probot/dco probot/dco

  • Stars
    star
    219
  • Rank 181,133 (Top 4 %)
  • Language
    JavaScript
  • License
    ISC License
  • Created over 7 years ago
  • Updated about 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
probot/dco
github

probot

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

GitHub App that enforces the Developer Certificate of Origin (DCO) on Pull Requests

Probot: DCO

a GitHub Integration built with probot that enforces the Developer Certificate of Origin (DCO) on Pull Requests. It requires all commit messages to contain the Signed-off-by line with an email address that matches the commit author.

Usage

Configure the integration for your organization or repositories. Enable required status checks if you want to enforce the DCO on all commits.

See docs/deploy.md if you would like to run your own instance of this plugin.

Modes of operations

Default

By default, Probot DCO enforces the presence of valid DCO signoffs on all commits (excluding bots and merges). If a PRs contains commits that lack a valid Signed-off-by line, they are blocked until a correctly signed-off revision of the commit is pushed. This closely mirrors the upstream Linux kernel process.

Individual remediation commit support

Optionally, a project can allow individual remediation commit support, where the failing commit's author can push an additional properly signed-off commit with additional text in the commit log that indicates they apply their signoff retroactively.

To enable this, place the following configuration file in .github/dco.yml on the default branch:

allowRemediationCommits:
  individual: true

Third-party remediation support

Additionally, a project can allow third-parties to sign off on an author's behalf by pushing an additional properly signed-off commit with additional text in the commit log that indicates they sign off on behalf of the author. Third-party remediation requires individual remediation to be enabled.

To enable this, place the following configuration file in .github/dco.yml on the default branch:

allowRemediationCommits:
  individual: true
  thirdParty: true

Skipping sign-off for organization members

It is possible to disable the check for commits authored and signed by members of the organization the repository belongs to. To do this, place the following configuration file in .github/dco.yml on the default branch:

require:
  members: false

When this setting is present on a repository that belongs to a GitHub user (instead of an organization), only the repository owner is allowed to push commits without sign-off.

How it works

The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the DCO, reformatted for readability:

By making a contribution to this project, I certify that:

a. The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

b. The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

c. The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

d. I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.

This is my commit message

Signed-off-by: Random J Developer <[email protected]>

Git even has a -s command line option to append this automatically to your commit message:

$ git commit -s -m 'This is my commit message'

Once installed, this integration will create a check indicating whether or not commits in a Pull Request do not contain a valid Signed-off-by line.

DCO success DCO failure

Additionally, the DCO creates an override button accessible to only those with write access to the repository to create a successful check.

DCO button

Further Reading

If you want to learn more about the DCO and why it might be necessary, here are some good resources:

More Repositories

1

probot

🤖 A framework for building GitHub Apps to automate and improve your workflow
TypeScript
8,883
star
2

stale

A GitHub App built with Probot that closes abandoned Issues and Pull Requests after a period of inactivity.
JavaScript
1,249
star
3

smee-client

🔴 Receives payloads then sends them to your local server
TypeScript
419
star
4

smee.io

☁️📦 Webhook payload delivery service
JavaScript
324
star
5

create-probot-app

🤖📦 Create a new probot app
JavaScript
235
star
6

reminders

set reminders on Issues and Pull Requests
JavaScript
162
star
7

probot.github.io

This is the home of probot documentation, apps, how-to guides and more.
HTML
114
star
8

unfurl

a GitHub App built with Probot that unfurls links on Issues and Pull Request discussions
JavaScript
109
star
9

no-response

a GitHub App that closes issues where the author hasn't responded to a request for more information
JavaScript
107
star
10

ideas

Share ideas for new GitHub Apps built with Probot
96
star
11

adapter-aws-lambda-serverless

An extension for running Probot on Lambda
JavaScript
93
star
12

adapter-github-actions

🔌 An adapter that takes a Probot app and makes it compatible with GitHub Actions
JavaScript
83
star
13

commands

A Probot extension that adds slash commands to GitHub
JavaScript
64
star
14

probot-config

A Probot extension to easily share configs between repositories.
JavaScript
63
star
15

linter

a GitHub App that lints and fixes code in Pull Requests
JavaScript
59
star
16

metadata

A Probot extension to store metadata on Issues and Pull Requests
JavaScript
52
star
17

github-app

node module to handle authentication for the GitHub Apps API
JavaScript
51
star
18

template

Template for new Probot apps
JavaScript
50
star
19

scheduler

⚠️ Archived
JavaScript
46
star
20

autoresponder

reply to opened GitHub issues with the contents of `.github/ISSUE_REPLY_TEMPLATE.md`
JavaScript
46
star
21

octokit-plugin-config

🛠️ Get/set persisted configuration using YAML/JSON files in repositories
TypeScript
35
star
22

example-github-action

Probot & GitHub Action example
JavaScript
32
star
23

invite

a GitHub App built with Probot for inviting users to an organization
JavaScript
24
star
24

stale-action

Just like the Stale app, but for Actions!
JavaScript
18
star
25

example-vercel

Example Probot Application that is deployed to Vercel
JavaScript
18
star
26

attachments

A Probot extension to add message attachments to comments on GitHub
JavaScript
16
star
27

serverless-gcf

An extension for running Probot on Google Cloud Functions
JavaScript
14
star
28

template-typescript

TypeScript Template for new Probot apps
TypeScript
14
star
29

example-aws-lambda-serverless

Probot & AWS Lamda example using Serverless
JavaScript
13
star
30

auth-routes

🔀🔒 Helpful authentication routes for Node.js GitHub integrations
TypeScript
13
star
31

octokit-auth-probot

🛠️ Octokit authentication strategy for token, app (JWT), and event-based installation authentication
TypeScript
11
star
32

get-private-key

🛠️ Get private key from a path, environment variables, or a `*.pem` file in the current working directory
TypeScript
10
star
33

probot-ui

Browser extension to show custom events from your Probot App in the GitHub timeline
JavaScript
9
star
34

example-google-cloud-function

Probot & Google Cloud Functions example
JavaScript
8
star
35

pino

🛠️ formatting and error captioning for probot logs
JavaScript
8
star
36

friction

a place to talk about any friction experienced using Probot.
8
star
37

mistaken-pull-closer

A GitHub app built with Probot that automatically closes pull requests that are commonly mistakes.
JavaScript
8
star
38

twitter

A repository to compose tweets together for @ProbotTheRobot
6
star
39

hello-world

Probot Hello World on Glitch
JavaScript
6
star
40

adapter-azure-functions

Adapter to run a probot application function in Azure Functions
JavaScript
5
star
41

talks

A collection of conference/lightning talks and presentations about Probot
4
star
42

probot-now-starter

Template for deploying Probot Apps to now.sh
JavaScript
4
star
43

example-nitro

Use Probot with Nitro to deploy it anywhere
CSS
2
star
44

example-azure-function

Probot & Azure Functions example
JavaScript
1
star
45

.github

Org-wide settings
1
star
46

example-begin

Probot & Begin.com example
JavaScript
1
star
47

test

a playground to test probot
1
star
48

eslint-config-probot

JavaScript
1
star
49

example-aws-lambda-sam

JavaScript
1
star