Merge pull request #25 from zoxilsi/master

Author: sapatevaibhav

.github/DCO.md

@@ -0,0 +1,74 @@
+# Developer Certificate of Origin (DCO)
+
+## What is DCO?
+
+The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project.
+
+## How to Sign Off Your Commits
+
+### For New Commits
+Use the `-s` flag when committing:
+```bash
+git commit -s -m "your commit message"
+```
+
+### For Existing Commits
+
+#### Single Commit
+```bash
+git commit --amend -s
+```
+
+#### Multiple Commits
+```bash
+# For the last n commits
+git rebase --signoff HEAD~n
+
+# For all commits in your branch
+git rebase --signoff main
+```
+
+### Manual Sign-off
+Add this line to your commit message:
+```
+Signed-off-by: Your Name <[email protected]>
+```
+
+## DCO Text
+
+By making a contribution to this project, I certify that:
+
+1. The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or
+
+2. The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or
+
+3. The contribution was provided directly to me by some other person who certified (1), (2) or (3) and I have not modified it.
+
+4. I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.
+
+## Troubleshooting
+
+### Check if commits are signed
+```bash
+git log --show-signature
+```
+
+### Configure git for automatic sign-off
+```bash
+git config --global user.name "Your Name"
+git config --global user.email "[email protected]"
+```
+
+### Create an alias for signed commits
+```bash
+git config --global alias.cs 'commit -s'
+```
+
+Then use `git cs -m "message"` instead of `git commit -s -m "message"`.
+
+## Why DCO?
+
+- **Legal Protection**: Provides legal protection for both contributors and maintainers
+- **Simple Process**: Lightweight alternative to Contributor License Agreements (CLAs)
+- **Transparency**: Creates a clear audit trail of contributions
+- **Industry Standard**: Used by major projects like Linux kernel, Docker, and many CNCF projects

.github/workflows/commitlint.yml

@@ -0,0 +1,29 @@
+name: Commitlint
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches: [ master, main ]
+
+jobs:
+  commitlint:
+    runs-on: ubuntu-latest
+    name: Check commit messages
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          npm install --no-save @commitlint/config-conventional @commitlint/cli
+
+      - name: Validate PR commits with commitlint
+        run: npx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose

.github/workflows/dco.yml

@@ -0,0 +1,54 @@
+# Developer Certificate of Origin (DCO) Check
+# This workflow ensures all commits are signed off according to DCO requirements
+# DCO helps establish a clear chain of custody for contributions
+
+name: DCO Check
+
+on:
+  pull_request:
+    # Only run on relevant PR events to save CI resources
+    types: [opened, synchronize, reopened]
+    # Target branches where DCO compliance is required
+    branches: [ master, main ]
+
+jobs:
+  dco-check:
+    runs-on: ubuntu-latest
+    name: Developer Certificate of Origin Check
+    
+    # Add timeout to prevent hanging workflows
+    timeout-minutes: 5
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          # Fetch full history to check all commits in PR
+          fetch-depth: 0
+          # Use token for private repos if needed
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run DCO Check
+        uses: dcoapp/[email protected]
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          # Enable verbose output for better debugging
+          verbose: true
+
+      - name: DCO Check Results
+        if: failure()
+        run: |
+          echo "❌ DCO check failed!"
+          echo "All commits must be signed off with 'Signed-off-by: Your Name <[email protected]>'"
+          echo "To fix this, you can:"
+          echo "1. Add 'Signed-off-by' to your commit messages manually"
+          echo "2. Use 'git commit -s' for future commits"
+          echo "3. Amend existing commits with 'git commit --amend -s'"
+          echo "4. For multiple commits, use 'git rebase --signoff HEAD~n' where n is the number of commits"
+          exit 1
+
+      - name: DCO Check Success
+        if: success()
+        run: |
+          echo "✅ All commits are properly signed off!"
+          echo "DCO compliance verified successfully."