🔐 Update: versioning.py um SSH-Tagging erweitert inkl Vorabprüfung sowie FallBack auf GPG

2025-07-09 19:43:33 +02:00 · 2025-07-09 19:43:33 +02:00 · d2b6648872
commit d2b6648872
parent 2a9fa1e548
1 changed files with 54 additions and 11 deletions
--- a/versioning.py
+++ b/versioning.py
@ -3,6 +3,7 @@ import subprocess
 from pathlib import Path
 from datetime import datetime
 import typer
 import os
 app = typer.Typer()
@ -32,31 +33,73 @@ def update_changelog(version: str):
    content = CHANGELOG_FILE.read_text(encoding="utf-8")
    CHANGELOG_FILE.write_text(new_entry + content, encoding="utf-8")
-def create_git_tag(version: str, signed: bool = True):
+def is_ssh_signing_available() -> bool:
-    tag_args = ["git", "tag"]
+    return Path("~/.ssh/id_ed25519").expanduser().exists()
-    if signed:
+
-        tag_args.append("-s")  # signierter Tag
+def is_gpg_available() -> bool:
    try:
        output = subprocess.check_output(["gpg", "--list-secret-keys"], stderr=subprocess.DEVNULL)
        return bool(output.strip())
    except Exception:
        return False
 def configure_signing(use_ssh: bool):
    if use_ssh:
        subprocess.run(["git", "config", "--global", "gpg.format", "ssh"], check=True)
        subprocess.run(["git", "config", "--global", "user.signingkey", "~/.ssh/id_ed25519.pub"], check=True)
    else:
-        tag_args.append("-a")  # un-signierter, annotierter Tag
+        subprocess.run(["git", "config", "--global", "gpg.format", "openpgp"], check=True)
-    tag_args += [f"v{version}", "-m", f"Release v{version}"]
+    subprocess.run(["git", "config", "--global", "commit.gpgsign", "true"], check=True)
-    subprocess.run(tag_args, check=True)
+
 def create_git_tag(version: str, sign: bool):
    if sign:
        subprocess.run(["git", "tag", "-s", f"v{version}", "-m", f"Release v{version}"], check=True)
    else:
        subprocess.run(["git", "tag", "-a", f"v{version}", "-m", f"Release v{version} (unsigned)"], check=True)
 def push_git_tag(version: str):
    subprocess.run(["git", "push"], check=True)
    subprocess.run(["git", "push", "origin", f"v{version}"], check=True)
@app.command()
-def create(level: str = "patch", push: bool = False, unsigned: bool = False):
+def create(level: str = "patch", push: bool = False, no_sign: bool = False):
    current = get_latest_version()
    new_version = bump_version(current, level)
    write_version_file(new_version)
    update_changelog(new_version)
    subprocess.run(["git", "add", "."], check=True)
-    subprocess.run(["git", "commit", "-m", f"Bump version to v{new_version}"], check=True)
+
-    create_git_tag(new_version, signed=not unsigned)
+    use_signing = False
    signing_method = "none"
    if not no_sign:
        if is_ssh_signing_available():
            configure_signing(use_ssh=True)
            use_signing = True
            signing_method = "ssh"
        elif is_gpg_available():
            configure_signing(use_ssh=False)
            use_signing = True
            signing_method = "gpg"
    commit_cmd = ["git", "commit", "-m", f"Bump version to v{new_version}"]
    if use_signing:
        commit_cmd.append("-S")
    subprocess.run(commit_cmd, check=True)
    create_git_tag(new_version, sign=use_signing)
    if push:
        push_git_tag(new_version)
-    typer.echo(f"✅ Version {new_version} erstellt und getaggt{' (unsigned)' if unsigned else ' (signed)'}.")
+
    if use_signing:
        if signing_method == "ssh":
            typer.secho(f"✅ Version {new_version} erstellt und signiert mit SSH 🔐", fg=typer.colors.GREEN)
        elif signing_method == "gpg":
            typer.secho(f"✅ Version {new_version} erstellt und signiert mit GPG 🔏", fg=typer.colors.CYAN)
    else:
        typer.secho(f"⚠️  Version {new_version} wurde ohne Signatur erstellt", fg=typer.colors.YELLOW)
 if __name__ == "__main__":
    app()