Add CLA Signature bot #9310
Add CLA Signature bot #9310
Conversation
The CLA signature bot will check the authors of each PR to ensure they have all signed the CLA. If any authors still need to sign the CLA, it will leave a comment explaining how it can be signed, and will check back upon each comment to see if it has been signed. The bot used is `MetaMask/cla-signature-bot`, which is a fork of `Roblox/cla-signature-bot`. The fork has a couple of improvements, and it updated the PR comment text to be more appropriate for our usage. Currently the only whitelisted user is `dependabot`, meaning that even ConsenSys employees will need to sign the CLA. We could add all employees to the whitelist, but I figured it'd be easier to get everyone to sign individually rather than maintaining this list here. The signatures are stored in `cla.json` on the `cla-signatures` branch, which is in this repository as a distinct root. We can consider moving this to a separate repository in the future - this was just easier to setup.
|
Note that actions haven't yet been enabled on this repo, and even if they had, it wouldn't work properly yet because of my use of the |
|
Currently the workflow for first-time contributors/signers requires the action to be manually re-run unfortunately. It's supposed to update automatically after the author signs, but it doesn't seem to be working correctly. Instead of re-running, the job gets queued up again but never executes (probably a GitHub bug? 🤔). Manually re-running once per contributor isn't terrible though. |
Builds ready [6015a3f]
Page Load Metrics (486 ± 65 ms)
|
|
I have just added a branch protection rule for the |
|
Note that actions triggered by the Screenshot:
|
|
I just noticed that I'm seeing this problem on my fork when testing this: Roblox/cla-signature-bot#10 I'm going to try to fix this as well. This would really clutter up the actions tab. |
Builds ready [5c16eda]
Page Load Metrics (485 ± 69 ms)
|
The version of `MetaMask/cla-signature-bot` has been updated from `v3.0.0` to `v3.0.1`. This version is more tolerant of being run against issue comments, and it has replaced the `whitelist` input parameter with `allowlist`.
|
This should be ready to review again now. I've addressed the issue comment problem in 5c16eda by skipping the job if it was triggered by an issue comment rather than a PR comment. Unfortunately this still ends up showing up in the 'Actions' tab, but at least it's greyed out. This was the best solution I could find. It doesn't seem possible yet to trigger actions just on pull request comments but not on issue comments. |
|
Also I'd appreciate a review of the commits I've made on Most of them have accompanying PRs here: https://github.com/Roblox/cla-signature-bot/pulls |
Builds ready [485431c]
Page Load Metrics (510 ± 83 ms)
|
A new input parameter, `allowOrganizationMembers`, has been added in `v3.0.2` of `MetaMask/cla-signature-bot`. This parameter automatically includes all organization members in the allowlist.
|
I have added one more feature to |
Builds ready [0dc2f2e]
Page Load Metrics (503 ± 73 ms)
|
|
I've enabled local actions for this repo—I had disabled actions across all the repos a while back before we'd decided to start using them so as we add workflows we'll need to enable it.
Where we're using our fork I've left it at just local actions but it might even be good to try and stick to local actions so we don't have random third-party code running on CI. |
The `allow-organization-members` input parameter was incorrectly named. It has been fixed. The version of the `cla-signature-bot` has been updated as well, because I have reset the tags used on that repo. `v3.0.0` now refers to the latest version.
|
I'm going to disable actions again for now until we get final signoff on this CLA. I'm not sure if we need to enable third-party actions for |
|
I think that simply restricts where we can |
|
Note that I've just pushed one more commit to this branch (hopefully the final one 🤞 ). I had discovered a couple of mistakes when testing, and they are now fixed. Also I've discovered that the |
Builds ready [85b03a6]
Page Load Metrics (481 ± 65 ms)
|
|
I have just enabled local Actions for this repository (as described in this comment), so the bot should start posting now. |
The CLA signature bot will check the authors of each PR to ensure they have all signed the CLA. If any authors still need to sign the CLA, it will leave a comment explaining how it can be signed, and will check back upon each comment to see if it has been signed.
The bot used is
Metamask/cla-signature-bot, which is a fork ofRoblox/cla-signature-bot. The fork has a couple of improvements, and it updated the PR comment text to be more appropriate for our usage.Currently the only whitelisted user is
dependabot, meaning that even ConsenSys employees will need to sign the CLA. We could add all employees to the whitelist, but I figured it'd be easier to get everyone to sign individually rather than maintaining this list here.The signatures are stored in
cla.jsonon thecla-signaturesbranch, which is in this repository as a distinct root. We can consider moving this to a separate repository in the future - this was just easier to setup.