| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 |
- name: DCO
- on:
- push:
- branches: [ "main" ]
- pull_request:
- branches: [ "main" ]
- workflow_dispatch:
- env:
- CARGO_UNSTABLE_SPARSE_REGISTRY: true
- CARGO_TERM_COLOR: always
- jobs:
- check-commit-signatures:
- name: Check all commit signatures
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v4
- with:
- fetch-depth: 0 # 获取完整提交历史以访问所有PR提交
- - name: Verify all commits are signed
- run: |
- if [ -n "$GITHUB_BASE_REF" ]; then
- echo "Pull Request detected. Using base ref: $GITHUB_BASE_REF"
- # 拉取目标分支的最新状态
- git fetch origin $GITHUB_BASE_REF
- RANGE="origin/$GITHUB_BASE_REF..HEAD"
- else
- echo "Not Pull Request, checking one latest commit"
- # 如果不是 PR,则只检查最近一次提交(可根据实际情况调整)
- RANGE="HEAD~1..HEAD"
- fi
- commits=$(git rev-list $RANGE)
-
- if [ -z "$commits" ]; then
- echo "Error: No commits found in the pull request range."
- exit 1
- fi
- PASS=1
- for COMMIT in $commits; do
- echo "Checking commit $COMMIT"
- PARENTS=$(git log -1 --format='%P' "$COMMIT")
- NUM_PARENTS=$(echo "$PARENTS" | wc -w)
- if [ "$NUM_PARENTS" -gt 1 ]; then
- echo "Commit $COMMIT is a merge commit, skipping signature check."
- continue
- fi
- COMMIT_MSG=$(git log -1 --format=%B $COMMIT)
- if echo "$COMMIT_MSG" | grep -q "Signed-off-by:"; then
- echo ":) Commit $COMMIT is signed."
- else
- echo ":( Commit $COMMIT is NOT signed."
- echo "Commit information: "
- git log -1 $COMMIT
- PASS=0
- fi
- done
- if [ "$PASS" -eq 1 ]; then
- echo "✔ All commits are properly signed!"
- else
- echo "❌ At least one commit is not properly signed (using Signed-off-by)."
- exit 1
- fi
- - name: Print authors' information
- run: |
- if [ -n "$GITHUB_BASE_REF" ]; then
- git fetch origin $GITHUB_BASE_REF
- RANGE="origin/$GITHUB_BASE_REF..HEAD"
- else
- RANGE="HEAD~1..HEAD"
- fi
- git log --pretty="format:%h - %an <%ae> [%G?]" $RANGE
|
