File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : DCO sign-off check
2+
3+ on : [pull_request]
4+
5+ permissions :
6+ contents : read
7+
8+ jobs :
9+ check-dco :
10+ runs-on : ubuntu-slim
11+ steps :
12+ - name : Compute number of commits in the PR
13+ id : nb-of-commits
14+ run : |
15+ echo "plusOne=$((${{ github.event.pull_request.commits }} + 1))" >> $GITHUB_OUTPUT
16+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17+ with :
18+ fetch-depth : ${{ steps.nb-of-commits.outputs.plusOne }}
19+ persist-credentials : false
20+ - run : git reset HEAD^2
21+ - name : Check commits for Signed-off-by
22+ run : |
23+ STATUS=0
24+ COMMITS=$(git log --format='%H' -n ${{ github.event.pull_request.commits }})
25+ for SHA in $COMMITS; do
26+ MESSAGE=$(git log --format='%B' -n 1 "$SHA")
27+ if ! echo "$MESSAGE" | grep -qP '^Signed-off-by: .+ <[^@]+@[^@]+\.[^@]+>'; then
28+ SUBJECT=$(git log --format='%s' -n 1 "$SHA")
29+ SIGNOFF=$(echo "$MESSAGE" | grep -P '^Signed-off-by: ' || true)
30+ if [ -z "$SIGNOFF" ]; then
31+ echo "::error::Commit ${SHA:0:12} is missing a 'Signed-off-by' trailer. Subject: $SUBJECT"
32+ else
33+ echo "::error::Commit ${SHA:0:12} has a 'Signed-off-by' trailer with an invalid email address. Subject: $SUBJECT"
34+ fi
35+ STATUS=1
36+ fi
37+ done
38+ if [ "$STATUS" != "0" ]; then
39+ echo
40+ echo "All commits must contain a Signed-off-by trailer to indicate"
41+ echo "agreement with the Developer Certificate of Origin (DCO)."
42+ echo "Use 'git commit -s' to add it automatically."
43+ echo
44+ echo "Note: The Signed-off-by attestation must be made by a human author."
45+ echo "Bots and AI agents are not permitted to sign off on commits."
46+ exit 1
47+ fi
You can’t perform that action at this time.
0 commit comments