From aea652990cc3d39e5b5e5dbddd1d8190a4621563 Mon Sep 17 00:00:00 2001 From: Chad Smith Date: Tue, 10 Mar 2020 14:10:07 -0600 Subject: workflows: CLA validation altered to fail status on pull_request (#164) Github api doesn't allow read-write access to labels or comments when running from a pull_request fork during CI. This restriction results in an API error message: "Resource not accessible by integration" If we want to run this action per pull_request, we need to convert the action to fail the PR status check and emit the required steps to sign the CLA to the console on the PR's failed status tab. --- .github/workflows/cla.yml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) (limited to '.github/workflows/cla.yml') diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index 34e11c2d..757e8ff1 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -8,22 +8,22 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - - run: | - echo "::set-env name=CLA_SIGNED::$(grep -q ': \"${{ github.actor }}\"' ./tools/.lp-to-git-user && echo CLA signed || echo CLA not signed)" - - name: Add CLA label + - name: Check CLA signing status for ${{ github.actor}} run: | - # POST a new label to this issue - curl --request POST \ - --url https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.number }}/labels \ - --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ - --header 'content-type: application/json' \ - --data '{"labels": ["${{env.CLA_SIGNED}}"]}' - - name: Comment about CLA signing - if: env.CLA_SIGNED == 'CLA not signed' - run: | - # POST a comment directing submitter to sign the CLA - curl --request POST \ - --url https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.number }}/comments \ - --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ - --header 'content-type: application/json' \ - --data '{"body": "Hello ${{ github.actor }},\n\nThank you for your contribution to cloud-init.\n\nIn order for us to merge this pull request, you need\nto have signed the Contributor License Agreement (CLA).\nPlease ensure that you have signed the CLA by following our\nhacking guide at:\n\nhttps://cloudinit.readthedocs.io/en/latest/topics/hacking.html\n\nThanks,\nYour friendly cloud-init upstream\n"}' + cat > unsigned-cla.txt < Date: Tue, 10 Mar 2020 23:11:42 -0400 Subject: workflows/cla.yml: use correct username for CLA check (#243) Instead of using the username that triggered the action (which, in the case of a committer merging master into a PR branch will be the committer), always use the username of the submitter of the pull request. --- .github/workflows/cla.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to '.github/workflows/cla.yml') diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index 757e8ff1..389eccb8 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -8,10 +8,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - - name: Check CLA signing status for ${{ github.actor}} + - name: Check CLA signing status for ${{ github.event.pull_request.user.login }} run: | cat > unsigned-cla.txt < Date: Wed, 11 Mar 2020 10:33:57 -0400 Subject: Introduce and use of a list of GitHub usernames that have signed CLA (#244) The list so far is partial. --- .github/workflows/cla.yml | 17 ++++++++++++++--- tools/.github-cla-signers | 1 + 2 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 tools/.github-cla-signers (limited to '.github/workflows/cla.yml') diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index 389eccb8..8a0b2c07 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -24,6 +24,17 @@ jobs: Thanks, Your friendly cloud-init upstream EOF - grep -q ': \"${{ github.event.pull_request.user.login }}\"' ./tools/.lp-to-git-user && \ - echo "Thanks ${{ github.event.pull_request.user.login }} for signing cloud-init's CLA" || \ - (cat unsigned-cla.txt && exit 1) + + has_signed() { + username="$1" + grep -q ": \"$username\"" ./tools/.lp-to-git-user && return 0 + grep -q "^$username$" ./tools/.github-cla-signers && return 0 + return 1 + } + + if has_signed "${{ github.event.pull_request.user.login }}"; then + echo "Thanks ${{ github.event.pull_request.user.login }} for signing cloud-init's CLA" + else + cat unsigned-cla.txt + exit 1 + fi diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers new file mode 100644 index 00000000..48ac33e4 --- /dev/null +++ b/tools/.github-cla-signers @@ -0,0 +1 @@ +dhensby -- cgit v1.2.3