-
Notifications
You must be signed in to change notification settings - Fork 3
44 lines (41 loc) · 1.91 KB
/
cla.yml
File metadata and controls
44 lines (41 loc) · 1.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
name: CLA Assistant
on:
workflow_call:
issue_comment:
types: [created]
pull_request_target:
types: [opened, synchronize]
jobs:
CLA:
runs-on: blacksmith-2vcpu-ubuntu-2404
# This job should only run for pull request comments or pull request target events (not issue comments)
if: github.event.issue.pull_request || github.event_name == 'pull_request_target'
steps:
- name: Generate GitHub App token for CLA repo
if: &cla-step-condition "(github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'"
id: generate-token
# Version: 3.1.1
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3
with:
# GitHub App tokens are automatically signed by GitHub's web-flow GPG key,
# whereas PATs are not. This is required since the Expensify org enforces
# signed commits on all repositories (including Expensify/CLA).
client-id: ${{ secrets.CLA_GITHUB_APP_CLIENT_ID }}
private-key: ${{ secrets.CLA_GITHUB_APP_PRIVATE_KEY }}
owner: Expensify
repositories: CLA
- name: CLA Assistant
if: *cla-step-condition
# Version: 2.6.1
uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PERSONAL_ACCESS_TOKEN: ${{ steps.generate-token.outputs.token }}
with:
path-to-signatures: '${{ github.repository }}/cla.json'
path-to-document: 'https://github.com/${{ github.repository }}/blob/main/CLA.md'
branch: 'main'
remote-organization-name: 'Expensify'
remote-repository-name: 'CLA'
lock-pullrequest-aftermerge: false
allowlist: 'snyk-bot,OSBotify,os-botify[bot],imgbot[bot]'