Add config option to not allow 'Set DCO to Pass' button for those with write access

Question

Add config option to not allow 'Set DCO to Pass' button for those with write access

jmertic opened this issue 5 years ago · 16 comments

The DCO is required for all committers and on every non-merge commit for most projects. Having the 'Set DCO to Pass' option removes the paper trail of having commits specifically signed off on.

It would be great to have a config option to have that button not enabled.

Answer 1 · 2019-09-20T17:33:36.000Z

PRs welcome to make it disable-able, but that was a highly requested feature. It is only available for those with write access, ie people who could overwrite the check anyways.

Answer 2 · 2019-09-21T12:17:35.000Z

Is there a different path where someone with Write access could override the check? In reality, maybe Admins should have access to do that.

Answer 3 · 2019-10-16T21:00:03.000Z

Here's that PR -> #120

Answer 4 · 2019-11-04T14:57:09.000Z

Seeing if anyone could review my PR and merge it if applicable

Answer 5 · 2019-11-19T15:29:33.000Z

Bumping this up... @hiimbex

Answer 6 · 2020-02-17T15:56:42.000Z

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

Answer 7 · 2020-02-18T13:58:28.000Z

Blocked by #120 - @hiimbex can you review that PR now that I've made the changes requested?

Answer 8 · 2020-02-18T18:37:09.000Z

hey I just took a look and the pr looks good. I'll try to test it out tonight.. Not sure if there's any good way to write tests for it, but definitely wanna give it a spin locally first - don't want to accidentally break things!

Answer 9 · 2020-02-18T18:38:02.000Z

Sweet - thank you! Not sure on writing tests, but let me know what could work.

Answer 10 · 2020-02-28T15:55:17.000Z

Any updates @hiimbex ?

Answer 11 · 2020-03-30T03:30:53.000Z

Checking back in on this @hiimbex - can you review and let me know if it can be merged?

Answer 12 · 2020-04-17T19:53:16.000Z

Bumping this up @hiimbex - @brianwarner also said he could help review.

Answer 13 · 2020-07-18T06:51:24.000Z

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

Answer 14 · 2020-07-18T14:04:36.000Z

It is - just waiting on @hiimbex and @brianwarner to help get this in :-)

Answer 15 · 2020-10-21T06:04:27.000Z

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

Answer 16 · 2023-03-22T17:50:49.000Z

I just ran into this as well (a team member pressed "Set DCO to Pass", assuming it would just add the missing DCO lines to their commit).

It doesn't make sense that when I configure "Do not allow bypassing the above settings" in the branch protection settings that an administrator cannot bypass other checks without changing branch protection rules again, but any developer with write access can bypass the DCO check.

And it is not visible in the PR view that the check has been bypassed, so the person doing the code review is typically unaware.