search

dcoapp / app

GitHub App that enforces the Developer Certificate of Origin (DCO) on Pull Requests
https://github.com/apps/dco
ISC License
302 stars 76 forks source link

Merge blocked even though all commits are signed #123

Closed Karsten1987 closed 4 years ago

Karsten1987 commented 4 years ago

We are currently expiring something strange on the DCO bot we've applied to our repo. Even though all commits are signed and the DCO bot seems to return successfully from its checks, the "merge" buttons stays blocked. The PR in question: https://github.com/ros2/rmw_iceoryx/pull/7

Any idea on what's happening here? Are we doing something wrong?

I am attaching a screenshot of this as well for future references (the PR might get merged soonish):

Screen Shot 2019-12-13 at 10 55 17 AM
hiimbex commented 4 years ago

This is not related to the DCO.

In your branch protection settings do you have this checked?

Screen Shot 2019-12-13 at 11 00 42 AM

If yes, see the article GitHub conveniently linked for you: https://help.github.com/en/github/authenticating-to-github/about-commit-signature-verification

This person has signed off the DCO, but has not used a GPG key to sign their commit/s. Your repo currently enforces both.

About commit signature verification - GitHub Help
Using GPG or S/MIME, you can sign tags and commits locally. These tags or commits are marked as verified on GitHub so other people can trust that the changes come from a trusted source.
Karsten1987 commented 4 years ago

Thanks a lot for the explanation. That's exactly what was happening!