CLA Check Ruleset #18913
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # triggered on all repositories via rulesets | |
| name: CLA Check Ruleset | |
| on: | |
| # because the cla workflow will run on worflows generated from forks, they do not have access to secrets | |
| # pull_request_target only runs the workflow on the master branch but allows access to secrets | |
| pull_request_target: | |
| branches: | |
| - 'master' | |
| - 'main' | |
| merge_group: | |
| jobs: | |
| check-membership: | |
| uses: dfinity/public-workflows/.github/workflows/check_membership.yml@main | |
| secrets: inherit | |
| check-external-contributions: | |
| name: Check External Contributions | |
| runs-on: ubuntu-latest | |
| needs: check-membership | |
| if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }} | |
| steps: | |
| - name: Create GitHub App Token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.CLA_BOT_APP_ID }} | |
| private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }} | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: 'dfinity/public-workflows' | |
| - name: Python Setup | |
| uses: ./.github/workflows/python-setup | |
| - name: Check if accepting external contributions | |
| id: accepts_external_contrib | |
| run: | | |
| export PYTHONPATH="$PWD/reusable_workflows/" | |
| python reusable_workflows/check_membership/check_external_contrib.py | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| REPO: ${{ github.event.repository.name }} | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - name: Close Pull Request | |
| id: close_pr | |
| if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'true' }} | |
| uses: superbrothers/close-pull-request@v3 | |
| with: | |
| comment: | | |
| Thank you for contributing! Unfortunately this repository does not accept external contributions yet. | |
| We are working on enabling this by aligning our internal processes and our CI setup to handle external contributions. However this will take some time to set up so in the meantime we unfortunately have to close this Pull Request. | |
| We hope you understand and will come back once we accept external PRs. | |
| — The DFINITY Foundation""" | |
| - name: Add Label | |
| uses: actions/github-script@v6 | |
| if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }} | |
| with: | |
| script: | | |
| github.rest.issues.addLabels({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| labels: ["external-contributor"] | |
| }) | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }} | |
| with: | |
| repository: 'dfinity/public-workflows' | |
| - name: Check CLA | |
| id: check-cla | |
| run: | | |
| export PYTHONPATH="$PWD/reusable_workflows/" | |
| python reusable_workflows/check_cla/check_cla_pr.py | |
| shell: bash | |
| if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }} | |
| env: | |
| GH_ORG: ${{ github.repository_owner }} | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| REPO: ${{ github.event.repository.name }} | |
| PR_ID: ${{ github.event.number }} |