From 3525e04cc597e5f30243e4c882a4e316d8c95b43 Mon Sep 17 00:00:00 2001
From: Paul Belanger <pabelanger@redhat.com>
Date: Wed, 9 Jan 2019 11:39:02 -0500
Subject: [PATCH] Add validate-dco-license role

This role can be used to validate all commits have --signedoff header.

Change-Id: I737d3efd730d20c6dd9f4a7cda2aa99125eaa0a0
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
---
 roles/validate-dco-license/README.rst         | 12 +++++++++
 roles/validate-dco-license/defaults/main.yaml |  9 +++++++
 roles/validate-dco-license/tasks/main.yaml    | 25 +++++++++++++++++++
 3 files changed, 46 insertions(+)
 create mode 100644 roles/validate-dco-license/README.rst
 create mode 100644 roles/validate-dco-license/defaults/main.yaml
 create mode 100644 roles/validate-dco-license/tasks/main.yaml

diff --git a/roles/validate-dco-license/README.rst b/roles/validate-dco-license/README.rst
new file mode 100644
index 000000000..2cf9b0ba5
--- /dev/null
+++ b/roles/validate-dco-license/README.rst
@@ -0,0 +1,12 @@
+Validate all commits have Signed-off-by header
+
+**Role Variables**
+
+.. zuul:rolevar:: dco_license_failure
+
+   Message to display when Signed-off-by header is missing.
+
+.. zuul:rolevar:: zuul_work_dir
+   :default: {{ zuul.project.src_dir }}
+
+   Directory to DCO license check in.
diff --git a/roles/validate-dco-license/defaults/main.yaml b/roles/validate-dco-license/defaults/main.yaml
new file mode 100644
index 000000000..2a6712c13
--- /dev/null
+++ b/roles/validate-dco-license/defaults/main.yaml
@@ -0,0 +1,9 @@
+---
+dco_license_failure: |
+  One or more commits have not been signed properly using --signoff.
+
+  The meaning of a signoff depends on the project, but it typically certifies
+  that committer has the rights to submit this work under the same license and
+  agrees to a Developer Certificate of Origin
+  (see http://developercertificate.org/ for more information).
+zuul_work_dir: "{{ zuul.project.src_dir }}"
diff --git a/roles/validate-dco-license/tasks/main.yaml b/roles/validate-dco-license/tasks/main.yaml
new file mode 100644
index 000000000..47228af31
--- /dev/null
+++ b/roles/validate-dco-license/tasks/main.yaml
@@ -0,0 +1,25 @@
+- name: Developer Certificate of Origin (DCO) license check
+  shell:
+    cmd: |
+      set -e
+      result=0
+      for commit in $(git cherry -v origin/{{ zuul.branch }} HEAD | cut -d " " -f2)
+      do
+        if ! git show -s $commit | grep -q "Signed-off-by:"; then
+          echo "---"
+          git show -s $commit
+          echo "---"
+          echo "does not have a Signed-off-by header"
+          result=1
+        fi
+      done
+      exit $result
+    chdir: "{{ zuul_work_dir }}"
+    executable: /bin/bash
+  register: _dco
+  failed_when: _dco.rc > 1
+
+- name: License check failed
+  fail:
+    msg: "{{ dco_license_failure }}"
+  when: _dco.rc != 0