You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: add commit signing requirement to CONTRIBUTING.md (#7108)
Add a new "Sign your commits" section to the contributing guidelines
that requires all commits in pull requests to be signed. The section
includes:
- Explanation of the commit signing requirement
- Step-by-step instructions for setting up GPG key signing
- Instructions for automatic commit signing configuration
- Guide for retroactively signing existing commits
This ensures the authenticity and integrity of contributions to the
project.
Copy file name to clipboardExpand all lines: CONTRIBUTING.md
+18Lines changed: 18 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -70,6 +70,24 @@ We follow an all-green policy which means that for any PR to be merged _all_ tes
70
70
71
71
Eventually we plan to look into putting these permission-required tests behind a label which team members can add to their PRs at creation to run the full CI and can add to outside contributor PRs to trigger the CI from their own user credentials. If the label is not present there will be another action which checks the label is present. Rather than showing a bunch of confusing failures to new contributors it would just show a single job failure which indicates an additional label is required, and we can name it in a way that makes it clear that it's not the responsibility of the outside contributor to add it. Something like `approve-full-ci` is one possible choice there.
72
72
73
+
## Sign your commits
74
+
75
+
All commits in a pull request must be signed. We require commit signing to ensure the authenticity and integrity of contributions to the project.
76
+
77
+
**Datadog employees:** We recommend using the [sign-pull-request tool](https://datadoghq.atlassian.net/wiki/spaces/SECENG/pages/5371593157/Easily+sign+commits+with+sign-pull-request+tool) for easy signing of commits.
78
+
79
+
You can also sign your commits manually using one of the following methods:
80
+
81
+
-[Signing commits with GPG](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
82
+
-[Signing commits with SSH](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#ssh-commit-signature-verification)
83
+
-[Signing commits with 1Password](https://developer.1password.com/docs/ssh/git-commit-signing/)
84
+
85
+
If you have already created commits without signing them, you can sign them retroactively by using an interactive rebase:
0 commit comments