Bot as regular user

[mattfarina]

If one has a bot that's a regular user account what's the appropriate way to handle the DCO? Should the bot perform a signoff? Is there a way to detect and work around that?

[hiimbex]

Currently, the solution would be to have the bot perform the sign-off. Right now our only way of programmatically detecting bot accounts is for GitHub App bots: https://github.com/probot/dco/blob/35f7202cb0e6648e03c8fedbae11437e1fb09de6/lib/dco.js#L15

For a regular user account, that flag wouldn't be set. I don't have a good suggestion for a programmatic s=workaround, since it's impossible to differentiate that bot from a user account.

[gundalow]

Does the bot have commit powers, https://github.com/probot/dco#skipping-sign-off-for-organization-members may also work for you

EDIT: Though maybe not if that's what was meant by "regular user"

[stale[bot]]

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

[tunnckoCore]

@mattfarina the correct and proper way is the bot developers to allow such thing. For example, initially the RenovateApp didn't supported that and I open an issue about that and it was later implemented. So now when it PR updates to my deps it adds its sign-off, or you can even configure it to set your sign-off.

[stale[bot]]

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?