docs(git-workflow): DCO sign-off, force-with-lease pinning, -F commit messages#49
Conversation
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
There was a problem hiding this comment.
Pull request overview
Doc-only additions to the git-workflow skill that surface three pieces of guidance which previously caused rework: DCO sign-off at the entry point, handling --force-with-lease "stale info" rejections on bot-active PRs, and using -F - with a heredoc for multi-line/special-char commit messages.
Changes:
- Add a prominent
git commit -S --signoffrule toSKILL.mdConventional Commits section. - Document the
--force-with-leasestale-info workaround (pin lease to agit ls-remoteSHA) inpull-request-workflow.md. - Recommend
-F -with a quoted heredoc for multi-line/special-char bodies incommit-conventions.md.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| skills/git-workflow/SKILL.md | Surfaces -S --signoff requirement directly in the entry-point Conventional Commits block. |
| skills/git-workflow/references/pull-request-workflow.md | Adds a subsection explaining how to safely recover from --force-with-lease "stale info" without escalating to --force. |
| skills/git-workflow/references/commit-conventions.md | Adds guidance and an example for using -F - heredoc to avoid shell mangling of commit bodies. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the Git workflow documentation to include guidelines on signing commits, avoiding inline multi-line commit messages, and handling --force-with-lease rejections. The review feedback highlights several technical and logical inaccuracies in the proposed additions: it clarifies that the DCO check requires the commit author identity to match the Signed-off-by: trailer, corrects the explanation of shell parsing behavior for inline commit messages, and points out a logical contradiction in the --force-with-lease workaround, suggesting a safer fetch-and-inspect workflow instead.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
CybotTM
force-pushed
the
docs/retro-dco-lease-msg-gotchas
branch
2 times, most recently
from
a329eb4 to
12e2d97
Compare
…F messages Three additions from a retrospective where each cost real rework on a PR: - SKILL.md: surface `git commit -S --signoff` in the Conventional Commits block. The DCO/sign-off rule lived only in commit-conventions.md, so it was missed at commit time even with the skill loaded — failing DCO after push and forcing an amend + force-push. - pull-request-workflow.md: document the `--force-with-lease` "stale info" rejection on bot-active PRs (auto-approve, Renovate) and the fix — pin the lease to a freshly-read `git ls-remote` SHA rather than escalating to --force. - commit-conventions.md: warn that multi-line / special-char commit bodies passed inline via `-m` are mangled by the shell (embedded quotes close the string, `&` backgrounds); use `-F -` with a quoted heredoc instead. Signed-off-by: Sebastian Mendel <github@sebastianmendel.de>
CybotTM
force-pushed
the
docs/retro-dco-lease-msg-gotchas
branch
from
12e2d97 to
9143789
Compare
|
Summary
Three small additions, each from a retrospective where the missing guidance caused real rework on a live PR:
SKILL.md— make DCO sign-off discoverable. Thegit commit -S --signoffrule lives incommit-conventions.md, but the SKILL.md references table didn't list it as a trigger, so the reference wasn't loaded at commit time — the commits failed the DCO check after push and had to be amended + force-pushed on two repos. Added "DCO sign-off" to thecommit-conventions.mdtrigger row (SKILL.md stays within its 500-word cap).pull-request-workflow.md—--force-with-lease"stale info" on bot-active PRs. When an auto-approve/Renovate bot updates the remote branch between fetch and push, a plain--force-with-leaseis (correctly) rejected. Documents the fix: re-read the head and pin the lease to agit ls-remoteSHA rather than escalating to--force.commit-conventions.md— multi-line/special-char messages via-F. An inline-mbody containing"/&is mangled by the shell (string closes early,&backgrounds). Recommends-F -with a quoted heredoc.Test plan