[libvirt-jenkins-ci PATCH] dco: build and publish a container image for DCO check

Daniel P. Berrangé berrange at redhat.com
Wed Apr 8 11:54:40 UTC 2020


This builds a container image containing the DCO checking script.
It is then published at:

   registry.gitlab.com/libvirt/libvirt-jenkins-ci/check-dco:master

from where it can be used in all other project repositories. This
avoids having to copy the check-dco.py script into every repo
when we want to make changes to it.

Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
 .gitlab-ci.yml         | 39 +++++++++++++++++
 check-dco/Dockerfile   |  6 +++
 check-dco/check-dco.py | 99 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 144 insertions(+)
 create mode 100644 .gitlab-ci.yml
 create mode 100644 check-dco/Dockerfile
 create mode 100755 check-dco/check-dco.py

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..83b0d64
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,39 @@
+
+stages:
+  - containers
+  - postbuild
+
+.build_container_template: &build_container_definition
+  image: docker:stable
+  stage: containers
+  services:
+    - docker:dind
+  before_script:
+    - docker info
+    - docker login registry.gitlab.com -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD}
+  script:
+    - docker build --tag ${CI_REGISTRY_IMAGE}/${NAME}:${CI_COMMIT_REF_SLUG} -f ${NAME}/Dockerfile ${NAME}
+    - docker push ${CI_REGISTRY_IMAGE}/${NAME}:${CI_COMMIT_REF_SLUG}
+  after_script:
+    - docker logout
+
+build-dco:
+  <<: *build_container_definition
+  variables:
+    NAME: check-dco
+
+# Check that all commits are signed-off for the DCO. Skip
+# on master branch and -maint branches, since we only need
+# to test developer's personal branches.
+check-dco:
+  # In most projects we'd put this in a "prebuild", but this
+  # repo is a special case as we need to actually build the
+  # container first!
+  stage: postbuild
+  image: ${CI_REGISTRY_IMAGE}/check-dco:${CI_COMMIT_REF_SLUG}
+  script:
+    - /check-dco.py
+  only:
+    - branches
+  except:
+    - master
diff --git a/check-dco/Dockerfile b/check-dco/Dockerfile
new file mode 100644
index 0000000..86cada7
--- /dev/null
+++ b/check-dco/Dockerfile
@@ -0,0 +1,6 @@
+FROM centos:8
+
+RUN dnf -y install python3 git && \
+    dnf -y clean all
+
+COPY check-dco.py check-dco.py
diff --git a/check-dco/check-dco.py b/check-dco/check-dco.py
new file mode 100755
index 0000000..f8204ca
--- /dev/null
+++ b/check-dco/check-dco.py
@@ -0,0 +1,99 @@
+#!/usr/bin/env python3
+#
+# ci-job.py: validate all commits are signed off
+#
+# Copyright (C) 2020 Red Hat, Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see
+# <http://www.gnu.org/licenses/>.
+
+import os
+import os.path
+import sys
+import subprocess
+
+cwd = os.getcwd()
+reponame = os.path.basename(cwd)
+repourl = "https://gitlab.com/libvirt/%s.git" % reponame
+
+subprocess.check_call(["git", "remote", "add", "dcocheck", repourl])
+subprocess.check_call(["git", "fetch", "dcocheck", "master"],
+                      stdout=subprocess.DEVNULL,
+                      stderr=subprocess.DEVNULL)
+
+ancestor = subprocess.check_output(["git", "merge-base", "dcocheck/master", "HEAD"],
+                                   universal_newlines=True)
+
+ancestor = ancestor.strip()
+
+subprocess.check_call(["git", "remote", "rm", "dcocheck"])
+
+errors = False
+
+print("\nChecking for 'Signed-off-by: NAME <EMAIL>' on all commits since %s...\n" % ancestor)
+
+log = subprocess.check_output(["git", "log", "--format=%H %s", ancestor + "..."],
+                              universal_newlines=True)
+
+if log == "":
+    commits = []
+else:
+    commits = [[c[0:40], c[41:]] for c in log.strip().split("\n")]
+
+for sha, subject in commits:
+
+    msg = subprocess.check_output(["git", "show", "-s", sha],
+                                  universal_newlines=True)
+    lines = msg.strip().split("\n")
+
+    print("🔍 %s %s" % (sha, subject))
+    sob = False
+    for line in lines:
+        if "Signed-off-by:" in line:
+            sob = True
+            if "localhost" in line:
+                print("    ❌ FAIL: bad email in %s" % line)
+                errors = True
+
+    if not sob:
+        print("    ❌ FAIL missing Signed-off-by tag")
+        errors = True
+
+if errors:
+    print("""
+
+❌ ERROR: One or more commits are missing a valid Signed-off-By tag.
+
+
+This project requires all contributors to assert that their contributions
+are provided in compliance with the terms of the Developer's Certificate
+of Origin 1.1 (DCO):
+
+  https://developercertificate.org/
+
+To indicate acceptance of the DCO every commit must have a tag
+
+  Signed-off-by: REAL NAME <EMAIL>
+
+This can be achieved by passing the "-s" flag to the "git commit" command.
+
+To bulk update all commits on current branch "git rebase" can be used:
+
+  git rebase -i master -x 'git commit --amend --no-edit -s'
+
+""")
+
+    sys.exit(1)
+
+sys.exit(0)
-- 
2.24.1




More information about the libvir-list mailing list