This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
dco [2017/07/17 19:40] emsearcy created |
dco [2017/07/17 22:49] emsearcy remove references to IP policies |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== Background ===== | ===== Background ===== | ||
- | The DCO is a //per-commit// sign-off made by a contributor stating that they agree to the terms published at [[https://developercertificate.org/]] for that //particular// contribution. | + | The DCO is a per-commit sign-off made by a contributor stating that they agree to the terms published at [[https://developercertificate.org/]] for that //particular// contribution. |
When creating a commit with the Git CLI, a sign-off can be added with the ''%%-s%%'' option: [[https://git-scm.com/docs/git-commit#git-commit--s]]. The sign-off is stored as part of the commit message itself, as a line of the format: | When creating a commit with the Git CLI, a sign-off can be added with the ''%%-s%%'' option: [[https://git-scm.com/docs/git-commit#git-commit--s]]. The sign-off is stored as part of the commit message itself, as a line of the format: | ||
Line 15: | Line 15: | ||
* A contributor agreement may be signed by a third party, like a company, on behalf of its employees, whereas the DCO is always an attestation by the author of the contribution. | * A contributor agreement may be signed by a third party, like a company, on behalf of its employees, whereas the DCO is always an attestation by the author of the contribution. | ||
- | ===== Policy ===== | + | ===== Enabling DCO enforcement ===== |
- | All Linux Foundation projects MUST incorporate a mandatory mechanism to enforce the DCO. | + | ==== GitHub ==== |
- | In the contributing guidelines for each project (e.g. a CONTRIBUTING.md file) the project SHOULD make explicit that the DCO is required, and that commit sign-offs of the form ''Signed-off-by:'' are attestations according to [[https://developercertificate.org/]]. | + | Log in as user with Owner rights to a GitHub organization. Browse to the URL [[https://github.com/apps/dco]] and hit the "Install" (or "Configure") button. Select the organization to install it to. Select "All repositories". |
- | ===== Enabling DCO enforcement ===== | + | Browse to the settings for //each repository// in that organization. Choose "Branches" from the menu. If "master" does not show up under Protected Branches, select it from the "Choose a branch" drop-down. Enable "Protect this branch", "Require status checks to pass before merging" (and check the "DCO" status check if it is available). Repeat for the remaining repositories. |
+ | |||
+ | To complete the configuration, you should return to the master branch protection screen---on each repository---to check "DCO" after this status check has been seen by GitHub. | ||
+ | |||
+ | ==== GitLab ==== | ||
+ | |||
+ | TBD | ||
==== Gerrit ==== | ==== Gerrit ==== | ||
Line 32: | Line 38: | ||
</code> | </code> | ||
- | ==== GitHub ==== | ||
- | |||
- | Log in as user with Owner rights to an organization. Browse to the URL [[https://github.com/apps/dco]] and hit the "Install" (or "Configure") button. Select the organization to install it to. Select "All repositories". | ||
- | |||
- | Browse to the settings for //each repository// in that organization. Choose "Branches" from the menu. If "master" does not show up under Protected Branches, select it from the "Choose a branch" drop-down. Enable "Protect this branch", "Require status checks to pass before merging" (and check the "DCO" status check if it is available). Repeat for the remaining repositories. | ||
- | |||
- | For full protection, you should return to the branch protection screen for the branch to check "DCO" once it has been seen by GitHub. | ||
- | |||
- | ==== GitLab ==== | ||
- | |||
- | TBD |