View all files | ||||
A GitHub Integration built with probot that enforces the Developer Certificate of Origin (DCO) on Pull Requests. It requires all commit messages to contain the Signed-off-by line with an email address that matches the commit author.
Configure the integration for your organization or repositories. Enable required status checks if you want to enforce the DCO on all commits.
See docs/deploy.md if you would like to run your own instance of this plugin.
By default, Probot DCO enforces the presence of valid DCO signoffs on all commits (excluding bots and merges). If a PR contains commits that lack a valid Signed-off-by line, Probot DCO blocks it until someone pushes a signed-off revision of the commit. This mirrors the upstream Linux kernel process.
A project can allow individual remediation commit support, where the failing commit's author can push a follow-up signed-off commit. Text in the commit log indicates that they apply their signoff retroactively.
To enable this, place the following configuration file in .github/dco.yml on the default branch:
A project can also allow third-parties to sign off on an author's behalf by pushing a follow-up signed-off commit. Text in the commit log indicates that they sign off on behalf of the author. Enable individual remediation before using third-party remediation.
To enable this, place the following configuration file in .github/dco.yml on the default branch:
To disable the check for commits authored and signed by members of the organization the repository belongs to, place the following configuration file in .github/dco.yml on the default branch:
When this setting is present on a repository that belongs to a GitHub user (instead of an organization), the repository owner can push commits without sign-off.
The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the DCO, reformatted for readability:
Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.
Git even has a -s command line option to append this automatically to your commit message:
Once installed, this integration will create a check indicating whether commits in a Pull Request do not contain a valid Signed-off-by line.
The DCO also creates an override button for users with write access to the repository to create a successful check.
If you want to learn more about the DCO and why it might be necessary, here are some good resources: