Implementation:Kubeflow Kubeflow GitHub PR DCO Signoff
| Knowledge Sources | |
|---|---|
| Domains | Pull Request Workflow, DCO Compliance, Git, CI/CD |
| Last Updated | 2026-02-13 00:00 GMT |
Overview
Concrete tool for submitting pull requests with DCO sign-off and passing CI checks provided by Git's commit signing mechanism, the GitHub Pull Request API, and Kubeflow's stale bot configuration.
Description
This implementation covers the end-to-end tooling for submitting a pull request to a Kubeflow sub-project repository. It encompasses three tools:
- Git DCO sign-off (
git commit -s): Appends aSigned-off-by: Name <email>line to each commit message, certifying the contributor's right to submit the code under the Developer Certificate of Origin. - GitHub Pull Request creation (
git push+ GitHub UI orgh pr create): Pushes the feature branch to the contributor's fork and creates a pull request against the upstream repository. - Stale bot management (Probot Stale): The same stale bot configuration that manages issues also applies to pull requests, marking inactive PRs as stale after 90 days and closing them after 7 additional days.
The DCO sign-off is a hard requirement enforced by CI: pull requests with unsigned commits will fail the DCO check and cannot be merged. The stale bot ensures that abandoned PRs are cleaned up automatically, while exemption labels allow maintainers to protect PRs that are intentionally parked (e.g., waiting on a dependency).
Usage
Use this implementation when:
- Creating and submitting a pull request to any Kubeflow sub-project repository.
- Ensuring all commits carry the required DCO sign-off before pushing.
- Retroactively adding DCO sign-off to commits that were made without the
-sflag. - Understanding why a PR was marked stale or automatically closed.
- Protecting a PR from stale closure by applying exempt labels.
Code Reference
Source Location
- Repository: kubeflow/kubeflow
- File:
.github/stale.yml(Lines 1-44) — stale management applies to PRs - Tool:
git commit -s— DCO sign-off mechanism - Tool:
gh pr createor GitHub web UI — PR creation
Signature
DCO Sign-off (Git commit flag):
git commit -s -m "Description of change"
# Produces commit message:
# Description of change
#
# Signed-off-by: Your Name <your.email@example.com>
GitHub PR Creation (gh CLI):
gh pr create \
--title "Short description of the change" \
--body "Detailed description including:
- What the change does
- Why it is needed
- How it was tested
- Fixes #ISSUE_NUMBER" \
--base main \
--head your-fork:feature-branch
Stale Bot Configuration (applies to PRs):
## Configuration for "Probot: Stale"
## https://github.com/probot/stale
daysUntilStale: 90
daysUntilClose: 7
exemptLabels:
- lifecycle/frozen
- priority/p0
- priority/p1
- priority/p2
- priority/p3
exemptProjects: true
exemptMilestones: true
staleLabel: lifecycle/stale
markComment: |
This issue has been automatically marked as stale because it has not had activity in __90 days__.
It will be closed in __7 days__ if no further activity occurs.
...
closeComment: false
Import
# Git is required for DCO sign-off
git --version
# Configure Git user identity for sign-off
git config --global user.name "Your Name"
git config --global user.email "your.email@example.com"
# Install GitHub CLI for PR creation (optional, can use web UI)
# See: https://cli.github.com/
gh --version
# Authenticate with GitHub
gh auth login
I/O Contract
Inputs
| Name | Type | Required | Description |
|---|---|---|---|
| Code changes | Git commits | Yes | Completed code changes in a feature branch, each commit signed with git commit -s.
|
| DCO sign-off | string | Yes | Signed-off-by: Name <email> line in each commit message, certifying the contributor's right to submit.
|
| PR title | string | Yes | Concise description of the change for the pull request title. |
| PR body | string | Yes | Detailed description including what, why, testing methodology, and related issue references. |
| Target branch | string | Yes | The upstream branch to merge into (typically main or master).
|
| CI checks passing | boolean | Yes | All automated checks (tests, lint, DCO verification) must pass before merge. |
| OWNERS approval | boolean | Yes | At least one approver from the relevant OWNERS file must approve the PR. |
Outputs
| Name | Type | Description |
|---|---|---|
| Merged pull request | GitHub PR (merged state) | The PR is merged into the target branch after all gates are satisfied. |
| Closed issue | GitHub issue (closed state) | If the PR body uses Fixes #NNN, the referenced issue is automatically closed on merge.
|
| Contribution record | Git history | The contributor's commits are recorded in the project's Git history with DCO sign-off. |
| Stale marking (if inactive) | GitHub label | If the PR becomes inactive for 90 days, it receives the lifecycle/stale label.
|
| Automatic closure (if abandoned) | GitHub PR (closed state) | If the PR remains inactive 7 days after stale marking, it is automatically closed. |
Usage Examples
Example: Complete PR Submission Workflow
# Step 1: Fork the sub-project repository on GitHub
# (Use the GitHub web UI "Fork" button)
# Step 2: Clone your fork
git clone https://github.com/YOUR_USERNAME/pipelines.git
cd pipelines
# Step 3: Add upstream remote
git remote add upstream https://github.com/kubeflow/pipelines.git
# Step 4: Create a feature branch
git checkout -b fix-pipeline-validation
# Step 5: Make changes and commit with DCO sign-off
git add src/pipeline_validator.py tests/test_validator.py
git commit -s -m "Fix pipeline validation for nested parameters
Fixes #4567"
# Step 6: Push to your fork
git push origin fix-pipeline-validation
# Step 7: Create the pull request
gh pr create \
--title "Fix pipeline validation for nested parameters" \
--body "## What
Fix validation logic that incorrectly rejected nested parameter references.
## Why
Users reported that pipelines with nested parameter references failed validation
even though they were valid. See #4567.
## Testing
- Added unit tests for nested parameter validation
- Verified against the failing pipeline from issue #4567
- All existing tests pass
Fixes #4567"
Example: Retroactively Adding DCO Sign-off
# If you forgot -s on recent commits, amend the last commit:
git commit --amend -s --no-edit
# For multiple commits, use interactive rebase:
# (Caution: this rewrites history and requires force push)
git rebase HEAD~3 --signoff
git push --force-with-lease origin feature-branch
Example: Preventing a PR from Going Stale
# If your PR is intentionally waiting (e.g., blocked on a dependency),
# ask a maintainer to apply the lifecycle/frozen label:
gh pr edit 789 --add-label "lifecycle/frozen"
# Or simply add a comment to reset the inactivity timer:
gh pr comment 789 --body "Still working on this, waiting for dependency X to merge."
Related Pages
Implements Principle
Requires Environment
Page Connections
Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment