| # reusable workflow |
| name: .dco |
| |
| # TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025 |
| |
| # Default to 'contents: read', which grants actions to read commits. |
| # |
| # If any permission is set, any permission not included in the list is |
| # implicitly set to "none". |
| # |
| # see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions |
| permissions: |
| contents: read |
| |
| on: |
| workflow_call: |
| |
| env: |
| ALPINE_VERSION: "3.21" |
| |
| jobs: |
| run: |
| runs-on: ubuntu-24.04 |
| timeout-minutes: 10 # guardrails timeout for the whole job |
| steps: |
| - |
| name: Checkout |
| uses: actions/checkout@v4 |
| with: |
| fetch-depth: 0 |
| - |
| name: Dump context |
| uses: actions/github-script@v7 |
| with: |
| script: | |
| console.log(JSON.stringify(context, null, 2)); |
| - |
| name: Get base ref |
| id: base-ref |
| uses: actions/github-script@v7 |
| with: |
| result-encoding: string |
| script: | |
| if (/^refs\/pull\//.test(context.ref) && context.payload?.pull_request?.base?.ref != undefined) { |
| return context.payload.pull_request.base.ref; |
| } |
| return context.ref.replace(/^refs\/heads\//g, ''); |
| - |
| name: Validate |
| run: | |
| docker run --rm \ |
| --quiet \ |
| -v ./:/workspace \ |
| -w /workspace \ |
| -e VALIDATE_REPO \ |
| -e VALIDATE_BRANCH \ |
| alpine:${{ env.ALPINE_VERSION }} sh -c 'apk add --no-cache -q bash git openssh-client && git config --system --add safe.directory /workspace && hack/validate/dco' |
| env: |
| VALIDATE_REPO: ${{ github.server_url }}/${{ github.repository }}.git |
| VALIDATE_BRANCH: ${{ steps.base-ref.outputs.result }} |
