tucker01
commented
6 years ago Not sure what Github supports, but a local project hook would probably be good too. Thanks for opening 😄
Closed MarkAckert closed 5 years ago
tucker01
commented
6 years ago Not sure what Github supports, but a local project hook would probably be good too. Thanks for opening 😄
ghost
commented
6 years ago Looked into this a bit and we might be able to do something like this link says: https://stackoverflow.com/questions/427207/can-git-hook-scripts-be-managed-along-with-the-repository.
After doing this, we might be able to use a .gitconfig file to point to the folder containing the hooks and create a hook to do the check.
Just have to be careful to make sure that the dco tool (https://github.com/coderanger/dco) will still work with this mechanism.
hogstrom
commented
6 years ago Agree. I spent some time Thursday amending an older commit
+1 from me
Matt Hogstrom PGP key 0F143BC1
On Sep 28, 2018, at 10:27, Mark Ackert notifications@github.com wrote:
Developers often forget to sign their commits, especially if working with tooling that doesn't support signed commits by default. Rebasing a branch or other remedial steps for a long history of unsigned commits is painful at best. We should implement post-commit hooks in all repositories to block unsigned commits.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
jmertic
commented
6 years ago I presuming the workflow of commit checks you are looking at is for those that are not done via pull request ( which is where the existing DCO bot does do the checks ) - is that accurate?
MarkAckert
commented
6 years ago Correct - the workflow is to check primarily commits made in branches. By the time we issue a PR to merge into master we sometimes have a history of unsigned commits.
jmertic
commented
6 years ago Appreciate that insight Mark!
So the challenge is as you mentioned - commit hooks go it in the .git directory of a repo tree which isn't versioned. There are hacks around it, but all of those require local configurations which sound like just as much work telling everyone to use the dco tool (https://github.com/coderanger/dco) mentioned. Not sure if you see that tool as lacking or having issues with it - let me know.
MarkAckert
commented
6 years ago I think the coderanger tool should fulfill our needs for now - every other option is nontrivial as we don't have server-side hooks.
I'll work on a small script that checks for and sets 'dco enable' in the current working repo for convenience.
hogstrom
commented
5 years ago Closing per ZLC discussion
Developers often forget to sign their commits, especially if working with tooling that doesn't support signed commits by default. Rebasing a branch or other remedial steps for a long history of unsigned commits is painful at best. We should implement pre-receive hooks in all repositories to block unsigned commits.