diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 5d9a76a..22fcc2f 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -47,11 +47,22 @@ jobs: steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - uses: metio/ci/policy-check@59a3cbf82e2797f72e63edce1880a4c8db865a3d # 2026.7.6091618 + dco: + # Developer Certificate of Origin: every commit carries a Signed-off-by + # trailer. Bot PRs skip; a skipped job still satisfies the gate below. + if: github.event.pull_request.user.type != 'Bot' + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + with: + fetch-depth: 0 + - uses: metio/ci/dco@68ccaa80327a09d6be7ee72fc81ffa370bd73fff # main verify: # Single required check: mark only this one required in branch protection and # new jobs are covered automatically. name: Verify - needs: [reuse, yaml, github-actions, markdown, policy] + needs: [reuse, yaml, github-actions, markdown, dco, policy] if: always() runs-on: ubuntu-latest timeout-minutes: 5