Conversation
Signed-off-by: joshvanl <me@joshvanl.dev>
There was a problem hiding this comment.
Pull request overview
Adds a post-processing step to the reusable backport workflow to amend created backport commits with a DCO Signed-off-by trailer, aiming to keep backported commits compliant with DCO requirements.
Changes:
- Checks out the repository after running
tibdex/backport. - Iterates over backport branches for the merged PR and amends the latest commit with
--signoff, then force-pushes the updated commit.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| with: | ||
| github_token: ${{ secrets.dapr_bot_token }} | ||
| - uses: actions/checkout@v4 | ||
| with: |
There was a problem hiding this comment.
actions/checkout is using the default GITHUB_TOKEN, but this reusable workflow sets permissions: {} and the later git push will therefore run without a token that can write to origin. As a result, the force-push is very likely to fail. Pass ${{ secrets.dapr_bot_token }} to actions/checkout (and keep credentials persisted) or otherwise configure git credentials so that pushes authenticate with the bot token.
| with: | |
| with: | |
| token: ${{ secrets.dapr_bot_token }} | |
| persist-credentials: true |
| AUTHOR_NAME=$(git log -1 --format='%an') | ||
| AUTHOR_EMAIL=$(git log -1 --format='%ae') | ||
| git -c user.name="${AUTHOR_NAME}" -c user.email="${AUTHOR_EMAIL}" commit --amend --signoff --no-edit |
There was a problem hiding this comment.
This only amends HEAD, so if the backport branch contains multiple commits (e.g., a rebase-merged PR with several commits), only the last commit gets a DCO signoff and earlier commits remain unsigned. If the intent is to ensure DCO compliance for the whole backport, update the workflow to add signoffs to all commits on the backport branch (for example by rebasing with signoff or otherwise rewriting each commit), then force-push once.
| AUTHOR_NAME=$(git log -1 --format='%an') | |
| AUTHOR_EMAIL=$(git log -1 --format='%ae') | |
| git -c user.name="${AUTHOR_NAME}" -c user.email="${AUTHOR_EMAIL}" commit --amend --signoff --no-edit | |
| TARGET_BRANCH="${BRANCH#backport-${PR_NUMBER}-to-}" | |
| git fetch origin "${TARGET_BRANCH}" | |
| AUTHOR_NAME=$(git log -1 --format='%an') | |
| AUTHOR_EMAIL=$(git log -1 --format='%ae') | |
| GIT_COMMITTER_NAME="${AUTHOR_NAME}" GIT_COMMITTER_EMAIL="${AUTHOR_EMAIL}" git rebase --signoff "origin/${TARGET_BRANCH}" |
| - name: Add DCO signoff to backport commits | ||
| run: | | ||
| PR_NUMBER="${{ github.event.pull_request.number }}" | ||
| for BRANCH in $(git ls-remote --heads origin | grep "backport-${PR_NUMBER}-to-" | awk '{print $2}' | sed 's|refs/heads/||'); do |
There was a problem hiding this comment.
The branch discovery pipeline uses grep with a regular expression; using a fixed-string match (grep -F) (or anchoring the pattern) would avoid any accidental regex interpretation and make the intent clearer when matching backport-${PR_NUMBER}-to-... branch names.
| for BRANCH in $(git ls-remote --heads origin | grep "backport-${PR_NUMBER}-to-" | awk '{print $2}' | sed 's|refs/heads/||'); do | |
| for BRANCH in $(git ls-remote --heads origin | grep -F "backport-${PR_NUMBER}-to-" | awk '{print $2}' | sed 's|refs/heads/||'); do |
|
I added |
No description provided.