grammar fixes).
  • Yes — substantive assistance (AI-generated non‑trivial portions of code, tests, or documentation).
  • Yes — other (please describe):

Claude Opus 4.6 was used to generate the initial changes.

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests, but ran on a real repository, or
  • Both unit tests + ran on a real repository

Gerrit Hub does not have push signing enabled. This was tested on an internal Gerrit instance.

@felipecrs felipecrs marked this pull request as ready for review June 25, 2026 14:04
@github-actions github-actions Bot requested a review from viceice June 25, 2026 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@viceice viceice Awaiting requested review from viceice

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@felipecrs