Skip to content

chore(hooks): add commit-msg hook to enforce Signed-off-by line in commit messages #6082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(hooks): add commit-msg hook to enforce Signed-off-by line in commit messages #6082

wants to merge 1 commit into from
+31 −1

Conversation

@glevkovich
Copy link
Contributor

@glevkovich glevkovich commented Nov 19, 2025

Although our documentation instructs users to configure their .gitconfig
with gpgsign = true under the [commit] section, we cannot rely solely
on this setting. Users may misconfigure their environment, and third-party contributors might not follow these instructions.

This commit introduces a commit-msg hook that checks for the presence of a Signed-off-by: line in the commit message. The hook does not verify the actual presence of a cryptographic signature. It only checks for the text. We assume the line is auto-generated by git when using the -s flag. A malicious user could bypass this check by manually adding the line, but our goal is to encourage best practices, not to enforce cryptographic validation.

Copilot finished reviewing on behalf of glevkovich November 19, 2025 21:55
Copilot AI reviewed Nov 19, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces a commit-msg hook to enforce the presence of a Signed-off-by: line in commit messages, complementing the existing conventional-commits hook. The hook performs a simple text-based check to encourage contributors to follow the Developer Certificate of Origin (DCO) requirement documented in CONTRIBUTING.md. While users are instructed to use git commit -s which automatically adds this line, this hook provides client-side validation to catch missing signoffs before commits are made.

Key changes:

  • Added signed-commit bash script that validates the presence of "Signed-off-by:" in commit messages
  • Registered the new hook in .pre-commit-config.yaml to run during the commit-msg stage

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
contrib/scripts/signed-commit New bash script that checks for "Signed-off-by:" line in commit messages and exits with error if missing
.pre-commit-config.yaml Adds signed-commit hook configuration to run during commit-msg stage alongside existing conventional-commits hook

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@glevkovich glevkovich force-pushed the glevkovich/pre_commit_enforce_signing branch 3 times, most recently from 3286441 to c3ef4af Compare November 19, 2025 22:39
romange
romange previously approved these changes Nov 20, 2025
View reviewed changes
kostasrim
kostasrim previously approved these changes Nov 20, 2025
View reviewed changes
@glevkovich glevkovich force-pushed the glevkovich/pre_commit_enforce_signing branch from c3ef4af to 49486df Compare November 20, 2025 09:22
@glevkovich glevkovich dismissed stale reviews from romange and kostasrim via a27351b November 20, 2025 09:26
@glevkovich glevkovich force-pushed the glevkovich/pre_commit_enforce_signing branch from 49486df to a27351b Compare November 20, 2025 09:26
@glevkovich glevkovich enabled auto-merge (squash) November 20, 2025 09:27
@glevkovich glevkovich disabled auto-merge November 20, 2025 09:51
@glevkovich glevkovich force-pushed the glevkovich/pre_commit_enforce_signing branch from a27351b to 30dc9e6 Compare November 20, 2025 12:20
Copilot finished reviewing on behalf of glevkovich November 20, 2025 12:24
Copilot AI reviewed Nov 20, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 8 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@glevkovich glevkovich force-pushed the glevkovich/pre_commit_enforce_signing branch from 30dc9e6 to 1525b22 Compare November 20, 2025 13:56
@glevkovich
chore(hooks): enforce Signed-off-by line in commit messages
f2cb180 
Add a commit-msg hook that requires a Signed-off-by line in all commit
messages. This promotes contributor accountability and compliance with
developer sign-off policies. Contributors are encouraged to use the
`git commit -s` flag for all commits.

Note: This hook does not verify if the commit is cryptographically signed;
such validation should be performed in a post-commit hook if required.

Signed-off-by: Gil Levkovich <[email protected]>
@glevkovich glevkovich force-pushed the glevkovich/pre_commit_enforce_signing branch from 1525b22 to f2cb180 Compare November 20, 2025 14:09
@glevkovich glevkovich enabled auto-merge (squash) November 20, 2025 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@romange romange romange left review comments

@kostasrim kostasrim Awaiting requested review from kostasrim

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@glevkovich @romange @kostasrim