feat: remediation commits #171
Conversation
|
|
||
| By default, Probot DCO enforces the presence of [valid DCO signoffs](#how-it-works) on all commits (excluding bots and merges). If a PRs contains commits that lack a valid Signed-off-by line, they are blocked until a correctly signed-off revision of the commit is pushed. This closely mirrors the upstream Linux kernel process. | ||
|
|
||
| ### Individual remediation commit support |
There was a problem hiding this comment.
Can we add instructions on how to add remediation commits using git and the GitHub Web UI? I know you add instructions to the check runs which is great, but I think we should document it here as well, what do you think?
If I understand it correctly, ideally remediation commits would be empty commits with the correct messages, but there is no way to add empty commits using the GitHub Web UI as far as I know.
| allowRemediationCommits: | ||
| individual: true | ||
| thirdParty: true |
There was a problem hiding this comment.
The thirdParty: true setting will set individual: true implicitly, setting both is no different to just setting thirdParty: true
https://github.com/brianwarner/dco/blob/eb53e5d32ce5d48b1467a581ed0ea404dc0a349c/index.js#L186
I think we should change the sitting from an object to a string enum
allowRemediationCommits: individual # or: thirdPartyPlease let me know if you have any concerns about this change.
gr2m
force-pushed
the
remediation-commits
branch
from
bcd5add to
796609d
Compare
|
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/probot/dco/BvfnppNsb5exJpYj6ErnkYwJi9Rx |
|
This branch is now deploying to Vercel for preview. You can install the GitHub app at https://github.com/apps/dco-staging I tested it with the new remediation commit feature at gr2m/sandbox#217 and it worked If you could thoroughly test the staging app that'd be great @ryjones @brianwarner @ashleywolf
|
|
Awesome. I've tested this on two repos in h-cicd - @brianwarner , would you like to test the larger attestation case, where a codebase has no previous sign-offs? could you point me to a repo to try it out on? |
|
Sure thing. I'll try to get to this today or tonight.
Brian
…On Tue, Nov 16, 2021 at 11:53 AM Ry Jones ***@***.***> wrote:
Awesome. I've tested this on two repos in h-cicd - @brianwarner
<https://github.com/brianwarner> , would you like to test the larger
attestation case, where a codebase has no previous sign-offs? could you
point me to a repo to try it out on?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#171 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAOVQJRY34GF57VYD6DDCHDUMKECLANCNFSM5IDNRZJA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
--
*Brian Warner*
The Linux Foundation
***@***.***
+1 724 301-6171
|
|
Thanks. I invited you two to be an admin on two repos: |
|
When you install the DCO staging, make sure DCO is not installed at the same time, the two will conflict with each other (overwrite each others checks). |
yeah, I saw that :) |
|
@ryjones @brianwarner did you have a chance to test these changues with https://github.com/apps/dco-staging?
|
Signed-off-by: Brian Warner <brian@bdwarner.com>
Signed-off-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>
Signed-off-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>
Signed-off-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>
gr2m
force-pushed
the
remediation-commits
branch
from
bfa512d to
d2fbe38
Compare
|
🎉 This PR is included in version 1.0.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
null
View rendered README.md