Switch contribution method from CLA to DCO

[dhmlau]

Description / Steps to reproduce / Feature proposal

We're switching to use Developer Certificate of Origin (DCO) for loopback-next repo, after switched it for the loopback4-example-shopping and loopback.io-search repos.

Acceptance Criteria

• Look into how to configure git to automatically sign
• Investigate to see if we can use husky to check the sign-off, so that it will fail right away without signing instead of waiting for CI to fail.
• Enable DCO for loopback-next
  • Can be done through https://github.com/integration/dco. Might need admin rights in order to configure it on loopback-next repo
• Update the "contribute code" docs: https://loopback.io/doc/en/contrib/code-contrib-lb4.html
• Update README or contribute section in the repo, similar to https://github.com/strongloop/loopback4-example-shopping#contributing
• Make sure the DCO process is compatible with CI (for future consideration when we have a special functional id to make releases).

Reference

• This CONTRIBUTING.md contains more info on how to sign and fix commit message if you miss the signing: https://github.com/strongloop/loopback.io-search/blob/master/CONTRIBUTING.md
• @bajtos also mentioned there's a way to configure git to automatically sign. Might want to include that instruction too.

[raymondfeng]

@bajtos also mentioned there's a way to configure git to automatically sign. Might want to include that instruction too.

We need to figure out and document it. Asking us to sign-off manually every time is annoying.

[jannyHou]

Would be good if we can fail the commit message check byhusky when the sign-off is missing.

[jannyHou]

Make CI enforce correct license banner + correct DCO sign-off in commit message:
jerryscript-project/jerryscript-debugger-ts#9

[dhmlau]

Thanks!
Let me get the final confirmation before proceeding. Thanks!

[stale]

This issue has been marked stale because it has not seen activity within six months. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository. This issue will be closed within 30 days of being stale.

[raymondfeng]

FYI: We use commitlint with Husky and commitlint has https://github.com/conventional-changelog/commitlint/blob/master/docs/reference-rules.md#signed-off-by that we can use to check DCO.

[bajtos]

there's a way to configure git to automatically sign.

There are multiple ways how to achieve that, see https://jjasghar.github.io/blog/2016/10/04/signing-commits-in-git for a good overview.

I am personally using the ~/.gitmessage approach.

Further reading:

• VSCode supports automatic sign-offs, see Git commit using '--signoff' microsoft/vscode#10410
• git docs for commit.template
• git docs for git commit --signoff

[dhmlau]

• Instructions for signing and setting alias to sign are captured under: https://loopback.io/doc/en/contrib/code-contrib.html.
• loopback-next repo (together with loopback4-example-shopping, loopback.io, loopback-datasource-juggler) is using DCO now. Will gradually switch the other connector repos to DCO soon.

[joeytwiddle]

Adding this comment for SEO purposes.

If you see this error while committing:

✖   message must be signed off [signed-off-by]

The solution (shown in the document dhmlau shared above) is to use git commit -s ... to sign the commit message.