[DISCUSS] Automated DCO enforcement via bot


Misha Brukman <mbru...@...>
 

Hi all,

Right now, the only bot-automated enforcement is the CLA signature, but not the Developer Certificate of Origin, which is a requirement of The Linux Foundation. This is a bit of a pain to do manually, and I haven't had time to add it to the CLA verification tool we're using.

I noticed some CNCF repos are using this bot:
to do the enforcement automatically, and I (inadvertently) tested it as I didn't realize one of the repos had a DCO requirement, and it worked flawlessly!

What are your thoughts on adding it to the JanusGraph repos? This means it'll be a blocker to PR submission, just like failing Travis CI.

This should have no functional change, since everyone should be signing those commits already; this will just enforce it automatically so it doesn't have to be checked by a human.

Misha


Jason Plurad <plu...@...>
 

Are both the CLA and DCO required for Linux Foundation contributors? It'd be a lot easier if we only needed one or the other.

On Saturday, September 22, 2018 at 9:47:44 PM UTC-4, Misha Brukman wrote:
Hi all,

Right now, the only bot-automated enforcement is the CLA signature, but not the Developer Certificate of Origin, which is a requirement of The Linux Foundation. This is a bit of a pain to do manually, and I haven't had time to add it to the CLA verification tool we're using.

I noticed some CNCF repos are using this bot:
to do the enforcement automatically, and I (inadvertently) tested it as I didn't realize one of the repos had a DCO requirement, and it worked flawlessly!

What are your thoughts on adding it to the JanusGraph repos? This means it'll be a blocker to PR submission, just like failing Travis CI.

This should have no functional change, since everyone should be signing those commits already; this will just enforce it automatically so it doesn't have to be checked by a human.

Misha


Misha Brukman <mbru...@...>
 

The policy is encoded in the JanusGraph project charter; see section 8 "Intellectual property policy", part (b):
  • paragraph (i) requires a CLA
  • paragraph (ii) requires DCO sign-off in addition┬áto the CLA

On Sun, Sep 23, 2018 at 7:56 AM, Jason Plurad <plu...@...> wrote:
Are both the CLA and DCO required for Linux Foundation contributors? It'd be a lot easier if we only needed one or the other.

On Saturday, September 22, 2018 at 9:47:44 PM UTC-4, Misha Brukman wrote:
Hi all,

Right now, the only bot-automated enforcement is the CLA signature, but not the Developer Certificate of Origin, which is a requirement of The Linux Foundation. This is a bit of a pain to do manually, and I haven't had time to add it to the CLA verification tool we're using.

I noticed some CNCF repos are using this bot:
to do the enforcement automatically, and I (inadvertently) tested it as I didn't realize one of the repos had a DCO requirement, and it worked flawlessly!

What are your thoughts on adding it to the JanusGraph repos? This means it'll be a blocker to PR submission, just like failing Travis CI.

This should have no functional change, since everyone should be signing those commits already; this will just enforce it automatically so it doesn't have to be checked by a human.

Misha

--
You received this message because you are subscribed to the Google Groups "JanusGraph developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to janusgraph-dev+unsubscribe@googlegroups.com.
To post to this group, send email to janusgraph-dev@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/janusgraph-dev/56c23514-ea16-40b9-8a28-7e55b2d87f0f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Florian Hockmann <f...@...>
 

+1 on using the bot for these checks.

Am Sonntag, 23. September 2018 03:47:44 UTC+2 schrieb Misha Brukman:

Hi all,

Right now, the only bot-automated enforcement is the CLA signature, but not the Developer Certificate of Origin, which is a requirement of The Linux Foundation. This is a bit of a pain to do manually, and I haven't had time to add it to the CLA verification tool we're using.

I noticed some CNCF repos are using this bot:
to do the enforcement automatically, and I (inadvertently) tested it as I didn't realize one of the repos had a DCO requirement, and it worked flawlessly!

What are your thoughts on adding it to the JanusGraph repos? This means it'll be a blocker to PR submission, just like failing Travis CI.

This should have no functional change, since everyone should be signing those commits already; this will just enforce it automatically so it doesn't have to be checked by a human.

Misha


Chris Hupman <chris...@...>
 

+1 As someone who sometimes forgets to sign his commits I fully support bot checking.


