The DCO is a per-commit sign-off made by a contributor stating that they agree to the terms published at https://developercertificate.org/ for that particular contribution.
When creating a commit with the Git CLI, a sign-off can be added with the
-s option: https://git-scm.com/docs/git-commit#git-commit--s. The sign-off is stored as part of the commit message itself, as a line of the format:
Signed-off-by: Full Name <email>
DCO sign-offs differ from contributor agreements:
Log in as user with Owner rights to a GitHub organization. Browse to the URL https://github.com/apps/dco and hit the “Install” (or “Configure”) button. Select the organization to install it to. Select “All repositories”.
Browse to the settings for each repository in that organization. Choose “Branches” from the menu. If “master” does not show up under Protected Branches, select it from the “Choose a branch” drop-down. Enable “Protect this branch”, “Require status checks to pass before merging” (and check the “DCO” status check if it is available). Repeat for the remaining repositories.
To complete the configuration, you should return to the master branch protection screen—on each repository—to check “DCO” after this status check has been seen by GitHub.
The project.config file must have the following configuration set, or inherited from a parent repository:
[receive] requireSignedOffBy = true