From 6690875110eb4df329d05a0fa8009227816ad847 Mon Sep 17 00:00:00 2001 From: jeppevinkel Date: Wed, 24 Sep 2025 16:38:33 +0200 Subject: [PATCH 1/4] Feature/contributor agreement workflow (#1) * Add initial workflow for testing PR CLA validation * Add commenting step * Add more dynamic PR comment * Fail the action when the CLA is not signed * Fix links to md files * Add label * Add step to remove label --- .github/workflows/cla-validation.yaml | 76 +++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 .github/workflows/cla-validation.yaml diff --git a/.github/workflows/cla-validation.yaml b/.github/workflows/cla-validation.yaml new file mode 100644 index 00000000..e112c8cf --- /dev/null +++ b/.github/workflows/cla-validation.yaml @@ -0,0 +1,76 @@ +name: CLA Validation + +on: + pull_request: + types: [opened, reopened, synchronize] + +permissions: + pull-requests: write + +env: + DEFAULT_BRANCH: master + +jobs: + validate-cla: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v5 + + - name: Check if author is in CLA + id: validate-cla + shell: pwsh + env: + AUTHOR_LOGIN: ${{ github.event.pull_request.user.login }} + run: | + $selector = Select-String -Path CLA.md -Pattern "- $Env:AUTHOR_LOGIN" + + if ($selector -ne $null) + { + "in_cla=true" >> $Env:GITHUB_OUTPUT + "$Env:AUTHOR_LOGIN is in the CLA" >> $Env:GITHUB_STEP_SUMMARY + } + else + { + "in_cla=false" >> $Env:GITHUB_OUTPUT + "$Env:AUTHOR_LOGIN is not in the CLA" >> $Env:GITHUB_STEP_SUMMARY + } + + - name: Post message about CLA + if: steps.validate-cla.outputs.in_cla == 'false' + uses: actions/github-script@v8 + env: + AUTHOR_LOGIN: ${{ github.event.pull_request.user.login }} + DEFUALT_BRANCH: ${{ github.event.repository.default_branch }} + with: + script: | + const authorLogin = process.env.AUTHOR_LOGIN; + const defaultBranch = process.env.DEFUALT_BRANCH; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `⚠️ Pull requests will only be accepted if the [CLA](../blob/${defaultBranch}/CLA.md) has been signed.\n\nIt appears that you have not yet signed the [CLA](../blob/${defaultBranch}/CLA.md) with your GitHub username. In order to contribute to this project, you must read the CLA fully, and then append the following to the bottom of the document to sign it.\n\n\`\`\`\n- ${authorLogin}\n\n\`\`\`` + }); + + github.rest.issues.addLabels({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + labels: ['cla-not-signed'] + }); + + core.setFailed('Failing action until CLA has been signed'); + + - name: Remove label if CLA is signed + if: steps.validate-cla.outputs.in_cla == 'true' + uses: actions/github-script@v8 + with: + script: | + github.rest.issues.removeLabel({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + name: 'cla-not-signed' + }); \ No newline at end of file From a954079728ab80437c664f67ebb788f94c051c8a Mon Sep 17 00:00:00 2001 From: jeppevinkel Date: Wed, 24 Sep 2025 16:46:25 +0200 Subject: [PATCH 2/4] Fix so it only attempts to remove the label if it doesn't already exist --- .github/workflows/cla-validation.yaml | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/.github/workflows/cla-validation.yaml b/.github/workflows/cla-validation.yaml index e112c8cf..06a02eff 100644 --- a/.github/workflows/cla-validation.yaml +++ b/.github/workflows/cla-validation.yaml @@ -68,9 +68,23 @@ jobs: uses: actions/github-script@v8 with: script: | - github.rest.issues.removeLabel({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - name: 'cla-not-signed' - }); \ No newline at end of file + const { owner, repo } = context.repo; + const issue_number = context.issue.number; + + const { data: labels } = await github.rest.issues.listLabelsOnIssue({ + owner, + repo, + issue_number + }); + + const labelToRemove = 'needs-review'; + const hasLabel = labels.some(label => label.name === labelToRemove); + + if (hasLabel) { + github.rest.issues.removeLabel({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + name: 'cla-not-signed' + }); + } \ No newline at end of file From 129d6212791797429e5e1466131da6f795a912c9 Mon Sep 17 00:00:00 2001 From: jeppevinkel Date: Wed, 24 Sep 2025 16:53:55 +0200 Subject: [PATCH 3/4] Only write a comment once when initially adding the label --- .github/workflows/cla-validation.yaml | 45 +++++++++++++++++---------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/.github/workflows/cla-validation.yaml b/.github/workflows/cla-validation.yaml index 06a02eff..e2619200 100644 --- a/.github/workflows/cla-validation.yaml +++ b/.github/workflows/cla-validation.yaml @@ -47,20 +47,34 @@ jobs: const authorLogin = process.env.AUTHOR_LOGIN; const defaultBranch = process.env.DEFUALT_BRANCH; - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: `⚠️ Pull requests will only be accepted if the [CLA](../blob/${defaultBranch}/CLA.md) has been signed.\n\nIt appears that you have not yet signed the [CLA](../blob/${defaultBranch}/CLA.md) with your GitHub username. In order to contribute to this project, you must read the CLA fully, and then append the following to the bottom of the document to sign it.\n\n\`\`\`\n- ${authorLogin}\n\n\`\`\`` - }); + const { owner, repo } = context.repo; + const issue_number = context.issue.number; - github.rest.issues.addLabels({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - labels: ['cla-not-signed'] + const { data: labels } = await github.rest.issues.listLabelsOnIssue({ + owner, + repo, + issue_number }); + const hasLabel = labels.some(label => label.name === 'cla-not-signed'); + + // Only comment if it hasn't already labeled the PR + if (!hasLabel) { + github.rest.issues.createComment({ + issue_number: issue_number, + owner: owner, + repo: repo, + body: `⚠️ Pull requests will only be accepted if the [CLA](../blob/${defaultBranch}/CLA.md) has been signed.\n\nIt appears that you have not yet signed the [CLA](../blob/${defaultBranch}/CLA.md) with your GitHub username. In order to contribute to this project, you must read the CLA fully, and then append the following to the bottom of the document to sign it.\n\n\`\`\`\n- ${authorLogin}\n\n\`\`\`` + }); + + github.rest.issues.addLabels({ + owner: owner, + repo: repo, + issue_number: issue_number, + labels: ['cla-not-signed'] + }); + } + core.setFailed('Failing action until CLA has been signed'); - name: Remove label if CLA is signed @@ -77,14 +91,13 @@ jobs: issue_number }); - const labelToRemove = 'needs-review'; - const hasLabel = labels.some(label => label.name === labelToRemove); + const hasLabel = labels.some(label => label.name === 'cla-not-signed'); if (hasLabel) { github.rest.issues.removeLabel({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, + owner: owner, + repo: repo, + issue_number: issue_number, name: 'cla-not-signed' }); } \ No newline at end of file From 58efb9f8f6412cfe821f20a80ed4ba9758221c23 Mon Sep 17 00:00:00 2001 From: jeppevinkel Date: Wed, 24 Sep 2025 16:55:37 +0200 Subject: [PATCH 4/4] Remove unused env --- .github/workflows/cla-validation.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/cla-validation.yaml b/.github/workflows/cla-validation.yaml index e2619200..642bbef6 100644 --- a/.github/workflows/cla-validation.yaml +++ b/.github/workflows/cla-validation.yaml @@ -7,9 +7,6 @@ on: permissions: pull-requests: write -env: - DEFAULT_BRANCH: master - jobs: validate-cla: runs-on: ubuntu-latest