Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable DCO CI requirement to so called "sign-off" commits #235

Closed
derMart opened this issue Feb 17, 2023 · 3 comments
Closed

Disable DCO CI requirement to so called "sign-off" commits #235

derMart opened this issue Feb 17, 2023 · 3 comments
Labels
info: Stale type: Discussion

Comments

@derMart
Copy link

derMart commented Feb 17, 2023
edited
Loading

Hi,

this is a bit of a preference, but happens to annoy and slow me down:
The CI workflow complains about missing, so called "sign-off" messages in commits. See #232 and the details https://github.com/nextcloud/cms_pico/pull/232/checks?check_run_id=11414302996.
Git does not add sign-off messages by default and adding them afterwards as advised in the details page via:

rebase HEAD~11 --signoff

just does not work, or more precise results in alot of rebase conflicts which I do not have time for frankly. So, I won't do this anymore. Generally, what is the point to require those "sign-off" messages? IMHO they do not add any information or value to a commit. It is not like these are proper digital signatures based on private / public key cryptography. This is just a plain text field anyone can fake. Would you consider to remove the DCO requirement?

best
@derMart derMart changed the title Disable DCO CI requirement to sign-off commits Disable DCO CI requirement to so called "sign-off" commits Feb 17, 2023
@PhrozenByte
Copy link
Collaborator

This is a Nextcloud requirement imposed on any app that wants to be part of the Nextcloud community (like cms_pico, we want to be part of the Nextcloud community), so no, unfortunately we can't merge 3rd party contributions that aren't signed off. The signoff requirement is not about digital signatures, but about the conscious confirmation that the DCO was noted and is agreed on when contributing. See https://github.com/nextcloud/server/blob/master/.github/CONTRIBUTING.md and https://en.wikipedia.org/wiki/Developer_Certificate_of_Origin There are some easements for members of the Nextcloud organization, because one can assume that they agreed to the terms at the moment they joined the Nextcloud organization, but anyone else must agree and show their agreement by signing the commits off. Git's signoff feature is mostly used for this and that's probably why the Git developers decided that one has to do it manually. You can either git rebase --signoff once when you think your PR is ready for merge, or sign at commit time with git commit -s.

@github-actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in two days if no further activity occurs. Thank you for your contributions! 👍

@derMart
Copy link
Author

derMart commented Apr 11, 2023

@PhrozenByte Thanks alot for the explanation. I do see quite a lot of problems with this kind of requirement, which I am happy to share actually. But beforehand, I would just do another ping and tell you that I think the PR is ready :-). If you have some time to review and merge this would be very nice. I think it is important to move forward and get cms_pico working under php 8.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
info: Stale type: Discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PhrozenByte @derMart