pdns icon indicating copy to clipboard operation
pdns copied to clipboard
verified publisher icon PowerDNS

Require Developer Certificate of Origin in pull requests

Open rgacogne opened this issue 6 months ago • 6 comments

Short description

This is only a draft for now, while we discuss how we want to do it.

Checklist

I have:

  • [x] read the CONTRIBUTING.md document
  • [ ] compiled this code
  • [x] tested this code
  • [ ] included documentation (including possible behaviour changes)
  • [ ] documented the code
  • [ ] added or modified regression test(s)
  • [ ] added or modified unit test(s)

rgacogne avatar Jun 02 '25 09:06 rgacogne

If we add DCO to the checklist, we can link to a relevant article there, in clear view of the submitter

Habbie avatar Jun 02 '25 09:06 Habbie

If we add DCO to the checklist, we can link to a relevant article there, in clear view of the submitter

done

rgacogne avatar Jun 02 '25 09:06 rgacogne

I also added a copy of the DCO to our repository, and linked to it.

rgacogne avatar Jun 02 '25 09:06 rgacogne

We now expect a sign-off from the committer, not the author.

rgacogne avatar Jun 02 '25 10:06 rgacogne

Fwiw, when github makes a squash commit, it lists github as the committer, and it does not include a sign-off-by: GitHub <[email protected]> in the commit message.

It blames the author as the PR author.

jsoref avatar Jun 04 '25 03:06 jsoref

There's also this: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-the-commit-signoff-policy-for-your-repository#enabling-or-disabling-compulsory-commit-signoffs-for-your-repository

Looks good, I just enabled it. Thanks!

rgacogne avatar Jun 05 '25 07:06 rgacogne

This is stalling. Where do we want to go from there?

miodvallat avatar Jun 20 '25 14:06 miodvallat

Pull Request Test Coverage Report for Build 17735527283

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 13629 unchanged lines in 213 files lost coverage.
  • Overall coverage increased (+8.2%) to 65.996%
Files with Coverage Reduction New Missed Lines %
ext/lmdb-safe/lmdb-typed.cc 1 80.0%
pdns/auth-catalogzone.hh 1 66.67%
pdns/auth-zonecache.hh 1 93.33%
pdns/backends/gsql/gsqlbackend.hh 1 98.88%
pdns/dnsdistdist/dnsdist-lua-network.cc 1 91.94%
pdns/dnswriter.hh 1 76.6%
pdns/dynlistener.hh 1 0.0%
pdns/inflighter.cc 1 90.48%
pdns/recursordist/validate-recursor.cc 1 64.94%
pdns/serialtweaker.cc 1 84.15%
<!-- Total: 13629
Totals Coverage Status
Change from base Build 17658370954: 8.2%
Covered Lines: 128588
Relevant Lines: 166160
💛 - Coveralls

coveralls avatar Jul 01 '25 11:07 coveralls

We agreed earlier this week that we still want to implement this. Does anyone have any issue with the current implementation?

rgacogne avatar Sep 05 '25 13:09 rgacogne 

1. The DCO mentions "under the open source license indicated in the file". Are we sure _all_ files have a license text? I don't think e.g. the docs have them.

Perhaps we can mention GPLv2 explicitly then?

2. Why are we not using an off-the-shelf DCO action like [this one](https://github.com/KineticCafe/actions-dco)?

I looked at what the existing options do, and their code, and I don't really want to talk about it. I have seen things.

3. Should all commits from author with `@powerdns.com` addresses be exempt?

I don't have a strong opinion, but that's easy to do.

rgacogne avatar Sep 08 '25 07:09 rgacogne 

2. Why are we not using an off-the-shelf DCO action like [this one](https://github.com/KineticCafe/actions-dco)?

Scratch that, I apparently missed this one in my last round and I have to say it looks quite OK. So why not, I'm always happy to have fewer lines of code to maintain.

rgacogne avatar Sep 08 '25 07:09 rgacogne

Perhaps we can mention GPLv2 explicitly then?

If you do, point to NOTICE, as its not 'plain GPLv2'?

zeha avatar Sep 08 '25 07:09 zeha

Perhaps we can mention GPLv2 explicitly then?

If you do, point to NOTICE, as its not 'plain GPLv2'?

The DCO also mentions that the text of itself should not be changed, where would we put this text?

pieterlexis avatar Sep 08 '25 07:09 pieterlexis

So I switched to the action suggested by Pieter, after testing that it works as intended. I also replaced the DCO by a custom version that points to the NOTICE file. My understanding is that it is OK to do so, but I'm not a lawyer.

rgacogne avatar Sep 12 '25 08:09 rgacogne

My understanding is that it is OK to do so, but I'm not a lawyer.

same

Habbie avatar Sep 12 '25 09:09 Habbie

Added the AI policy, and mentioned in the pull request template and the DCO itself.

rgacogne avatar Sep 15 '25 13:09 rgacogne

I don't quite get what the specll-checker is complaining about: "[here]( matches a line_forbidden.patterns entry: (?i)(?:>|\[)(?:(?:click |)here|link|(?:read |)more)(?:</|\]\(). (forbidden-pattern)", I guess it doesn't like the "here" link name?

rgacogne avatar Sep 15 '25 14:09 rgacogne 

#### Do not use `(click) here` links

For more information, see:
* https://www.w3.org/QA/Tips/noClickHere
* https://webaim.org/techniques/hypertext/link_text
* https://granicus.com/blog/why-click-here-links-are-bad/
* https://heyoka.medium.com/dont-use-click-here-f32f445d1021

miodvallat avatar Sep 15 '25 14:09 miodvallat