{"id":13464954,"url":"https://github.com/dcoapp/app","last_synced_at":"2025-03-25T12:33:18.195Z","repository":{"id":39040965,"uuid":"86159894","full_name":"dcoapp/app","owner":"dcoapp","description":"GitHub App that enforces the Developer Certificate of Origin (DCO) on Pull Requests","archived":false,"fork":false,"pushed_at":"2024-07-29T19:05:02.000Z","size":1650,"stargazers_count":315,"open_issues_count":41,"forks_count":79,"subscribers_count":18,"default_branch":"main","last_synced_at":"2025-03-08T16:15:57.892Z","etag":null,"topics":["github-app","probot-app"],"latest_commit_sha":null,"homepage":"https://github.com/apps/dco","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dcoapp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-03-25T13:38:14.000Z","updated_at":"2025-03-06T13:31:01.000Z","dependencies_parsed_at":"2024-01-08T15:30:58.055Z","dependency_job_id":null,"html_url":"https://github.com/dcoapp/app","commit_stats":null,"previous_names":["probot/dco"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dcoapp%2Fapp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dcoapp%2Fapp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dcoapp%2Fapp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dcoapp%2Fapp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dcoapp","download_url":"https://codeload.github.com/dcoapp/app/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242573478,"owners_count":20151707,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-app","probot-app"],"created_at":"2024-07-31T14:00:53.439Z","updated_at":"2025-03-25T12:33:17.686Z","avatar_url":"https://github.com/dcoapp.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"# Probot: DCO\n\na GitHub Integration built with [probot](https://github.com/probot/probot) that enforces the [Developer Certificate of Origin](https://developercertificate.org/) (DCO) on Pull Requests. It requires all commit messages to contain the `Signed-off-by` line with an email address that matches the commit author.\n\n## Usage\n\n[Configure the integration](https://github.com/apps/dco) for your organization or repositories. Enable [required status checks](docs/required-statuses.md) if you want to enforce the DCO on all commits.\n\nSee [docs/deploy.md](docs/deploy.md) if you would like to run your own instance of this plugin.\n\n## Modes of operations\n\n### Default\n\nBy default, Probot DCO enforces the presence of [valid DCO signoffs](#how-it-works) on all commits (excluding bots and merges). If a PRs contains commits that lack a valid Signed-off-by line, they are blocked until a correctly signed-off revision of the commit is pushed. This closely mirrors the upstream Linux kernel process.\n\n### Individual remediation commit support\n\nOptionally, a project can allow individual remediation commit support, where the failing commit's author can push an additional properly signed-off commit with additional text in the commit log that indicates they apply their signoff retroactively.\n\nTo enable this, place the following configuration file in `.github/dco.yml` on the default branch:\n\n```yaml\nallowRemediationCommits:\n  individual: true\n```\n\n### Third-party remediation support\n\nAdditionally, a project can allow third-parties to sign off on an author's behalf by pushing an additional properly signed-off commit with additional text in the commit log that indicates they sign off on behalf of the author. Third-party remediation requires individual remediation to be enabled.\n\nTo enable this, place the following configuration file in `.github/dco.yml` on the default branch:\n\n```yaml\nallowRemediationCommits:\n  individual: true\n  thirdParty: true\n```\n\n### Skipping sign-off for organization members\n\nIt is possible to disable the check for commits authored and [signed](https://help.github.com/articles/signing-commits-using-gpg/) by members of the organization the repository belongs to. To do this, place the following configuration file in `.github/dco.yml` on the default branch:\n\n```yaml\nrequire:\n  members: false\n```\n\nWhen this setting is present on a repository that belongs to a GitHub user (instead of an organization), only the repository owner is allowed to push commits without sign-off.\n\n## How it works\n\nThe Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full [text of the DCO](https://developercertificate.org/), reformatted for readability:\n\n\u003e By making a contribution to this project, I certify that:\n\u003e\n\u003e a. The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or\n\u003e\n\u003e b. The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or\n\u003e\n\u003e c. The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.\n\u003e\n\u003e d. I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.\n\nContributors _sign-off_ that they adhere to these requirements by adding a `Signed-off-by` line to commit messages.\n\n```\nThis is my commit message\n\nSigned-off-by: Random J Developer \u003crandom@developer.example.org\u003e\n```\n\nGit even has a `-s` command line option to append this automatically to your commit message:\n\n```\n$ git commit -s -m 'This is my commit message'\n```\n\nOnce [installed](#usage), this integration will create a [check](https://developer.github.com/v3/checks/runs/) indicating whether or not commits in a Pull Request do not contain a valid `Signed-off-by` line.\n\n![DCO success](https://user-images.githubusercontent.com/13410355/42352738-35f4e690-8071-11e8-9c8c-260e5868bfc8.png)\n![DCO failure](https://user-images.githubusercontent.com/13410355/42352794-85fe1c9c-8071-11e8-834a-05a4aeb8cc90.png)\n\nAdditionally, the DCO creates an override button accessible to only those with write access to the repository to create a successful check.\n\n![DCO button](https://user-images.githubusercontent.com/13410355/42353254-3bfa266a-8074-11e8-80b4-18760c5efeee.png)\n\n## Further Reading\n\nIf you want to learn more about the DCO and why it might be necessary, here are some good resources:\n\n- [Developer Certificate of Origin versus Contributor License Agreements](https://julien.ponge.org/blog/developer-certificate-of-origin-versus-contributor-license-agreements/)\n- [The most powerful contributor agreement](https://lwn.net/Articles/592503/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdcoapp%2Fapp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdcoapp%2Fapp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdcoapp%2Fapp/lists"}