diff options
| -rw-r--r-- | .drone.yml | 8 | ||||
| -rw-r--r-- | CONTRIBUTING.md | 25 | ||||
| -rw-r--r-- | build/signed-off-checker.php | 120 | ||||
| -rw-r--r-- | contribute/HowToApplyALicense.md | 46 | ||||
| -rw-r--r-- | contribute/developer-certificate-of-origin | 35 |
5 files changed, 234 insertions, 0 deletions
diff --git a/.drone.yml b/.drone.yml index 4b6dd4e9142..51e835cc34d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -26,6 +26,13 @@ pipeline: when: matrix: TESTS: app-check-code + signed-off-check: + image: nextcloudci/php7.0:php7.0-2 + commands: + - php ./build/signed-off-checker.php + when: + matrix: + TESTS: signed-off-check syntax-php5.6: image: nextcloudci/php5.6:php5.6-2 commands: @@ -153,6 +160,7 @@ pipeline: matrix: include: + - TESTS: signed-off-check - TESTS: integration - TESTS: jsunit - TESTS: check-autoloader diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5e02664c919..f1ce07a8040 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -29,11 +29,36 @@ Thanks for wanting to contribute source code to Nextcloud. That's great! Please read the [Developer Manuals][devmanual] to learn how to create your first application or how to test the Nextcloud code with PHPUnit. +### Tests + In order to constantly increase the quality of our software we can no longer accept pull request which submit un-tested code. It is a must have that changed and added code segments are unit tested. In some areas unit testing is hard (aka almost impossible) as of today - in these areas refactoring WHILE fixing a bug is encouraged to enable unit testing. +### Sign your work + +We use the Developer Certificate of Origin (DCO) as a additional safeguard +for the Nextcloud project. This is a well established and widely used +mechanism to assure contributors have confirmed their right to license +their contribution under the project's license. +Please read [contribute/developer-certificate-of-origin][dcofile]. +If you can certify it, then just add a line to every git commit message: + +```` + Signed-off-by: Random J Developer <random@developer.example.org> +```` + +Use your real name (sorry, no pseudonyms or anonymous contributions). +If you set your `user.name` and `user.email` git configs, you can sign your +commit automatically with `git commit -s`. + +### Apply a license + +In case you are not sure how to add or update the license header correctly please have a look at [contribute/HowToApplyALicense.md][applyalicense] + [devmanual]: https://docs.nextcloud.org/server/10/developer_manual/ +[dcofile]: https://github.com/nextcloud/server/blob/master/contribute/developer-certificate-of-origin +[applyalicense]: https://github.com/nextcloud/server/blob/master/contribute/HowToApplyALicense.md ## Translations Please submit translations via [Transifex][transifex]. diff --git a/build/signed-off-checker.php b/build/signed-off-checker.php new file mode 100644 index 00000000000..d97f4cf48b7 --- /dev/null +++ b/build/signed-off-checker.php @@ -0,0 +1,120 @@ +<?php +/** + * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch> + * + * @author Lukas Reschke <lukas@statuscode.ch> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +/** + * Script to verify that all commits have been signed-off, if a commit doesn't end + * with a signed-off message the script is failing. + */ +$baseDir = __DIR__ . '/../'; + +$pullRequestNumber = getenv('DRONE_PULL_REQUEST'); + +if(!is_string($pullRequestNumber) || $pullRequestNumber === '') { + echo("The environment variable DRONE_PULL_REQUEST has no proper value.\n"); + exit(1); +} + +$ch = curl_init(); +curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); +curl_setopt($ch, CURLOPT_URL, 'https://api.github.com/repos/nextcloud/server/pulls/'.$pullRequestNumber.'/commits'); +curl_setopt($ch, CURLOPT_USERAGENT, 'CI for Nextcloud (https://github.com/nextcloud/server)'); +$response = curl_exec($ch); +curl_close($ch); + +shell_exec( + sprintf( + 'cd %s && git fetch', + escapeshellarg($baseDir), + escapeshellarg($pullRequestNumber) + ) +); + +$decodedResponse = json_decode($response, true); +if(!is_array($decodedResponse) || count($decodedResponse) === 0) { + echo("Could not decode JSON response from GitHub API.\n"); + exit(1); +} + +// Get all commits SHAs +$commits = []; + +foreach($decodedResponse as $commit) { + if(!isset($commit['sha'])) { + echo("No SHA specified in $commit\n"); + exit(1); + } + $commits[] = $commit['sha']; +} + + +if(count($commits) < 1) { + echo("Could not read commits.\n"); + exit(1); +} + +$notSignedCommits = []; +foreach($commits as $commit) { + if($commit === '') { + continue; + } + + $signOffMessage = false; + $commitMessageLines = + explode( + "\n", + shell_exec( + sprintf( + 'cd %s && git rev-list --format=%%B --max-count=1 %s', + $baseDir, + $commit + ) + ) + ); + + foreach($commitMessageLines as $line) { + if(preg_match('/^Signed-off-by: .* <.*@.*>$/', $line)) { + echo "$commit is signed-off with \"$line\"\n"; + $signOffMessage = true; + continue; + } + } + if($signOffMessage === true) { + continue; + } + + $notSignedCommits[] = $commit; +} + +if($notSignedCommits !== []) { + echo("\n"); + echo("Some commits were not signed off!\n"); + echo("Missing signatures on:\n"); + foreach ($notSignedCommits as $commit) { + echo("- " . $commit . "\n"); + } + echo("Build has failed\n"); + exit(1); +} else { + exit(0); +} + diff --git a/contribute/HowToApplyALicense.md b/contribute/HowToApplyALicense.md new file mode 100644 index 00000000000..3ed231a6c1c --- /dev/null +++ b/contribute/HowToApplyALicense.md @@ -0,0 +1,46 @@ +# How to apply a license + +Originally Nextcloud was licensed under the GNU AGPLv3 only. From +June, 16 2016 on we switched to "GNU AGPLv3 or any later version" for +better long-term maintainability and to make it more secure from a +legal point of view. + +Additionally Nextcloud doesn't require a CLA (Contributor License +Agreement). The copyright belongs to all the individual +contributors. + +If you modify an existing file, please keep the existing license header as +it is and just add your copyright notice: + +```` +@copyright Copyright (c) <year>, <your name> (<your email address>) +```` + +If you create a new file please use this license header: + +```` +/** + * @copyright Copyright (c) <year>, <your name> (<your email address>) + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ +```` + +Additionally we require a Developer Certificate of Origin (DCO), look +at [CONTRIBUTING.md][contributing] to learn more how to sign your commits. + +[contributing]: https://github.com/nextcloud/server/blob/master/CONTRIBUTING.md#sign-your-work diff --git a/contribute/developer-certificate-of-origin b/contribute/developer-certificate-of-origin new file mode 100644 index 00000000000..a6bbb9846c3 --- /dev/null +++ b/contribute/developer-certificate-of-origin @@ -0,0 +1,35 @@ +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. +660 York Street, Suite 102, +San Francisco, CA 94110 USA + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. |