Streamline your workflow and let this GitHub Action(a lite version of CLA Assistant) handle the legal side of contributions to a repository for you. CLA assistant gitHub action enables contributors to sign CLAs from within a pull request. With this GitHub Action we could get rid of the need for a centrally managed database by storing the contributor's signature data in a decentralized way - in the same repository's file system or in a remote repository
- decentralized data storage
- fully integrated within github environment
- no User Interface is required
- signatures will be stored in a file inside the repository or in a remote repository
- versioning of signatures
name: "cla-bot"
on:
issue_comment:
types: [created]
pull_request_target:
types: [opened,closed,synchronize]
jobs:
cla-check:
runs-on: ubuntu-latest
steps:
- name: "MLCommons CLA bot check"
if: (github.event.comment.body == 'recheck') || github.event_name == 'pull_request_target'
# Alpha Release
uses: mlcommons/cla-bot@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# the below token should have repo scope and must be manually added by you in the repository's secret
PERSONAL_ACCESS_TOKEN : ${{ secrets.MLCOMMONS_BOT_CLA_TOKEN }}
with:
path-to-signatures: 'cla-bot/v1/cla.json'
path-to-document: 'https://github.com/mlcommons/systems/blob/main/mlcommons_cla.txt' # e.g. a CLA or a DCO document
# branch should not be protected
branch: 'main'
allowlist: user1,bot*
remote-organization-name: mlcommons
remote-repository-name: systems
#below are the optional inputs - If the optional inputs are not given, then default values will be taken
#remote-organization-name: enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository)
#remote-repository-name: enter the remote repository name where the signatures should be stored (Default is storing the signatures in the same repository)
#create-file-commit-message: 'For example: Creating file for storing CLA Signatures'
#signed-commit-message: 'For example: $contributorName has signed the CLA in #$pullRequestNo'
#custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign'
#custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA'
#custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.'
CLA action workflow will be triggered on all Pull Request opened, synchronize, closed
. This workflow will always run in the base repository and thats why we are making use of the pull_request_target event.
When the CLA workflow is triggered on pull request closed
event, it will lock the Pull Request conversation after the Pull Request merge so that the contributors cannot modify or delete the signatures (Pull Request comment) later. This feature is optional.
After the contributor signed a CLA, the contributor's signature with metadata will be stored in a JSON file inside the repository like below screenshot and you can specify the custom path to this file with path-to-signatures
input in the workflow.
The default path is path-to-signatures: 'signatures/version1/cla.json'
NOTE: You do not need to create this file manually. Our workflow will create the signature file if it does not already exist. Manually creating this file will cause the workflow to fail.
If a GitHub username is included in the allowlist, they will not be required to sign a CLA. You can make use of this feature If you don't want your colleagues working in the same team/organisation to sign a CLA. And also, since there's no way for bot users (such as Dependabot or Greenkeeper) to sign a CLA, you may want to add them in allowlist
. You can do so by adding their names in a comma separated string to the allowlist
input in the CLA workflow file(in this case dependabot-preview[bot],greenkeeper[bot]
). You can also use wildcard symbol in case you want to allow all bot users something like bot*
.
Name | Requirement | Description |
---|---|---|
GITHUB_TOKEN |
required | Usage: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} , CLA Action uses this in-built GitHub token to make the API calls for interacting with GitHub. It is built into Github Actions and does not need to be manually specified in your secrets store. More Info |
PERSONAL_ACCESS_TOKEN |
required | Usage: PERSONAL_ACCESS_TOKEN : ${{ secrets.PERSONAL_ACCESS_TOKEN}} , you have to create a Personal Access Token with repo scope and store in the repository's secrets. This token is required for consuming the Actions re-run API to automatically re-run the last failed workflow and also for storing the signatures in a remote repository if required. |
Name | Requirement | Description | Example |
---|---|---|---|
path-to-signatures |
optional | Path to the JSON file where all the signatures of the contributors will be stored inside the repository. | signatures/version1/cla.json |
branch |
optional | Branch in which all the signatures of the contributors will be stored and Default branch is master . |
master |
allowlist |
optional | You can specify users and bots to be added in allowlist. | user1,user2,bot* |
remote-repository-name |
optional | provide the remote repository name where all the signatures should be stored . | remote repository name |
remote-organization-name |
optional | provide the remote organization name where all the signatures should be stored. | remote organization name |
create-file-commit-message |
optional | Commit message when a new CLA file is created. | Creating file for storing CLA Signatures. |
signed-commit-message |
optional | Commit message when a new contributor signs the CLA in a Pull Request. | $contributorName has signed the CLA in $pullRequestNo |
custom-pr-sign-comment |
optional | The signature to be committed in order to sign the CLA. | I have read the Developer Terms Document and I hereby accept the Terms |
custom-allsigned-prcomment |
optional | pull request comment when everyone has signed | All Contributors have signed the CLA. |
Contributor License Agreement assistant
Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
❤️ from the GitHub team @SAP