diff --git a/.github/workflows/cla-auto-accept.yml b/.github/workflows/cla-auto-accept.yml new file mode 100644 index 0000000000..b5d32d507f --- /dev/null +++ b/.github/workflows/cla-auto-accept.yml @@ -0,0 +1,63 @@ +name: Auto-accept CLA for bot PRs + +on: + issue_comment: + types: [created] + +jobs: + cla-accept: + name: Accept CLA + runs-on: ubuntu-latest + if: | + github.repository == 'microsoft/fluentui-react-native' && + github.event.issue.pull_request != null && + contains(github.event.comment.user.login, 'microsoft-github-policy-service') + + steps: + - name: Generate token + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + id: app-token + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + permission-pull-requests: read + permission-issues: write + + - name: Accept CLA if bot-authored PR + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + with: + github-token: ${{ steps.app-token.outputs.token }} + script: | + const pr = await github.rest.pulls.get({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: context.issue.number, + }); + + if (pr.data.user.login !== 'microsoft-react-native-sdk[bot]') { + console.log(`PR author ${pr.data.user.login} is not the release bot — skipping`); + return; + } + + const { data: comments } = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + }); + + const alreadyAgreed = comments.some(c => + c.body.includes('@microsoft-github-policy-service agree') + ); + + if (alreadyAgreed) { + console.log('CLA already accepted — skipping'); + return; + } + + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body: '@microsoft-github-policy-service agree company="Microsoft"', + }); + console.log('CLA accepted');