dco
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
dco [2017/07/17 19:40] emsearcy created |
dco [2019/12/26 18:20] (current) emsearcy fix typo, clarify |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Background ===== | ===== Background ===== | ||
| - | The DCO is a //per-commit// sign-off made by a contributor stating that they agree to the terms published at [[https://developercertificate.org/]] for that //particular// contribution. | + | The DCO is a per-commit sign-off made by a contributor stating that they agree to the terms published at [[https://developercertificate.org/]] for that //particular// contribution. |
| When creating a commit with the Git CLI, a sign-off can be added with the ''%%-s%%'' option: [[https://git-scm.com/docs/git-commit#git-commit--s]]. The sign-off is stored as part of the commit message itself, as a line of the format: | When creating a commit with the Git CLI, a sign-off can be added with the ''%%-s%%'' option: [[https://git-scm.com/docs/git-commit#git-commit--s]]. The sign-off is stored as part of the commit message itself, as a line of the format: | ||
| Line 11: | Line 11: | ||
| </code> | </code> | ||
| - | DCO sign-offs differ from contributor agreements: | + | DCO sign-offs differ from contributor agreements (CLAs): |
| - | * Contributor agreements are typically made once, covering for all future contributions. | + | * While contributor agreements are usually made once and automatically cover all future contributions, DCO sign-offs must be present on every single commit, or else the contribution will not be accepted. |
| * A contributor agreement may be signed by a third party, like a company, on behalf of its employees, whereas the DCO is always an attestation by the author of the contribution. | * A contributor agreement may be signed by a third party, like a company, on behalf of its employees, whereas the DCO is always an attestation by the author of the contribution. | ||
| - | ===== Policy ===== | + | ===== Enabling DCO enforcement ===== |
| - | All Linux Foundation projects MUST incorporate a mandatory mechanism to enforce the DCO. | + | ==== GitHub ==== |
| - | In the contributing guidelines for each project (e.g. a CONTRIBUTING.md file) the project SHOULD make explicit that the DCO is required, and that commit sign-offs of the form ''Signed-off-by:'' are attestations according to [[https://developercertificate.org/]]. | + | GitHub uses status checks (similar to CI pass/fail) against new Pull Requests to ensure that contributions which fail DCO validation will not be merged into a DCO-protected branch (usually "master"). |
| - | ===== Enabling DCO enforcement ===== | + | Log in as user with Owner rights to a GitHub organization. Browse to the URL [[https://github.com/apps/dco]] and hit the "Install" (or "Configure") button. Select the organization to install it to. Select "All repositories". |
| + | |||
| + | Browse to the settings for //each repository// in that organization. Choose "Branches" from the menu. If "master" does not show up under Protected Branches, select it from the "Choose a branch" drop-down. Enable "Protect this branch", "Require status checks to pass before merging" (and check the "DCO" status check if it is available). Repeat for the remaining repositories. | ||
| + | |||
| + | To complete the configuration, you should return to the master branch protection screen---on each repository---to check "DCO" after this status check has been seen by GitHub. | ||
| + | |||
| + | ==== GitLab ==== | ||
| + | |||
| + | TBD | ||
| ==== Gerrit ==== | ==== Gerrit ==== | ||
| + | |||
| + | Unlike GitHub, which allows a contributor to create a Pull Request but marks it as failing checks, Gerrit will not even accept a changeset unless the commit(s) in that changeset pass DCO. | ||
| The project.config file must have the following configuration set, or inherited from a parent repository: | The project.config file must have the following configuration set, or inherited from a parent repository: | ||
| Line 32: | Line 42: | ||
| </code> | </code> | ||
| - | ==== GitHub ==== | ||
| - | |||
| - | Log in as user with Owner rights to an organization. Browse to the URL [[https://github.com/apps/dco]] and hit the "Install" (or "Configure") button. Select the organization to install it to. Select "All repositories". | ||
| - | |||
| - | Browse to the settings for //each repository// in that organization. Choose "Branches" from the menu. If "master" does not show up under Protected Branches, select it from the "Choose a branch" drop-down. Enable "Protect this branch", "Require status checks to pass before merging" (and check the "DCO" status check if it is available). Repeat for the remaining repositories. | ||
| - | |||
| - | For full protection, you should return to the branch protection screen for the branch to check "DCO" once it has been seen by GitHub. | ||
| - | |||
| - | ==== GitLab ==== | ||
| - | |||
| - | TBD | ||
dco.1500320452.txt.gz · Last modified: 2017/07/17 19:40 by emsearcy
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
