feature(ci): run keyring integrity check if keyring or code changes

.gitlab-ci.yml

@@ -53,3 +53,21 @@ build_install:
     - pacman-key --populate archlinux
     - pacman-key --updatedb
     - pacman -Syu
+
+keyring_check:
+  stage: test
+  needs: []
+  before_script:
+    - pacman -Syu --needed --noconfirm make python sequoia-sq
+  script:
+    - ./keyringctl import --main master master-revoked
+    - ./keyringctl import packager packager-revoked
+    - ./keyringctl check
+  only:
+    changes:
+      - keyring
+      - keyringctl
+      - libkeyringctl/*
+      - tests/*
+      - .gitlab-ci.yml
+      - Makefile

CONTRIBUTING.md

@@ -56,3 +56,8 @@ To execute all tests using pytest
 ```bash
 make test
 ```
+
+To run keyring integrity and consistency checks
+```bash
+make check
+```

Makefile

@@ -14,6 +14,9 @@ fmt:
 	black .
 	isort .
 
+check:
+	./keyringctl -v check
+
 test:
 	coverage run
 	coverage report

libkeyringctl/cli.py

@@ -115,6 +115,11 @@ verify_parser.add_argument(
 )
 verify_parser.set_defaults(lint_hokey=True, lint_sq_keyring=True)
 
+check_parser = subcommands.add_parser(
+    "check",
+    help="Run keyring integrity and consistency checks",
+)
+
 ci_parser = subcommands.add_parser(
     "ci",
     help="ci command to verify certain aspects and expectations in pipelines",
@@ -199,6 +204,14 @@ def main() -> None:  # noqa: ignore=C901
                 )
             elif "ci" == args.subcommand:
                 ci(working_dir=working_dir, keyring_root=keyring_root, project_root=project_root)
+            elif "check" == args.subcommand:
+                verify(
+                    working_dir=working_dir,
+                    keyring_root=keyring_root,
+                    sources=[keyring_root],
+                    lint_hokey=False,
+                    lint_sq_keyring=False,
+                )
             else:
                 parser.print_help()