Skip to main content

Simple DCO check script to be used in any CI.

Project description

dco-check

PyPI codecov License

GitHub Action Status GitLab pipeline status Travis CI Azure DevOps builds AppVeyor CircleCI

Simple DCO check script to be used in any CI.

Motivation

Many open-source projects require the use of a Signed-off-by: line in every commit message. This is to certify that a contributor has the right to submit their code according to the Developer Certificate of Origin (DCO). However, to my knowledge, there is no automated check that can run on any CI platform (or most platforms). Some platforms simply do not possess such a feature.

This was inspired by the DCO GitHub App.

How to get & use

There are two main options:

  1. Using the package from PyPI
    $ pip install dco-check
    $ dco-check
    
  2. Downloading the script and running it (you can replace master with a specific version)
    $ wget https://raw.githubusercontent.com/christophebedard/dco-check/master/dco_check/dco_check.py
    $ python3 dco_check.py
    

It exits with 0 if all checked commits have been signed-off. Otherwise, it exits with a non-zero number.

Run with --help for more information and options, including:

  • ignoring merge commits
  • default branch
  • default remote
  • quiet mode
  • verbose mode

Those options can alternatively be set through environment variables (see --help), but commandline arguments always have precedence over environment variables.

How it works

dco-check focuses on two use-cases:

  1. Commits part of a feature branch, i.e. a proposed change (pull request or merge request)
  2. Commits on the default branch, e.g. master, or more specifically the new commits pushed to the default branch

The first use-case is easy to cover given a normal git repository. We can simply use git merge-base --fork-point $DEFAULT_BRANCH to get the list of commits on a specific feature branch off of the default branch. Some CIs provide even more information, such as the target branch of the change, which is useful if we don't expect to always target the default branch. Then we can just check every commit using git log and make sure it is signed-off by the author.

The second use-case isn't really possible with simple git repositories, because they do not contain the necessary information (AFAIK). Fortunately, some CIs do provide this information.

Furthermore, by default, some CI platforms only clone git repositories up to a specific depth, i.e. you only get a partial commit history. This depth can sometimes be 1 for some CIs, i.e. a shallow clone. For those cases, it is usually possible to prevent shallow cloning by setting the right parameter(s) in the job configuration. However, since one of the goals of dco-check is to be as easy to use as possible, it tries not to rely on that.

This is why dco-check detects the current CI platform and uses whatever information that platform can provide. Otherwise, it falls back on a default generic implementation which uses simple git commands. In those cases, the CLI options allow users to provide a lot of the missing information.

CI support

Below is a summary of the supported CIs along with their known behaviours.

CI Detects new changes when pushing to default branch Detects PRs/MRs Gets base branch using Gets default branch using Notes
GitHub CI (not used) retrieves commit data using the GitHub API, since GitHub does shallow clones by default
GitLab CI CI detects normal GitLab MRs and external (GitHub) MRs
Azure Pipelines CI CLI arguments
AppVeyor CI CLI arguments
CircleCI CI* (or CLI arguments) CLI arguments *can use base revision information if provided (see example)
Travis CI CLI arguments CLI arguments supported by default as a normal git repo
default (git) CLI arguments CLI arguments use locally; using in an unsupported CI which only does a shallow clone might cause problems

Python version support

Python 3.6+ is required because of the use of f-strings. However, it shouldn't be too hard to remove them to support older versions of Python 3, if there is a demand for it, or if such a change is contributed to dco-check.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dco-check-0.0.7.tar.gz (17.7 kB view details)

Uploaded Source

Built Distribution

dco_check-0.0.7-py3-none-any.whl (17.6 kB view details)

Uploaded Python 3

File details

Details for the file dco-check-0.0.7.tar.gz.

File metadata

  • Download URL: dco-check-0.0.7.tar.gz
  • Upload date:
  • Size: 17.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.1 requests-toolbelt/0.9.1 tqdm/4.46.1 CPython/3.8.3

File hashes

Hashes for dco-check-0.0.7.tar.gz
Algorithm Hash digest
SHA256 67b512a09302ad450a0232db0f9168ffd407be1610fd27be3e5d0c9ed3617aa6
MD5 3e7a86da40b1adc08e01348ab317bdba
BLAKE2b-256 5114431ac4e566e9722004198ceb64dea7e142d2290bbbae251328bc6952fed6

See more details on using hashes here.

File details

Details for the file dco_check-0.0.7-py3-none-any.whl.

File metadata

  • Download URL: dco_check-0.0.7-py3-none-any.whl
  • Upload date:
  • Size: 17.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.1 requests-toolbelt/0.9.1 tqdm/4.46.1 CPython/3.8.3

File hashes

Hashes for dco_check-0.0.7-py3-none-any.whl
Algorithm Hash digest
SHA256 2bccd51a75410e5310e814d3b8da44ea315d5758d4ad4e138c60ae68d9c6ec5f
MD5 d71a6d2c1eed910ae7337f9c22741d83
BLAKE2b-256 ad4eb951a21034d6e5cf516591506904b42335ca4563339c90cdfb9979f6b219

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page