Description

If a new branch is pushed, and the repository has a rule that would require signed commits for the new branch, the commit is rejected with a 500 error regardless of whether it's signed.

When pushing a new branch, the "old" commit is the empty ID (0000000000000000000000000000000000000000). verifyCommits has no provision for this and passes an invalid commit range to git rev-list. Prior to 1.19 this wasn't an issue because only pre-existing individual branches could be protected.

I was able to reproduce with https://try.gitea.io/CraigTest/test, which is set up with a blanket rule to require commits on all branches.

Gitea Version

1.19.3

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

https://gist.github.com/Craig-Holmquist-NTI/1267366c5beb28eb38b8c49cd3de7f5c

Screenshots

No response

Git Version

2.41.0.windows.1

Operating System

Windows 10

How are you running Gitea?

gitea-1.19.3-windows-4.0-amd64.exe binary downloaded from gitea.com, run from command line in a simple test environment

Database

SQLite