Required DCO verification on pull requests

[peternied]

Recently DCO check was added to the .github template for OpenSearch-Project, this should be rolled out into all of the existing repositories to ensure that DCO checks are done on any incoming pull requests.

• [x] https://github.com/opensearch-project/project-meta/issues/21
• [x] https://github.com/opensearch-project/alerting/issues/190
• [x] https://github.com/opensearch-project/alerting-dashboards-plugin/issues/120
• [x] https://github.com/opensearch-project/anomaly-detection/issues/256
• [x] https://github.com/opensearch-project/anomaly-detection-dashboards-plugin/issues/98
• [x] https://github.com/opensearch-project/asynchronous-search/issues/47
• [x] https://github.com/opensearch-project/common-utils/issues/76
• [x] https://github.com/opensearch-project/dashboards-notebooks/issues/86
• [x] https://github.com/opensearch-project/dashboards-reports/issues/169
• [x] https://github.com/opensearch-project/dashboards-visualizations/issues/28
• [x] https://github.com/opensearch-project/data-prepper/issues/326
• [x] https://github.com/opensearch-project/documentation-website/issues/190
• [x] https://github.com/opensearch-project/index-management/issues/156
• [x] https://github.com/opensearch-project/index-management-dashboards-plugin/issues/99
• [x] https://github.com/opensearch-project/job-scheduler/issues/67
• [x] https://github.com/opensearch-project/k-NN/issues/107
• [x] https://github.com/opensearch-project/logstash-output-opensearch/issues/85
• [x] https://github.com/opensearch-project/notifications/issues/333
• [x] https://github.com/opensearch-project/OpenSearch/issues/1318
• [x] https://github.com/opensearch-project/opensearch-build/issues/658
• [x] https://github.com/opensearch-project/opensearch-cli/issues/28
• [x] https://github.com/opensearch-project/OpenSearch-Dashboards/issues/834
• [x] https://github.com/opensearch-project/opensearch-devops/issues/74
• [x] https://github.com/opensearch-project/opensearch-plugins/issues/88
• [x] https://github.com/opensearch-project/performance-analyzer/issues/68
• [x] https://github.com/opensearch-project/performance-analyzer-rca/issues/78
• [x] https://github.com/opensearch-project/perftop/issues/21
• [x] https://github.com/opensearch-project/piped-processing-language/issues/8
• [x] https://github.com/opensearch-project/project-website/issues/334
• [x] https://github.com/opensearch-project/security/issues/1463
• [x] https://github.com/opensearch-project/security-dashboards-plugin/issues/835
• [x] https://github.com/opensearch-project/sql/issues/223
• [x] https://github.com/opensearch-project/trace-analytics/issues/121
• [x] https://github.com/opensearch-project/opensearch-plugin-template-java/issues/14
• [x] https://github.com/opensearch-project/project-meta/issues/22
• [x] https://github.com/opensearch-project/geospatial/issues/6
• [x] https://github.com/opensearch-project/cross-cluster-replication/issues/201
• [x] https://github.com/opensearch-project/opensearch-go/issues/71
• [x] https://github.com/opensearch-project/opensearch-java/issues/39
• [x] https://github.com/opensearch-project/opensearch-py/issues/80
• [x] https://github.com/opensearch-project/opensearch-js/issues/180
• [x] https://github.com/opensearch-project/helm-charts/issues/76
• [x] https://github.com/opensearch-project/ansible-playbook/issues/4
• [x] https://github.com/opensearch-project/opensearch-dashboards-functional-test/issues/6
• [x] https://github.com/opensearch-project/opensearch-dashboards-test-library/issues/3
• [x] https://github.com/opensearch-project/opensearch-ci/issues/19
• [x] https://github.com/opensearch-project/helm-charts/issues/100

[peternied]

To fan this issue out to all repos, this is the command:

meta exec "gh issue create --label enhancement --title 'Ensure DCO Check' --body-file ../issue.md"

issue.md:

A Developer Certificate of Origin is required on commits in the OpenSearch-Project.

See doc.yml for an example workflow. Ensure CONTRIBUTING.md to has a section on the DCO per the project template.

• [ ] DCO Check Workflow
• [ ] CONTRIBUTING.md DCO Section

@dblock mind reviewing this before I pull the trigger?

[dblock]

You'll want the child issue linked to this one (or another parent) that can be updated easily in case instructions need to evolve, and be a little more prescriptive scoped for the repo in which the issue is opened. Plus DCO.yml should not be DOC.yml ;)

Coming from https://github.com/opensearch-project/project-meta/issues/17.

A Developer Certificate ... (I would drop not all repositories ...).

See [dco.yml](https://github.com/opensearch-project/.github/blob/main/workflow/dco.yml) for an example. Ensure that CONTRIBUTING has a section ...

- [ ] ... 

When you run meta it will execute in a subdirectory of the project, so you'll need to make issue.md and reference it as ../issue.md.

[vchrombie]

coming from https://github.com/opensearch-project/opensearch-py/issues/80#issuecomment-931543356

in short, the dco bot can be configured at the organization level and it doesn't need any github action workflows.

I just wanted to comment about the other options available. Please feel free to proceed with whatever option the organisation maintainers prefer. Thanks.

[peternied]

Initially we considered using that DCO bot and choose not to due to its requirement to access private repositories.

This option seems like the best path forward to stop the manually inspection ever commit in a pull requests

[dbbaughe]

@peternied Instead of having everyone go and create duplicate github workflows across all the repositories, do you want to create workflow template in the .github repository and then all repos can reuse that workflow without having to duplicate?

https://docs.github.com/en/actions/learn-github-actions/creating-workflow-templates https://docs.github.com/en/actions/learn-github-actions/reusing-workflows

This probably applies to quite a few different workflows we have, we can take everything common in the different repositories, define them in a single place (.github repo) and reuse so the actual workflow definition if needed to be changed can be done in one place.

[peternied]

@dbbaughe Looking atcalling-a-reusable-workflow would look something like this with already checked in version of this workflow:

jobs:
  dco-check:
    uses: opensearch-project/.github/workflows/doc.yml@main

Could you try that out and see if we should change the instructions on the issues?

[dbbaughe]

@peternied Based on the creating-workflow-templates part it seems the reusable templates must be in a directory called workflow-templates along w/ some json properties file before they can be used.

[peternied]

I'll drill in more next week, great suggestion

[peternied]

@dbbaughe I've attempted to follow the instructions with my own organization, but haven't been able to get it to work. If you can get it to work I would be happy to update the instructions on all the issues.

In either case, each team will still need to create a workflow and update its CONTRIBUTING.md