Use gitRepo as parameter instead of repopath when invoking sign functions (#36162)

Co-authored-by: Giteabot <teabot@gitea.io>

services/asymkey/sign.go

@@ -169,7 +169,7 @@ Loop:
 }
 
 // SignWikiCommit determines if we should sign the commits to this repository wiki
-func SignWikiCommit(ctx context.Context, repo *repo_model.Repository, u *user_model.User) (bool, *git.SigningKey, *git.Signature, error) {
+func SignWikiCommit(ctx context.Context, repo *repo_model.Repository, gitRepo *git.Repository, u *user_model.User) (bool, *git.SigningKey, *git.Signature, error) {
 	rules := signingModeFromStrings(setting.Repository.Signing.Wiki)
 	signingKey, sig := gitrepo.GetSigningKey(ctx)
 	if signingKey == nil {
@@ -200,11 +200,6 @@ Loop:
 				return false, nil, nil, &ErrWontSign{twofa}
 			}
 		case parentSigned:
-			gitRepo, err := gitrepo.OpenRepository(ctx, repo.WikiStorageRepo())
-			if err != nil {
-				return false, nil, nil, err
-			}
-			defer gitRepo.Close()
 			commit, err := gitRepo.GetCommit("HEAD")
 			if err != nil {
 				return false, nil, nil, err
@@ -222,7 +217,7 @@ Loop:
 }
 
 // SignCRUDAction determines if we should sign a CRUD commit to this repository
-func SignCRUDAction(ctx context.Context, u *user_model.User, tmpBasePath, parentCommit string) (bool, *git.SigningKey, *git.Signature, error) {
+func SignCRUDAction(ctx context.Context, u *user_model.User, gitRepo *git.Repository, parentCommit string) (bool, *git.SigningKey, *git.Signature, error) {
 	rules := signingModeFromStrings(setting.Repository.Signing.CRUDActions)
 	signingKey, sig := git.GetSigningKey(ctx)
 	if signingKey == nil {
@@ -253,11 +248,6 @@ Loop:
 				return false, nil, nil, &ErrWontSign{twofa}
 			}
 		case parentSigned:
-			gitRepo, err := git.OpenRepository(ctx, tmpBasePath)
-			if err != nil {
-				return false, nil, nil, err
-			}
-			defer gitRepo.Close()
 			isEmpty, err := gitRepo.IsEmpty()
 			if err != nil {
 				return false, nil, nil, err
@@ -281,7 +271,7 @@ Loop:
 }
 
 // SignMerge determines if we should sign a PR merge commit to the base repository
-func SignMerge(ctx context.Context, pr *issues_model.PullRequest, u *user_model.User, tmpBasePath, baseCommit, headCommit string) (bool, *git.SigningKey, *git.Signature, error) {
+func SignMerge(ctx context.Context, pr *issues_model.PullRequest, u *user_model.User, gitRepo *git.Repository, baseCommit, headCommit string) (bool, *git.SigningKey, *git.Signature, error) {
 	if err := pr.LoadBaseRepo(ctx); err != nil {
 		log.Error("Unable to get Base Repo for pull request")
 		return false, nil, nil, err
@@ -294,9 +284,6 @@ func SignMerge(ctx context.Context, pr *issues_model.PullRequest, u *user_model.
 	}
 	rules := signingModeFromStrings(setting.Repository.Signing.Merges)
 
-	var gitRepo *git.Repository
-	var err error
-
 Loop:
 	for _, rule := range rules {
 		switch rule {
@@ -332,13 +319,6 @@ Loop:
 				return false, nil, nil, &ErrWontSign{approved}
 			}
 		case baseSigned:
-			if gitRepo == nil {
-				gitRepo, err = git.OpenRepository(ctx, tmpBasePath)
-				if err != nil {
-					return false, nil, nil, err
-				}
-				defer gitRepo.Close()
-			}
 			commit, err := gitRepo.GetCommit(baseCommit)
 			if err != nil {
 				return false, nil, nil, err
@@ -348,13 +328,6 @@ Loop:
 				return false, nil, nil, &ErrWontSign{baseSigned}
 			}
 		case headSigned:
-			if gitRepo == nil {
-				gitRepo, err = git.OpenRepository(ctx, tmpBasePath)
-				if err != nil {
-					return false, nil, nil, err
-				}
-				defer gitRepo.Close()
-			}
 			commit, err := gitRepo.GetCommit(headCommit)
 			if err != nil {
 				return false, nil, nil, err
@@ -364,13 +337,6 @@ Loop:
 				return false, nil, nil, &ErrWontSign{headSigned}
 			}
 		case commitsSigned:
-			if gitRepo == nil {
-				gitRepo, err = git.OpenRepository(ctx, tmpBasePath)
-				if err != nil {
-					return false, nil, nil, err
-				}
-				defer gitRepo.Close()
-			}
 			commit, err := gitRepo.GetCommit(headCommit)
 			if err != nil {
 				return false, nil, nil, err