diff --git a/roles/validate-dco-license/README.rst b/roles/validate-dco-license/README.rst new file mode 100644 index 000000000..2cf9b0ba5 --- /dev/null +++ b/roles/validate-dco-license/README.rst @@ -0,0 +1,12 @@ +Validate all commits have Signed-off-by header + +**Role Variables** + +.. zuul:rolevar:: dco_license_failure + + Message to display when Signed-off-by header is missing. + +.. zuul:rolevar:: zuul_work_dir + :default: {{ zuul.project.src_dir }} + + Directory to DCO license check in. diff --git a/roles/validate-dco-license/defaults/main.yaml b/roles/validate-dco-license/defaults/main.yaml new file mode 100644 index 000000000..2a6712c13 --- /dev/null +++ b/roles/validate-dco-license/defaults/main.yaml @@ -0,0 +1,9 @@ +--- +dco_license_failure: | + One or more commits have not been signed properly using --signoff. + + The meaning of a signoff depends on the project, but it typically certifies + that committer has the rights to submit this work under the same license and + agrees to a Developer Certificate of Origin + (see http://developercertificate.org/ for more information). +zuul_work_dir: "{{ zuul.project.src_dir }}" diff --git a/roles/validate-dco-license/tasks/main.yaml b/roles/validate-dco-license/tasks/main.yaml new file mode 100644 index 000000000..47228af31 --- /dev/null +++ b/roles/validate-dco-license/tasks/main.yaml @@ -0,0 +1,25 @@ +- name: Developer Certificate of Origin (DCO) license check + shell: + cmd: | + set -e + result=0 + for commit in $(git cherry -v origin/{{ zuul.branch }} HEAD | cut -d " " -f2) + do + if ! git show -s $commit | grep -q "Signed-off-by:"; then + echo "---" + git show -s $commit + echo "---" + echo "does not have a Signed-off-by header" + result=1 + fi + done + exit $result + chdir: "{{ zuul_work_dir }}" + executable: /bin/bash + register: _dco + failed_when: _dco.rc > 1 + +- name: License check failed + fail: + msg: "{{ dco_license_failure }}" + when: _dco.rc != 0