hyperlight-dev · jsturtevant · Jun 2, 2025 · May 20, 2025 · May 20, 2025 · May 20, 2025
@@ -67,6 +67,14 @@ jobs:
     - name: Spell Check Repo
       uses: crate-ci/[email protected]
 
+  license-headers:
+    name: check license headers
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Check License Headers
+      run: ./dev/check-license-headers.sh
+
   # Gate PR merges on this specific "join-job" which requires all other
   # jobs to run first. We need this job since we cannot gate on particular jobs
   # in the workflow, since they can sometimes be skipped (e.g. if the PR only touches docs).
@@ -77,6 +85,7 @@ jobs:
       - rust
       - fuzzing
       - spelling
+      - license-headers
     if: always()
     runs-on: ubuntu-latest
     steps:

@@ -4,7 +4,7 @@ This project welcomes contributions. Most contributions require you to signoff o
 the Developer Certificate of Origin (DCO). When you submit a pull request, a DCO-bot will automatically determine
 whether you need to provide signoff for your commit. Please follow the instructions provided by DCO-bot, as pull
 requests cannot be merged until the author(s) have provided signoff to fulfill the DCO requirement.
-You may find more information on the DCO requirements [below](#developer-certificate-of-origin-signing-your-work).
+You may find more information on the DCO requirements [below](#developer-certificate-of-origin-and-gpg-signing).
 
 ## Issues
 
@@ -31,20 +31,28 @@ All contributions come through pull requests. To submit a proposed change, we re
     - Code changes require tests
     - Make sure to run the linters to check and format the code
 4. Update relevant documentation for the change
-5. Commit with [DCO sign-off](#developer-certificate-of-origin-signing-your-work) and open a PR
+5. Commit with [DCO sign-off](#developer-certificate-of-origin-and-gpg-signing) and open a PR
 6. Wait for the CI process to finish and make sure all checks are green
 7. A maintainer of the project will be assigned, and you can expect a review within a few days
 
 #### Use work-in-progress PRs for early feedback
 
 A good way to communicate before investing too much time is to create a "Work-in-progress" PR and share it with your reviewers. The standard way of doing this is to add a "[WIP]" prefix in your PR's title and open the pull request as a draft.
 
-### Developer Certificate of Origin: Signing your work
+### Developer Certificate of Origin and GPG Signing
 
 #### Every commit needs to be signed
 
+This project requires two types of signatures on all commits:
+
+1. **Developer Certificate of Origin (DCO) Sign-off**: A text attestation that you have the right to submit the code
+2. **GPG Signature**: A cryptographic signature verifying your identity
+
+**For DCO Sign-offs:**
+
 The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the [DCO](https://developercertificate.org/), reformatted for readability:
-```
+
+```text
 By making a contribution to this project, I certify that:
 
