Developer Certification of Origin (DCO)
Keptn requires the Developer Certificate of Origin (DCO) process to be followed for each commit. With the DCO, you attest that the contribution adheres to the terms of the Apache License that covers Keptn and that you are granting ownership of your work to the Keptn project.
Licensing is very important to open source projects. It helps ensure that the software continues to be available under the terms that the author desired. Keptn uses Apache License 2.0, which strikes a balance between open contributions and allowing you to use the software however you would like to.
The license tells you what rights the copyright holder gives you. It is important that the contributor fully understands what rights they are licensing and agrees to them. Sometimes the copyright holder is not the contributor, such as when the contributor is doing work on behalf of a company.
You must add a Signed-off-by statement for each commit you contribute, thereby agreeing to the DCO. The text of the DCO is given here and available at http://developercertificate.org/:
Developer Certificate of Origin Version 1.1 Copyright (C) 2004, 2006 The Linux Foundation and its contributors. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Developer's Certificate of Origin 1.1 By making a contribution to this project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.
DCO Sign-Off Methods
The DCO check runs on each PR to verify that the commit has been signed off properly. Your builds will fail and can not be merged if the DCO check fails.
Do any of the following to implement the DCO signoff on each commit:
- Add -s or –signoff
to your usual
- Manually add text to your commit body
- Automate DCO
Sign off with git commit -s
Use the -s or –signoff flag to the
git commit command
to sign off on a commit.
git commit -s -m "my awesome contribution"
If you forget to add the sign-off, run the following command to amend the previous commit with the sign-off:
git commit --amend --signoff
Use the following command to sign off the last 2 commits you made:
git rebase HEAD~2 --signoff
Manually add text to commit description
To sign off on a commit not made with the command line (such as those made directly with the github editor or as suggestions made to a PR during review), you can add text like the following to the commit description block. You must specify your real name and the email address to use:
Signed-off-by: Humpty Dumpty <email@example.com>
The DCO process is sometimes inconvenient but you can automate it by creating a pre-commit git hook as follows:
Create the hook:
Add the following to the
SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p') grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
Give it execution permissions by calling:
chmod +x ./.git/hooks/prepare-commit-msg