BCDevOps / devops-requests

This repository is used to track the DevOps requests for platform services team.
18 stars 10 forks source link

Migrate CDT repositories from the DCO app to the DCO-2 app #1715

Closed WadeBarnes closed 6 days ago

WadeBarnes commented 2 months ago

Request from the Cyber Security and Digital Trust (CDT) Team:

The CDT team utilizes dcoapp/app to enforce DCO sign-off on all commits. This is in place due to our heavy involvement with groups within the Linux Foundation, such as Linux Foundation Decentralized Trust (Hyperledger), the Open Wallet Foundation, and the Trust Over IP Foundation along with many other open source groups such as the Decentralized Identity Foundation. We frequently contribute code and entire projects to these organizations and they enforce DCO sign-off, so we follow suite.

The dcoapp/app has not been maintained in some time and the Cloud Native Computing Foundation (CNCF) has created the DCO-2 app as a replacement.

We'd like the assistance of the Developer Experience team to migrate from DCO, to DCO-2. The approach taken by the Linux Foundation is to enable DCO-2 alongside DCO, with the plan to then remove DCO once DCO-2 is deemed working.

The DCO app is currently enabled on a repo by repo basis so as not to overwhelm other BC Gov teams with the DCO requirements (although relatively trivial). As such we do not have direct access to the configuration and therefore require organization owner assistance.

Personally I think it would be a good idea to enable the DCO-2 app organization wide, but that would require other teams to get used to adding the DCO sign-off (-s or --signoff, which can be automated) to their commits. DCO sign-off should not be confused with digitally signing (-S or --gpg-sign) commits with a gpg signing key, they are functionally very different. DCO does not require a gpg signing key. I think the legal intent of DCO sign-off would be beneficial to BC Government projects.

WadeBarnes commented 2 months ago

cc @esune

MonicaG commented 2 months ago

Thanks @WadeBarnes I've created a Jira ticket for myself so I can schedule time for this in our upcoming sprint.

WadeBarnes commented 1 month ago

DOC-2 has been installed on the CDT repositories. Similar to DCO, it needs to run once before it can be selected as a requirement in the branch protection rules. The following list will be used as a checklist to indicate which repositories have been migrated to DCO-2.

Affected repositories:

cc @esune, @i5okie, @loneil, @swcurran, @cvarjao, @jleach

WadeBarnes commented 1 month ago

Thanks for getting this done @MonicaG! Did I miss any repos in the list above?

MonicaG commented 1 month ago

@WadeBarnes, The following repos also have DCO2 installed on them:

WadeBarnes commented 1 month ago

Thanks, I've updated the check-list.

WadeBarnes commented 1 month ago

A quick note to the CDT team members helping out with the migration. Both DCO and DCO-2 will run on PRs until DCO is finally uninstalled from the repo. Switching from DCO to DCO-2 in the required checks of the branch protection rules is the key to the migration. However, switching to DCO-2 for the required check does not turn off DCO. It will continue to run until uninstalled, which is perfectly fine.

image

cc @loneil @esune

WadeBarnes commented 1 month ago

I made a pass on the list above and marked off the ones that were either already switched to require DCO-2 or were set to DCO from any source (which would accept DCO or DCO-2).

With the remaining repos, we'll need to trigger a PR so DCO-2 runs and becomes available in the required checks list, or I don't have admin access to the repo so I'm unable to even check the settings (such is the case with bcgov/aries-oca-explorer, bcgov/bc-wallet-mobile, bcgov/indy-vdr-proxy-server, and bcgov/mobile-attestation-vc-controller). @jleach, @cvarjao, are you able to update the repos I can't access, please?

cc @esune, @i5okie, @loneil, @swcurran, @cvarjao, @jleach

MonicaG commented 1 week ago

Hi,

@WadeBarnes, just wondering if you have a status update on this. Do you have an ETA on when I should remove the DCO app?

Thanks! Monica

WadeBarnes commented 1 week ago

@esune, @i5okie, @loneil, @swcurran, @cvarjao, @jleach, are you folks able to complete the migration on the repos you have admin access to please. I've done what I can.

The checklist is here; https://github.com/BCDevOps/devops-requests/issues/1715#issuecomment-2427116171

I made a pass on the list above and marked off the ones that were either already switched to require DCO-2 or were set to DCO from any source (which would accept DCO or DCO-2).

With the remaining repos, we'll need to trigger a PR so DCO-2 runs and becomes available in the required checks list, or I don't have admin access to the repo so I'm unable to even check the settings (such is the case with bcgov/aries-oca-explorer, bcgov/bc-wallet-mobile, bcgov/indy-vdr-proxy-server, and bcgov/mobile-attestation-vc-controller). @jleach, @cvarjao, are you able to update the repos I can't access, please?

cc @esune, @i5okie, @loneil, @swcurran, @cvarjao, @jleach

jleach commented 1 week ago

@WadeBarnes These are done:

WadeBarnes commented 1 week ago

I've updated all repos other than https://github.com/bcgov/aries-oca-explorer. I don't have access to the settings for this repo. @amanji, @swcurran when you have a moment could you check if you have admin access and if so add the von-admin user group to the project as an Admin. I can take it from there.

WadeBarnes commented 1 week ago

For future reference the following command, courtesy of @jleach, combined with a temporary PR to the repo is a good way to trigger the DCO scanning.

git commit -m "fix: noop to trigger dco-2" -s --no-verif --allow-empty
amanji commented 1 week ago

Confirmed using the sample command above. DCO-2 status is now checked in aries-oca-explorer

WadeBarnes commented 6 days ago

@MonicaG, The migration is complete, you can remove the DCO app anytime.

Thanks!

MonicaG commented 6 days ago

@WadeBarnes - Thanks! I have removed the DCO app.

Cheers!

Monica