On Monday, October 1, 2018 at 5:44:19 AM UTC-7, Florian Hockmann wrote:
+1 on using the bot for these checks.

Am Sonntag, 23. September 2018 03:47:44 UTC+2 schrieb Misha Brukman:
Hi all,

Right now, the only bot-automated enforcement is the CLA signature, but not the Developer Certificate of Origin, which is a requirement of The Linux Foundation. This is a bit of a pain to do manually, and I haven't had time to add it to the CLA verification tool we're using.

I noticed some CNCF repos are using this bot:
to do the enforcement automatically, and I (inadvertently) tested it as I didn't realize one of the repos had a DCO requirement, and it worked flawlessly!

What are your thoughts on adding it to the JanusGraph repos? This means it'll be a blocker to PR submission, just like failing Travis CI.

This should have no functional change, since everyone should be signing those commits already; this will just enforce it automatically so it doesn't have to be checked by a human.

Misha


Florian Hockmann <f...@...>
 

We now have the DCO bot activated. This pull request that was submitted today already contains a successful check. So, it looks like we don't have to manually check every commit manually any more to ensure that it is signed and contributors get quicker feedback if they didn't sign their commit.
Thanks to Jason who took care of this and activated the DCO bot!

Am Donnerstag, 24. Januar 2019 18:46:15 UTC+1 schrieb Chris Hupman:

+1 As someone who sometimes forgets to sign his commits I fully support bot checking.

On Monday, October 1, 2018 at 5:44:19 AM UTC-7, Florian Hockmann wrote:
+1 on using the bot for these checks.

Am Sonntag, 23. September 2018 03:47:44 UTC+2 schrieb Misha Brukman:
Hi all,

Right now, the only bot-automated enforcement is the CLA signature, but not the Developer Certificate of Origin, which is a requirement of The Linux Foundation. This is a bit of a pain to do manually, and I haven't had time to add it to the CLA verification tool we're using.

I noticed some CNCF repos are using this bot:
to do the enforcement automatically, and I (inadvertently) tested it as I didn't realize one of the repos had a DCO requirement, and it worked flawlessly!

What are your thoughts on adding it to the JanusGraph repos? This means it'll be a blocker to PR submission, just like failing Travis CI.

This should have no functional change, since everyone should be signing those commits already; this will just enforce it automatically so it doesn't have to be checked by a human.

Misha


Chris Hupman <chris...@...>
 

Awesome! Thanks Jason and Florian for getting this added.


On Fri, Mar 1, 2019 at 4:40 AM Florian Hockmann <f...@...> wrote:
We now have the DCO bot activated. This pull request that was submitted today already contains a successful check. So, it looks like we don't have to manually check every commit manually any more to ensure that it is signed and contributors get quicker feedback if they didn't sign their commit.
Thanks to Jason who took care of this and activated the DCO bot!

Am Donnerstag, 24. Januar 2019 18:46:15 UTC+1 schrieb Chris Hupman:
+1 As someone who sometimes forgets to sign his commits I fully support bot checking.

On Monday, October 1, 2018 at 5:44:19 AM UTC-7, Florian Hockmann wrote:
+1 on using the bot for these checks.

Am Sonntag, 23. September 2018 03:47:44 UTC+2 schrieb Misha Brukman:
Hi all,

Right now, the only bot-automated enforcement is the CLA signature, but not the Developer Certificate of Origin, which is a requirement of The Linux Foundation. This is a bit of a pain to do manually, and I haven't had time to add it to the CLA verification tool we're using.

I noticed some CNCF repos are using this bot:
to do the enforcement automatically, and I (inadvertently) tested it as I didn't realize one of the repos had a DCO requirement, and it worked flawlessly!

What are your thoughts on adding it to the JanusGraph repos? This means it'll be a blocker to PR submission, just like failing Travis CI.

This should have no functional change, since everyone should be signing those commits already; this will just enforce it automatically so it doesn't have to be checked by a human.

Misha

--
You received this message because you are subscribed to a topic in the Google Groups "JanusGraph developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/janusgraph-dev/kuglHrvp4Jc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to janusgr...@....
To post to this group, send email to janusgr...@....
To view this discussion on the web visit https://groups.google.com/d/msgid/janusgraph-dev/b26dc4b1-adcf-4dd1-93a1-f100d250d7d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.