Skip to content

GitHub Action that enforces Developer Certificate of Origin sign-off on Pull Requests

License

Notifications You must be signed in to change notification settings

KineticCafe/actions-dco

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

@KineticCafe/actions-dco

Enforce the presence of commit sign-offs on pull requests, indicating that the contributor to a project certifies that they are permitted to contribute to the project. The sign-off line represents certification of the Developer Certificate of Origin.

Bot user contributions are automatically exempted.

Example Usage

name: DCO Check

on:
  pull_request:

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: KineticCafe/actions-dco@v1

Inputs

  • repo-token: The GitHub token for use with this action. It must have sufficient permissions to read pull request details.

    Default: ${{ github.token }}

  • exempt-authors: A whitespace separated list of email exemption patterns indicating an implied DCO sign-off (the contributors work for the company managing the project, for example). Permitted pattern formats are exact emails (name@example.org) or domain patterns (@example.org). Patterns that do not match this will be printed as warnings and ignored.

    exempt-authors are applied only for the commit author. The commit committer cannot exempt other peoples' contributions.

    name: DCO Check
    
    on:
    pull_request:
    
    jobs:
    check:
      runs-on: ubuntu-latest
      steps:
        - uses: KineticCafe/actions-dco@v1
          with:
            exempt-authors: |
              joe@example.net
              @example.com

Contributing

@KineticCafe/actions-dco welcomes contributions. This project, like all Kinetic Commerce open source projects, is under the Kinetic Commerce Open Source Code of Conduct.

This project is licensed under the Apache License, version 2.0 and requires certification via a Developer Certificate of Origin. See Licence.md for more details.

Releasing

Releases are prepared with @vercel/ncc to produce a single file which must be committed to dist/. Run pnpm package or pnpm all to produce this file.

About

GitHub Action that enforces Developer Certificate of Origin sign-off on Pull Requests

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •