Merge bitcoin/bitcoin#33888: ci: Re-enable LINT_CI_SANITY_CHECK_COMMIT_SIG

55555db055b59dd529526915dfc59e5a13e43160 doc: Add missing --platform=linux to docker build command (MarcoFalke) fa0ce4c1486bb441e6e48d0a397334cf36cc8140 ci: Re-enable LINT_CI_SANITY_CHECK_COMMIT_SIG (MarcoFalke) faa0973de2966a610e47ba4b6d6edf3c5509d52e ci: [refactor] Rename CIRRUS_PR env var to LINT_CI_IS_PR (MarcoFalke) fa1dacaebe5d326ff8736ab9a4475f8a99ce4bc3 ci: Move lint exec snippet to stand-alone py file (MarcoFalke) Pull request description: The sanity check to check the last few merge commit signatures on the main branch was accidentally and silently disabled while moving from the `cirrus-ci.com` platform to the GHA platform. So fix that by re-enabling it. Also, contains a few other lint cleanup commits. ACKs for top commit: janb84: re ACK 55555db055b59dd529526915dfc59e5a13e43160 willcl-ark: ACK 55555db055b59dd529526915dfc59e5a13e43160 Tree-SHA512: e623dc88035ee4d1c6a8efa5fad33c35cface87f54e78c7ebfe5d468d28d8d8097150344d276f90f8ed52a89e61609ce95380476ea0151b50f73ad5919233933
2026-02-01 03:01:05 +00:00 · 2025-11-20 17:29:57 +00:00 · 2025-11-20 17:29:57 +00:00 · 6b2d17b132
commit 6b2d17b132
parent ac71df4338 55555db055
4 changed files with 61 additions and 42 deletions
--- a/.github/ci-lint-exec.py
+++ b/.github/ci-lint-exec.py
@ -0,0 +1,55 @@
+#!/usr/bin/env python3
+# Copyright (c) The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or https://opensource.org/license/mit.
+
+import os
+import shlex
+import subprocess
+import sys
+import time
+
+
+def run(cmd, **kwargs):
+    print("+ " + shlex.join(cmd), flush=True)
+    kwargs.setdefault("check", True)
+    try:
+        return subprocess.run(cmd, **kwargs)
+    except Exception as e:
+        sys.exit(e)
+
+
+def main():
+    CONTAINER_NAME = os.environ["CONTAINER_NAME"]
+
+    build_cmd = [
+        "docker", "buildx", "build",
+        f"--tag={CONTAINER_NAME}",
+        *shlex.split(os.getenv("DOCKER_BUILD_CACHE_ARG", "")),
+        "--file=./ci/lint_imagefile",
+        "."
+    ]
+
+    if run(build_cmd, check=False).returncode != 0:
+        print("Retry building image tag after failure")
+        time.sleep(3)
+        run(build_cmd)
+
+    extra_env = []
+    if os.environ["GITHUB_EVENT_NAME"] == "pull_request":
+        extra_env = ["--env", "LINT_CI_IS_PR=1"]
+    if os.environ["GITHUB_EVENT_NAME"] != "pull_request" and os.environ["GITHUB_REPOSITORY"] == "bitcoin/bitcoin":
+        extra_env = ["--env", "LINT_CI_SANITY_CHECK_COMMIT_SIG=1"]
+
+    run([
+        "docker",
+        "run",
+        "--rm",
+        *extra_env,
+        f"--volume={os.getcwd()}:/bitcoin",
+        CONTAINER_NAME,
+    ])
+
+
+if __name__ == "__main__":
+    main()
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -621,40 +621,4 @@ jobs:
          cache-provider: ${{ needs.runners.outputs.provider }}

      - name: CI script
-        shell: python
-        run: |
-          import os, shlex, subprocess, sys, time
-
-          def run(cmd, **kwargs):
-              print("+ " + shlex.join(cmd), flush=True)
-              kwargs.setdefault("check", True)
-              try:
-                  return subprocess.run(cmd, **kwargs)
-              except Exception as e:
-                  sys.exit(e)
-
-          CONTAINER_NAME = os.environ["CONTAINER_NAME"]
-
-          build_cmd = [
-              "docker", "buildx", "build",
-              f"--tag={CONTAINER_NAME}",
-              *shlex.split(os.getenv("DOCKER_BUILD_CACHE_ARG", "")),
-              "--file=./ci/lint_imagefile",
-              "."
-          ]
-
-          if run(build_cmd, check=False).returncode != 0:
-              print("Retry building image tag after failure")
-              time.sleep(3)
-              run(build_cmd)
-
-          CIRRUS_PR_FLAG = []
-          if '${{ github.event_name }}' == "pull_request":
-              CIRRUS_PR_FLAG = ["-e", "CIRRUS_PR=1"]
-
-          run([
-              "docker", "run", "--rm",
-              *CIRRUS_PR_FLAG,
-              f"--volume={os.getcwd()}:/bitcoin",
-              CONTAINER_NAME,
-          ])
+        run: python .github/ci-lint-exec.py
--- a/ci/lint/06_script.sh
+++ b/ci/lint/06_script.sh
@ -6,19 +6,19 @@

 export LC_ALL=C

-set -ex
+set -o errexit -o pipefail -o xtrace

-if [ -n "$CIRRUS_PR" ]; then
+if [ -n "${LINT_CI_IS_PR}" ]; then
  export COMMIT_RANGE="HEAD~..HEAD"
  if [ "$(git rev-list -1 HEAD)" != "$(git rev-list -1 --merges HEAD)" ]; then
-    echo "Error: The top commit must be a merge commit, usually the remote 'pull/${PR_NUMBER}/merge' branch."
+    echo "Error: The top commit must be a merge commit, usually the remote 'pull/<PR_NUMBER>/merge' branch."
    false
  fi
 fi

 RUST_BACKTRACE=1 cargo run --manifest-path "./test/lint/test_runner/Cargo.toml"

-if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ "$CIRRUS_PR" = "" ] ; then
+if [ "${LINT_CI_SANITY_CHECK_COMMIT_SIG}" = "1" ] ; then
    # Sanity check only the last few commits to get notified of missing sigs,
    # missing keys, or expired keys. Usually there is only one new merge commit
    # per push on the master branch and a few commits on release branches, so
--- a/test/lint/README.md
+++ b/test/lint/README.md
@ -7,7 +7,7 @@ To run linters locally with the same versions as the CI environment, use the inc
 Dockerfile:

 ```sh
-DOCKER_BUILDKIT=1 docker build -t bitcoin-linter --file "./ci/lint_imagefile" ./ && docker run --rm -v $(pwd):/bitcoin -it bitcoin-linter
+DOCKER_BUILDKIT=1 docker build --platform=linux --tag=bitcoin-linter --file="./ci/lint_imagefile" ./ && docker run --rm -v $(pwd):/bitcoin -it bitcoin-linter
 ```

 Building the container can be done every time, because it is fast when the