WadeBarnes
commented
2 months ago cc @esune
Closed WadeBarnes closed 6 days ago
WadeBarnes
commented
2 months ago cc @esune
MonicaG
commented
2 months ago Thanks @WadeBarnes I've created a Jira ticket for myself so I can schedule time for this in our upcoming sprint.
WadeBarnes
commented
1 month ago DOC-2 has been installed on the CDT repositories. Similar to DCO, it needs to run once before it can be selected as a requirement in the branch protection rules. The following list will be used as a checklist to indicate which repositories have been migrated to DCO-2.
Affected repositories:
cc @esune, @i5okie, @loneil, @swcurran, @cvarjao, @jleach
WadeBarnes
commented
1 month ago Thanks for getting this done @MonicaG! Did I miss any repos in the list above?
MonicaG
commented
1 month ago @WadeBarnes, The following repos also have DCO2 installed on them:
WadeBarnes
commented
1 month ago Thanks, I've updated the check-list.
WadeBarnes
commented
1 month ago A quick note to the CDT team members helping out with the migration. Both DCO and DCO-2 will run on PRs until DCO is finally uninstalled from the repo. Switching from DCO to DCO-2 in the required checks of the branch protection rules is the key to the migration. However, switching to DCO-2 for the required check does not turn off DCO. It will continue to run until uninstalled, which is perfectly fine.
cc @loneil @esune
WadeBarnes
commented
1 month ago I made a pass on the list above and marked off the ones that were either already switched to require DCO-2 or were set to DCO from any source (which would accept DCO or DCO-2).
With the remaining repos, we'll need to trigger a PR so DCO-2 runs and becomes available in the required checks list, or I don't have admin access to the repo so I'm unable to even check the settings (such is the case with bcgov/aries-oca-explorer, bcgov/bc-wallet-mobile, bcgov/indy-vdr-proxy-server, and bcgov/mobile-attestation-vc-controller). @jleach, @cvarjao, are you able to update the repos I can't access, please?
cc @esune, @i5okie, @loneil, @swcurran, @cvarjao, @jleach
MonicaG
commented
1 week ago Hi,
@WadeBarnes, just wondering if you have a status update on this. Do you have an ETA on when I should remove the DCO app?
Thanks! Monica
WadeBarnes
commented
1 week ago @esune, @i5okie, @loneil, @swcurran, @cvarjao, @jleach, are you folks able to complete the migration on the repos you have admin access to please. I've done what I can.
The checklist is here; https://github.com/BCDevOps/devops-requests/issues/1715#issuecomment-2427116171
I made a pass on the list above and marked off the ones that were either already switched to require
DCO-2or were set toDCO from any source(which would acceptDCOorDCO-2).With the remaining repos, we'll need to trigger a PR so
DCO-2runs and becomes available in the required checks list, or I don't have admin access to the repo so I'm unable to even check the settings (such is the case withbcgov/aries-oca-explorer,bcgov/bc-wallet-mobile,bcgov/indy-vdr-proxy-server, andbcgov/mobile-attestation-vc-controller). @jleach, @cvarjao, are you able to update the repos I can't access, please?cc @esune, @i5okie, @loneil, @swcurran, @cvarjao, @jleach
jleach
commented
1 week ago @WadeBarnes These are done:
WadeBarnes
commented
1 week ago I've updated all repos other than https://github.com/bcgov/aries-oca-explorer. I don't have access to the settings for this repo. @amanji, @swcurran when you have a moment could you check if you have admin access and if so add the von-admin user group to the project as an Admin. I can take it from there.
WadeBarnes
commented
1 week ago For future reference the following command, courtesy of @jleach, combined with a temporary PR to the repo is a good way to trigger the DCO scanning.
git commit -m "fix: noop to trigger dco-2" -s --no-verif --allow-empty
amanji
commented
1 week ago Confirmed using the sample command above. DCO-2 status is now checked in aries-oca-explorer
WadeBarnes
commented
6 days ago @MonicaG, The migration is complete, you can remove the DCO app anytime.
Thanks!
MonicaG
commented
6 days ago @WadeBarnes - Thanks! I have removed the DCO app.
Cheers!
Monica
Request from the Cyber Security and Digital Trust (CDT) Team:
The CDT team utilizes dcoapp/app to enforce DCO sign-off on all commits. This is in place due to our heavy involvement with groups within the Linux Foundation, such as Linux Foundation Decentralized Trust (Hyperledger), the Open Wallet Foundation, and the Trust Over IP Foundation along with many other open source groups such as the Decentralized Identity Foundation. We frequently contribute code and entire projects to these organizations and they enforce DCO sign-off, so we follow suite.
The dcoapp/app has not been maintained in some time and the Cloud Native Computing Foundation (CNCF) has created the DCO-2 app as a replacement.
We'd like the assistance of the Developer Experience team to migrate from DCO, to DCO-2. The approach taken by the Linux Foundation is to enable DCO-2 alongside DCO, with the plan to then remove DCO once DCO-2 is deemed working.
The DCO app is currently enabled on a repo by repo basis so as not to overwhelm other BC Gov teams with the DCO requirements (although relatively trivial). As such we do not have direct access to the configuration and therefore require organization owner assistance.
Personally I think it would be a good idea to enable the DCO-2 app organization wide, but that would require other teams to get used to adding the DCO sign-off (
-sor--signoff, which can be automated) to their commits. DCO sign-off should not be confused with digitally signing (-Sor--gpg-sign) commits with a gpg signing key, they are functionally very different. DCO does not require a gpg signing key. I think the legal intent of DCO sign-off would be beneficial to BC Government projects.