Incorrect instructions to fix missing signatures

[riedgar-ms]

I believe I've found a case where the DCO enforcement, when there is one unsigned commit, but it is not the last one.

To reproduce, I branch my repo, add a file and commit it unsigned:

git checkout -b dco-test
<Create bugdemo.txt>
git add bugdemo.txt
git commit -a -m "Unsigned commit"
git push --set-upstream origin dco-test

Then I made a change to the bugdemo.txt file and ran:

git commit -s -a -m "Signed commit"
git push

Going to the GitHub repo, I create a pull request, and the DCO bot promptly failed. The suggested commands to fix were:

git commit --amend --signoff
git push --force-with-lease origin dco-test

However, the DCO test continued to fail.

From a previous DCO failure report, I'd seen:

git rebase HEAD~2 --signoff
git push --force-with-lease origin dco-test

suggested. After running these, the DCO bot passed. However, I'd never have come up with the rebase if I hadn't seen it in an earlier error report.

I'm guessing this is because, although there was only one unsigned commit, it wasn't the last one - and git commit --amend only affects the tip of the current branch?

For reference:

> git --version
git version 2.20.1.windows.1

I'm afraid I don't have a Linux or Mac to hand for testing there

[hiimbex]

Good catch.

Would likely require some smarter checking here: https://github.com/probot/dco/blob/bce3d1bb684f0aa03c733e70327142ddb811f4c4/index.js#L61 to make sure the commit is the most recent. If not it can just handle all commits.

[stale[bot]]

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

[JamesCullum]

Had the same issue in https://github.com/bkimminich/juice-shop/pull/1352

[stale[bot]]

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

[shlomi-noach]

This is still relevant, just saw the same message and behavior.

[gr2m]

thanks @shlomi-noach