Skip to content

fix: add Signed-off-by to autobump commit message for DCO compliance#19

Merged
yordis merged 3 commits intomainfrom
fix-dco-signoff-in-bump-commits
Mar 10, 2026
Merged

fix: add Signed-off-by to autobump commit message for DCO compliance#19
yordis merged 3 commits intomainfrom
fix-dco-signoff-in-bump-commits

Conversation

@yordis
Copy link
Copy Markdown
Member

@yordis yordis commented Mar 10, 2026

Bot-created bump PRs fail DCO because the commit lacks a Signed-off-by trailer. Adds it to the commit-message in the create-pull-request step.

yordis added 3 commits March 9, 2026 21:25
@yordis
fix: use feat commit type for formula bumps so release-please tracks …
79d7670 
…them

chore commits are hidden from release-please, meaning merged bump PRs
would never trigger a new tap release.

Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com>
@yordis
Merge branch 'main' of github.com:TrogonStack/homebrew-tap
905b9dc
@yordis
fix: add Signed-off-by to autobump commit message for DCO compliance
bb726f0 
Bot-created bump PRs were failing DCO because the commit lacked a
Signed-off-by trailer.

Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com>
@cursor
Copy link
Copy Markdown

cursor Bot commented Mar 10, 2026
edited
Loading

PR Summary

Low Risk
Single-line change to a CI workflow commit message; low blast radius beyond how autobump PR commits are authored.

Overview
Updates the Autobump Formulas GitHub Actions workflow so bot-created bump PR commits include a Signed-off-by: TrogonStack Bot <bot@trogonstack.com> trailer in the create-pull-request commit-message, improving DCO compliance for automated formula bump PRs.

Written by Cursor Bugbot for commit bb726f0. This will update automatically on new commits. Configure here.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 10, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ae6f240a-a188-4248-a72e-773ea0f87daf

📥 Commits

Reviewing files that changed from the base of the PR and between d0c38b8 and bb726f0.

📒 Files selected for processing (1)
  • .github/workflows/autobump.yml

Walkthrough

The autobump workflow commit message is updated to include a Signed-off-by metadata line. The change adds a blank line separator after the version bump line and appends a Signed-off-by attribution, modifying the commit message format without altering other workflow logic.

Changes

Cohort / File(s) Summary
Workflow Configuration
.github/workflows/autobump.yml		 Added Signed-off-by line and blank line separator to the "Open PR" step commit message format.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

Poem

🐰 A signature hop, a line that's aligned,
The bot now signs off with care and with grace,
Metadata marked in each commit we trace! ✨

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix-dco-signoff-in-bump-commits

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@yordis yordis merged commit 05f3346 into main Mar 10, 2026
3 of 4 checks passed
@yordis yordis deleted the fix-dco-signoff-in-bump-commits branch March 10, 2026 01:32
@sht-bot sht-bot mentioned this pull request Mar 10, 2026
Merged
cursor[bot]
cursor Bot reviewed Mar 10, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Comment thread .github/workflows/autobump.yml
with:
token: ${{ secrets.GH_PAT_RELEASE_PLEASE_ACTION }}
commit-message: "feat: bump ${{ matrix.formula }} to ${{ steps.upstream.outputs.version }}"
commit-message: "feat: bump ${{ matrix.formula }} to ${{ steps.upstream.outputs.version }}\n\nSigned-off-by: TrogonStack Bot <bot@trogonstack.com>"
Copy link
Copy Markdown

@cursor cursor Bot Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Signed-off-by email won't match default commit author

Medium Severity

The Signed-off-by trailer specifies TrogonStack Bot <bot@trogonstack.com>, but no author or committer inputs are set on the create-pull-request step. The action defaults to github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> as the commit author. The widely-used probot DCO checker requires the Signed-off-by email to match the commit author email — so DCO checks will likely still fail despite this change.

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yordis