ci: migrate to hardened runners, disable publish during freeze #803
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: DCO Check | |
| on: [pull_request] | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| check: | |
| runs-on: | |
| group: databricks-protected-runner-group | |
| labels: linux-ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check for DCO sign-off | |
| id: dco-check | |
| run: | | |
| base_sha="${{ github.event.pull_request.base.sha }}" | |
| head_sha="${{ github.event.pull_request.head.sha }}" | |
| failed=0 | |
| for sha in $(git rev-list "$base_sha".."$head_sha"); do | |
| if ! git log -1 --format='%B' "$sha" | grep -qiE '^Signed-off-by: .+ <.+>'; then | |
| echo "::error::Commit $sha is missing a DCO sign-off" | |
| failed=1 | |
| fi | |
| done | |
| if [ "$failed" -eq 1 ]; then | |
| exit 1 | |
| fi | |
| - name: Comment about DCO status | |
| uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 | |
| if: ${{ failure() }} | |
| with: | |
| script: | | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: `Thanks for your contribution! To satisfy the DCO policy in our \ | |
| [contributing guide](https://github.com/databricks/databricks-sql-nodejs/blob/main/CONTRIBUTING.md) \ | |
| every commit message must include a sign-off message. One or more of your commits is missing this message. \ | |
| You can reword previous commit messages with an interactive rebase (\`git rebase -i main\`).` | |
| }) |