Light

shopify / shopify-cla-action Goto Github PK

View Code? Open in Web Editor NEW

9.0 177.0 7.0 1.15 MB

Shopify CLA action

License: MIT License

JavaScript 1.12% TypeScript 98.88%

shopify-cla-action's Introduction

Shopify CLA action

Use case

When activated and configured, a check will be added to every PR making sure your CLA has been signed by all committers. If a committer has not signed your CLA, the check will fail.

After signing the CLA, contributors can comment "I've signed the CLA!" on the PR to re-run the test suite.

This is intended for Shopify repositories only.

Getting Started

Add the following workflow to your repository:

# .github/workflows/cla.yml
name: Contributor License Agreement (CLA)

on:
  pull_request_target:
    types: [opened, synchronize]
  issue_comment:
    types: [created]

jobs:
  cla:
    runs-on: ubuntu-latest
    permissions:
      actions: write
      pull-requests: write
    if: |
      (github.event.issue.pull_request 
        && !github.event.issue.pull_request.merged_at
        && contains(github.event.comment.body, 'signed')
      ) 
      || (github.event.pull_request && !github.event.pull_request.merged)
    steps:
      - uses: Shopify/shopify-cla-action@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          cla-token: ${{ secrets.CLA_TOKEN }}

How it works / features

The check:

All PRs commit authors are checked against https://cla.shopify.com/
If all GitHub usernames signed the CLA, the check will pass
Otherwise the check will fail and the build message will ask first-time authors to sign the CLA

Comments:

Every comment is tested against regexp
If the test was successful, it will trigger re-run of previous failed check

Following comments will be ignored:

Comment on issue
Comment on merged PR
Comment without word signed will be filtered by a workflow definition

Reactions:

If comment is matched with regexp, action will add 👀 reaction to that comment
If comment has 👀 reaction and CLA check succeeded, action will also add 👍 reaction
If comment has 👀 reaction and CLA check failed, action will also add 👎 reaction

Caveats

This action does not produce any comments.

If you need additional interaction with your users, please use @actions/first-interaction.

Inputs

Name	Required	Default	Description
`github-token`	`true`	$GITHUB_TOKEN	The token to be used with GitHub interactions
`cla-token`	`true`	Provided by github-actions repository secret	The token to access cla.shopify.com

Outputs

None

shopify-cla-action's People

Contributors

Stargazers

Watchers

Forkers

osama-inayat qpc-github himself65 isk-shopify mrvill35 jcoyne

shopify-cla-action's Issues

Request: add @martelogan to CLA allowlist

Having just recently open-sourced https://github.com/Shopify/goqueuesim, I'm looking to have my personal GitHub account (@martelogan) added to the CLA allow list to avoid having to sign a CLA unnecessarily (as I'll be the primary maintainer of that open-source repo).

Per the steps described in our Open Source Guidelines, I've opened this issue for the request.

IP address not permitted to access the Shopify organization when run from GitHub Actions

I'm seeing the following error message from a run of the CLA GitHub Action:

Although you appear to have the correct authorization credentials, the `Shopify` organization has an IP allow list enabled, and your IP address is not permitted to access this resource.

The configuration for the action is defined at https://github.com/Shopify/ruvy/blob/8035018590f5e7ead1d4d29b393439e69b6c3d90/.github/workflows/cla.yml

Add an explanation to "CLA not signed" message on how to re-run the test suite

Issue

When a developer creates their first Pull Request, but forgot to sign the CLA, the GitHub action fails – as expected:

Error: In order to merge this pull request, all contributors must sign Shopify’s CLA.

@Poitrin: Sign the CLA to have your PR reviewed.

The error message implies that the developer just needs to sign the CLA, but since the sole signature does not remove any cal-needed label and does not retrigger any test suite, the PR might not be reviewed so quickly.

Suggested solution

Update the message to e.g.:

@Poitrin: Sign the CLA and comment "I've signed the CLA!" on the PR to re-run the test suite and have your PR reviewed.

Alternative solution

When a developer signs the CLA, all PRs in Shopify repos created by the developer and labeled with cla-needed automatically get updated as if the developer added the "I've signed the CLA!" comment manually. But I'm not sure if this is feasible.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.