On Wed, Apr 22, 2020 at 06:11:13PM +0200, Andrea Bolognani wrote: > On Wed, 2020-04-22 at 15:37 +0100, Daniel P. Berrangé wrote: > > +# Check that all commits are signed-off for the DCO. Skip > > +# on master branch and -maint branches, since we only need > > +# to test developer's personal branches. > > +check-dco: > > + stage: prebuild > > + image: registry.gitlab.com/libvirt/libvirt-ci/check-dco:master > > + script: > > + - /check-dco > > + only: > > + - branches > > + except: > > + - master > > You're not actually skipping the -maint branches here, so either > you need to change this to > > except: > - /^v.*-maint$/ > - master > > which libvirt currently uses, or to drop the mention of -maint > branches from the comment. > > Why is it that we want to skip those branches, anyway? I get why > they're not necessary in a MR-based workflow, but we're not quite > there yet... This was an inexact way to stop the checks running against the master repo, after the patches have been merged. The flaw in this is that a user could indeed open a merge request that uses a "master" or "v*maint" branch in their private fork, rather than a named feature branch. Really we want it to run on all commits in a user's fork, but not run in the master repos post-merge. > Actually, now that we're using GitLab as the primary repository, > how are we ensuring commits without DCO don't slip in? We had a > hook that took care of that on libvirt.org - was something like > that introduced on GitLab? It isn't as strict as before - there's a push rule that requires the word "Signed-off-by" in the commit message: https://libvirt.org/newreposetup.html Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
