This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
dco [2017/07/17 19:40] emsearcy created |
dco [2019/12/26 18:20] (current) emsearcy fix typo, clarify |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== Background ===== | ===== Background ===== | ||
- | The DCO is a //per-commit// sign-off made by a contributor stating that they agree to the terms published at [[https://developercertificate.org/]] for that //particular// contribution. | + | The DCO is a per-commit sign-off made by a contributor stating that they agree to the terms published at [[https://developercertificate.org/]] for that //particular// contribution. |
When creating a commit with the Git CLI, a sign-off can be added with the ''%%-s%%'' option: [[https://git-scm.com/docs/git-commit#git-commit--s]]. The sign-off is stored as part of the commit message itself, as a line of the format: | When creating a commit with the Git CLI, a sign-off can be added with the ''%%-s%%'' option: [[https://git-scm.com/docs/git-commit#git-commit--s]]. The sign-off is stored as part of the commit message itself, as a line of the format: | ||
Line 11: | Line 11: | ||
</code> | </code> | ||
- | DCO sign-offs differ from contributor agreements: | + | DCO sign-offs differ from contributor agreements (CLAs): |
- | * Contributor agreements are typically made once, covering for all future contributions. | + | * While contributor agreements are usually made once and automatically cover all future contributions, DCO sign-offs must be present on every single commit, or else the contribution will not be accepted. |
* A contributor agreement may be signed by a third party, like a company, on behalf of its employees, whereas the DCO is always an attestation by the author of the contribution. | * A contributor agreement may be signed by a third party, like a company, on behalf of its employees, whereas the DCO is always an attestation by the author of the contribution. | ||
- | ===== Policy ===== | + | ===== Enabling DCO enforcement ===== |
- | All Linux Foundation projects MUST incorporate a mandatory mechanism to enforce the DCO. | + | ==== GitHub ==== |
- | In the contributing guidelines for each project (e.g. a CONTRIBUTING.md file) the project SHOULD make explicit that the DCO is required, and that commit sign-offs of the form ''Signed-off-by:'' are attestations according to [[https://developercertificate.org/]]. | + | GitHub uses status checks (similar to CI pass/fail) against new Pull Requests to ensure that contributions which fail DCO validation will not be merged into a DCO-protected branch (usually "master"). |
- | ===== Enabling DCO enforcement ===== | + | Log in as user with Owner rights to a GitHub organization. Browse to the URL [[https://github.com/apps/dco]] and hit the "Install" (or "Configure") button. Select the organization to install it to. Select "All repositories". |
+ | |||
+ | Browse to the settings for //each repository// in that organization. Choose "Branches" from the menu. If "master" does not show up under Protected Branches, select it from the "Choose a branch" drop-down. Enable "Protect this branch", "Require status checks to pass before merging" (and check the "DCO" status check if it is available). Repeat for the remaining repositories. | ||
+ | |||
+ | To complete the configuration, you should return to the master branch protection screen---on each repository---to check "DCO" after this status check has been seen by GitHub. | ||
+ | |||
+ | ==== GitLab ==== | ||
+ | |||
+ | TBD | ||
==== Gerrit ==== | ==== Gerrit ==== | ||
+ | |||
+ | Unlike GitHub, which allows a contributor to create a Pull Request but marks it as failing checks, Gerrit will not even accept a changeset unless the commit(s) in that changeset pass DCO. | ||
The project.config file must have the following configuration set, or inherited from a parent repository: | The project.config file must have the following configuration set, or inherited from a parent repository: | ||
Line 32: | Line 42: | ||
</code> | </code> | ||
- | ==== GitHub ==== | ||
- | |||
- | Log in as user with Owner rights to an organization. Browse to the URL [[https://github.com/apps/dco]] and hit the "Install" (or "Configure") button. Select the organization to install it to. Select "All repositories". | ||
- | |||
- | Browse to the settings for //each repository// in that organization. Choose "Branches" from the menu. If "master" does not show up under Protected Branches, select it from the "Choose a branch" drop-down. Enable "Protect this branch", "Require status checks to pass before merging" (and check the "DCO" status check if it is available). Repeat for the remaining repositories. | ||
- | |||
- | For full protection, you should return to the branch protection screen for the branch to check "DCO" once it has been seen by GitHub. | ||
- | |||
- | ==== GitLab ==== | ||
- | |||
- | TBD |