🔷 Open Development Project: The implementation is a preview release for community feedback.
DCOs are a simple way to have contributors agree to terms present in a DCO.md file whenever they commit to your repository.
It is assurance for you that every commit adheres to the terms present in git at the time of the commit.
This project contains tools to facilitate a DCO process for any project.
No outside service is required. Use github actions for signature verification on pull requests.
Create a DCO.md file and sign.
A great template for open source projects is: https://developercertificate.org
# Run once to sign DCO
bunx @stream44.studio/dco sign [--signing-key ~/.ssh/key]
# Like 'git commit' but with signature
bunx @stream44.studio/dco commit [--signing-key ~/.ssh/key] <git arguments>
See Git Commit Script below.
bunx @stream44.studio/dco validate
Also see Github Action below.
Use dco push to combine unsigned local commits on a branch into a single DCO-signed commit and push:
bunx @stream44.studio/dco push [-m "<commit message>"] [-- <git push args>]
This is the recommended workflow for contributors:
- Work on a feature branch, committing freely without
--signoff - When ready to push, run
dco push - The tool finds the last signed commit on the branch, soft-resets to it, runs the DCO signing process, and creates a single signed commit with all your changes
- The signed commit is then pushed to the remote
The push command will:
- Verify you are on a feature branch (not
mainormaster) - Verify there are no pending uncommitted changes
- Find the last
Signed-off-bycommit on the branch - Soft-reset to that commit, preserving all changes in the working tree
- Run the DCO commit process to create a single signed commit
- Push to the remote with any additional arguments you provide
The script provides a nice experience for contributors of your project.
Instead of running git commit ..., run commit.sh ....
The first time you run the script you will see the DCO terms of the repository you are comitting to so you can agree.
It will add an entry in .dco-signatures to record the signature and commit the change.
It will then always add --signoff to every git commit invocation in order to sign off on the commit.
These are the details from git commit --help:
-s, --signoff, --no-signoff
Add a Signed-off-by trailer by the committer at the end of the commit log message.
The meaning of a signoff depends on the project to which you’re committing.
For example, it may certify that the committer has the rights to submit the work under the project’s license
or agrees to some contributor representation, such as a Developer Certificate of Origin.
(See https://developercertificate.org for the one used by the Linux kernel and Git projects.)
Consult the documentation or leadership of the project to which you’re contributing to understand how
the signoffs are used in that project.
Optionally a signing key can be supplied to cryptographically sign commits as well. The fingreprint of the signing
key will be sored in the .dco-signatures file.
A project can choose to require signing keys or not by setting enforceSignatureFingerprints for the github action.
Ensures all commits were signed off my signatures recorded in .dco-signatures.
The github action enforces DCO sign-offs by ensuring all commits have a Signed-off-by: Jane Doe <jane@example.com>
line in the respective commit messages and the same is found in .dco-signatures.
Add to .github/workflows/dco.yaml in your repository:
name: DCO Signatures
on: [push, pull_request]
jobs:
dco:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: Stream44/dco@main
with:
enforceSignatureFingerprints: true
Repository DID: did:repo:e3dba74f7c42b469939efd8ab6aef8358c496cbd
| Inception Mark |  |
Current Mark |  |
Trust established using Stream44/t44-BlockchainCommons.com |
(c) 2026 Christoph.diy • Code: MIT • Text: CC-BY • Created with Stream44.Studio