Pull Request 中提示`commits incorrectly signed off`

场景：

DCO机器人在 Pull Request 中提示commits incorrectly signed off，说明提交历史里有若干 commit 缺少

Signed-off-by: Your Name <you@example.com>

DCO
There are 2 commits incorrectly signed off. This means that the author(s) of these commits failed to include a Signed-off-by line in their commit message.

To avoid having PRs blocked in the future, always include Signed-off-by: Author Name authoremail@example.com in every commit message. You can also do this automatically by using the -s flag (i.e., git commit -s).

Here is how to fix the problem so that this code can be merged.

Rebase the branch
If you have a local git environment and meet the criteria below, one option is to rebase the branch and add your Signed-off-by lines in the new commits. Please note that if others have already begun work based upon the commits in this branch, this solution will rewrite history and may cause serious issues for collaborators (described in the git documentation under “The Perils of Rebasing”).

You should only do this if:

You are the only author of the commits in this branch
You are absolutely certain nobody else is doing any work based upon this branch
There are no empty commits in the branch (for example, a DCO Remediation Commit which was added using --allow-empty)
To add your Signed-off-by line to every commit in this branch:

Ensure you have a local copy of your branch by checking out the pull request locally via command line.
In your local branch, run: git rebase HEAD~2 --signoff
Force push your changes to overwrite the branch: git push --force-with-lease origin my-branch

解决方案：

# 切回工作分支
git branch + 当前工作分支(my-branch)
# 添加上游（原仓库）远端并同步最新主干
git remote add upstream + 远程仓库地址（原始）
git fetch upstream
# 将“想提交”的改动纳入一次带签名的提交
git add ***
git commit -S -m "update proposal"
# 把还在开发、暂时不想进 PR 的改动先藏起来
git stash push -m "WIP: local tweaks" 
# 与主干对齐并在变基过程中为历史提交补签名
git rebase upstream/main
# 把修正后的历史强推回自己的 fork, --force-with-lease仅当远端分支头指针仍在你预期位置时才覆盖，避免误删他人提交
git push --force-with-lease origin 当前工作分支 （origin是fork仓库地址）
# 取回之前 stash 的本地草稿
git stash pop

注意：
git push --force-with-lease origin 若使用 HTTPS 地址推送，GitHub 已禁用帐密登录，需要当前工作分支生成新 PAT
方法：

1. GitHub ➜ Settings → Developer settings → Personal access tokens → Tokens (classic) → Generate new token
2. 勾选最少 repo 权限；设定有效期；点击 Generate token 并复制那 40 字符串。

git push --force-with-lease origin my-branch
# Username: 你的 GitHub 登录名（如 xxxx）
# Password: 粘贴刚生成的 PAT（终端不显示字符）

注意2
等待 GitHub 自动检测，DCO 成功转绿即可合并。如果仍有缺签提示，说明还有更早的 commit 未补，可继续：

git rebase HEAD~3 --signoff
git push --force-with-lease origin my-branch