name: DCO Check (Developer Certificate of Origin)

on:
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  check-dco:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        fetch-depth: 0
    - name: Check DCO
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        GH_REPO: ${{ github.repository }}
      run: |
        echo "Checking DCO for PR #${{ github.event.pull_request.number }}"
        commits=$(gh pr view ${{ github.event.pull_request.number }} --json commits --jq '.commits[].oid')
        for commit in $commits
        do
          if ! git log --format='%B' -n 1 $commit | grep -q "Signed-off-by:"; then
            echo "Commit $commit is missing Signed-off-by line"
            exit 1
          fi
        done
        echo "All commits have Signed-off-by lines"