     (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or
@@ -70,18 +78,41 @@ Git even has a `-s` command line option to append this automatically to your com
 git commit -s -m 'This is my commit message'
 ```
 
-Each Pull Request is checked  whether or not commits in a Pull Request do contain a valid Signed-off-by line.
+**For GPG Signatures:**
+
+GPG signatures verify the identity of the committer. For detailed setup instructions, see GitHub's documentation on [signing commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits).
+
+Quick setup:
 
-#### I didn't sign my commit, now what?!
+```sh
+git config --global user.signingkey YOUR_KEY_ID
+git config --global commit.gpgsign true
+```
+
+**For both DCO sign-off and GPG signature in one command:**
+
+```sh
+git commit -S -s -m 'This is my signed and signed-off commit message'
+```
+
+For detailed instructions on setting up GPG signing, see [GitHub's documentation on signing commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits).
+
+Each Pull Request is checked to ensure all commits contain valid DCO sign-offs and GPG signatures.
+
+#### I didn't sign my commit, now what?
 
 No worries - You can easily replay your changes, sign them and force push them!
 
+**For adding both DCO sign-off and GPG signature:**
+
 ```sh
 git checkout <branch-name>
-git commit --amend --no-edit --signoff
+git commit --amend --no-edit -S -s
 git push --force-with-lease <remote-name> <branch-name>
 ```
 
+For more detailed instructions on setting up GPG signing, see [GitHub's documentation on signing commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits).
+
 *Credit: This doc was cribbed from Dapr.*
 
 ### Rust Analyzer

@@ -131,6 +131,9 @@ fmt-check:
     cargo +nightly fmt --manifest-path src/tests/rust_guests/dummyguest/Cargo.toml -- --check
     cargo +nightly fmt --manifest-path src/hyperlight_guest_capi/Cargo.toml -- --check
 
+check-license-headers:
+    ./dev/check-license-headers.sh
+
 fmt-apply:
     cargo +nightly fmt --all
     cargo +nightly fmt --manifest-path src/tests/rust_guests/callbackguest/Cargo.toml

@@ -0,0 +1,60 @@
+#!/bin/bash
+# This script checks for the presence of the required license header in Rust source files.
+
+# Get the repository root
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+cd "$REPO_ROOT" || exit 1
+
+# Define the license header pattern to look for
+LICENSE_PATTERN="Copyright .* The Hyperlight Authors..*Licensed under the Apache License, Version 2.0"
+
+# Define the full license header for files that need it
+LICENSE_HEADER='/*
+Copyright 2025 The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+'
+
+# Initialize a variable to track missing headers
+MISSING_HEADERS=0
+MISSING_FILES=""
+
+# Find all Rust files, excluding target directory
+while IFS= read -r file; do
+    # Skip auto-generated files
+    if grep -q "@generated" "$file" || grep -q "Automatically generated" "$file"; then
+        continue
+    fi
+
+    # Check if the file has the license header (allowing for multi-line matching)
+    if ! grep -q -z "$LICENSE_PATTERN" "$file"; then
+        echo "Missing or invalid license header in $file"
+        MISSING_FILES="$MISSING_FILES\n  $file"
+        MISSING_HEADERS=$((MISSING_HEADERS + 1))
+    fi
+done < <(find src -name "*.rs" -type f)
+
+if [ $MISSING_HEADERS -gt 0 ]; then
+    echo "Found $MISSING_HEADERS files with missing or invalid license headers:"
+    echo -e "$MISSING_FILES"
+    echo ""
+    echo "Please add the following license header to these files:"
+    echo "$LICENSE_HEADER"
+    echo "You can also run: just check-license-headers to verify your changes."
+    exit 1
+else
+    echo "All Rust files have the required license header"
+    exit 0
+fi
@@ -1,3 +1,19 @@
+/*
+Copyright 2025 The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 use core::convert::TryFrom;
 
 use anyhow::{anyhow, Error};

@@ -1,3 +1,20 @@
+/*
+Copyright 2025 The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+use core::mem::size_of;
 use core::ptr::addr_of;
 
 use crate::exceptions::idt::{init_idt, IdtEntry, IDT};

@@ -1,3 +1,19 @@
+/*
+Copyright 2025 The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 use std::env;
 
 fn main() {

@@ -1,3 +1,19 @@
+/*
+Copyright 2025 The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 use alloc::boxed::Box;
 use alloc::slice;
 use alloc::vec::Vec;

@@ -1,3 +1,19 @@
+/*
+Copyright 2025 The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 use core::ffi::c_char;
 
 use hyperlight_common::flatbuffer_wrappers::guest_error::ErrorCode;

@@ -1,3 +1,19 @@
+/*
+Copyright 2025 The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 use alloc::boxed::Box;
 use core::ffi::{c_char, CStr};
 

@@ -1,3 +1,19 @@
+/*
+Copyright 2025 The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 #![no_std]
 #![allow(non_snake_case, non_camel_case_types, non_upper_case_globals)]
 

@@ -1,3 +1,19 @@
+/*
+Copyright 2025 The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 use core::ffi::c_char;
 
 #[unsafe(no_mangle)]

@@ -1,3 +1,19 @@
+/*
+Copyright 2025 The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 mod function_call;
 pub use function_call::*;
 

@@ -1,3 +1,19 @@
+/*
+Copyright 2025 The Hyperlight Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 use alloc::boxed::Box;
 use alloc::ffi::CString;
 use alloc::slice;