diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml new file mode 100644 index 000000000..bacbcb17a --- /dev/null +++ b/.github/workflows/commits.yml @@ -0,0 +1,42 @@ +name: Commits +on: + - pull_request + +permissions: + contents: read + +jobs: + dco-check: + permissions: + pull-requests: read # for tim-actions/get-pr-commits to get list of commits from the PR + name: Signed-off-by (DCO) and branch target + runs-on: ubuntu-22.04 + steps: + - name: Get PR Commits + id: 'get-pr-commits' + uses: tim-actions/get-pr-commits@master + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Check that all commits are signed-off + uses: tim-actions/dco@master + with: + commits: ${{ steps.get-pr-commits.outputs.commits }} + + - name: Check branch target + env: + TARGET: ${{ github.event.pull_request.base.ref }} + TITLE: ${{ github.event.pull_request.title }} + if: ${{ github.actor != 'dependabot[bot]' }} + run: | + set -x + TARGET_FROM_PR_TITLE="$(echo "${TITLE}" | sed -n 's/.*(\(\(latest\|[0-9]\.[0-9]\)-\(edge\|candidate\)\))$/\1/p')" + if [ -z "${TARGET_FROM_PR_TITLE}" ]; then + TARGET_FROM_PR_TITLE="latest-edge" + else + echo "Branch target overridden from PR title" + fi + [ "${TARGET}" = "${TARGET_FROM_PR_TITLE}" ] && exit 0 + + echo "Invalid branch target: ${TARGET} != ${TARGET_FROM_PR_TITLE}" + exit 1