Skip to content

Commit 8ace316

Browse files
authored
fix(ci): allowlist dependabot for DCO (#1202)
Signed-off-by: John Myers <9696606+johntmyers@users.noreply.github.com>
1 parent 152d059 commit 8ace316

3 files changed

Lines changed: 3 additions & 3 deletions

File tree

.github/workflows/dco.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
path-to-signatures: "dco-signatures.json"
3939
path-to-document: "https://github.com/NVIDIA/OpenShell/blob/main/DCO"
4040
branch: "signatures"
41-
allowlist: dependabot
41+
allowlist: "dependabot[bot]"
4242
create-file-commit-message: "chore: create file to store dco signatures"
4343
signed-commit-message: "chore: $contributorName has signed the dco in #$pullRequestNo"
4444
custom-notsigned-prcomment: >-

CI.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ Both are required to merge once the corresponding `E2E Gate` checks are marked r
2121

2222
copy-pr-bot decides whether to mirror a PR automatically based on whether the author is trusted. For org members and collaborators, "trusted" means **all commits in the PR are cryptographically signed**. Unsigned commits, even from an org member, force the bot to wait for a maintainer's `/ok to test <SHA>`.
2323

24-
DCO sign-off (`-s` / `Signed-off-by`) is a separate requirement and does not count as commit signing.
24+
DCO sign-off (`-s` / `Signed-off-by`) is a separate requirement and does not count as commit signing. Dependabot-authored dependency update PRs are allowlisted in DCO Assistant because the bot cannot sign commits.
2525

2626
### One-time setup with an SSH key
2727

CONTRIBUTING.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -271,7 +271,7 @@ chore(deps): bump tokio to 1.40
271271

272272
### DCO
273273

274-
All contributions must include a `Signed-off-by` line in each commit message. This certifies you have the right to submit the work under the project license. See the [Developer Certificate of Origin](https://developercertificate.org/).
274+
All human contributions must include a `Signed-off-by` line in each commit message. This certifies you have the right to submit the work under the project license. See the [Developer Certificate of Origin](https://developercertificate.org/). Dependabot-authored dependency update PRs are allowlisted because the bot cannot sign commits.
275275

276276
```bash
277277
git commit -s -m "feat(sandbox): add new capability"

0 commit comments

Comments
 (0)