-
-
Notifications
You must be signed in to change notification settings - Fork 35.5k
47 lines (44 loc) · 1.85 KB
/
commit-dco.yml
File metadata and controls
47 lines (44 loc) · 1.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: DCO sign-off check
on: [pull_request]
permissions:
contents: read
jobs:
check-dco:
runs-on: ubuntu-slim
steps:
- name: Compute number of commits in the PR
id: nb-of-commits
run: |
echo "plusOne=$((${{ github.event.pull_request.commits }} + 1))" >> $GITHUB_OUTPUT
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: ${{ steps.nb-of-commits.outputs.plusOne }}
persist-credentials: false
- run: git reset HEAD^2
- name: Check commits for Signed-off-by
run: |
STATUS=0
COMMITS=$(git log --format='%H' -n ${{ github.event.pull_request.commits }})
for SHA in $COMMITS; do
MESSAGE=$(git log --format='%B' -n 1 "$SHA")
if ! echo "$MESSAGE" | grep -qP '^Signed-off-by: .+ <[^@]+@[^@]+\.[^@]+>'; then
SUBJECT=$(git log --format='%s' -n 1 "$SHA")
SIGNOFF=$(echo "$MESSAGE" | grep -P '^Signed-off-by: ' || true)
if [ -z "$SIGNOFF" ]; then
echo "::error::Commit ${SHA:0:12} is missing a 'Signed-off-by' trailer. Subject: $SUBJECT"
else
echo "::error::Commit ${SHA:0:12} has a 'Signed-off-by' trailer with an invalid email address. Subject: $SUBJECT"
fi
STATUS=1
fi
done
if [ "$STATUS" != "0" ]; then
echo
echo "All commits must contain a Signed-off-by trailer to indicate"
echo "agreement with the Developer Certificate of Origin (DCO)."
echo "Use 'git commit -s' to add it automatically."
echo
echo "Note: The Signed-off-by attestation must be made by a human author."
echo "Bots and AI agents are not permitted to sign off on commits."
exit 1
fi