1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00

Add CLA Signature bot (#9310)

The CLA signature bot will check the authors of each PR to ensure they
have all signed the CLA. If any authors still need to sign the CLA, it
will leave a comment explaining how it can be signed, and will check
back upon each comment to see if it has been signed.

The bot used is `MetaMask/cla-signature-bot`, which is a fork of
`Roblox/cla-signature-bot`. The fork has a couple of improvements, and
it updated the PR comment text to be more appropriate for our usage.

Currently the only user on the `allowlist` is `dependabot`, but any public
members of the MetaMask organization will also be exempt from needing
to sign the CLA due to the `allow-organization-members` setting.

The signatures are stored in `cla.json` on the `cla-signatures` branch,
which is in this repository as a distinct root. We can consider moving
this to a separate repository in the future - this was just easier to
setup.
This commit is contained in:
Mark Stacey 2020-08-26 13:48:35 -03:00 committed by GitHub
parent 867dd33c1e
commit 885bd13160
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

24
.github/workflows/cla.yml vendored Normal file
View File

@ -0,0 +1,24 @@
name: "CLA Signature Bot"
on:
issue_comment:
types: [created]
pull_request_target:
types: [opened,closed,synchronize]
jobs:
CLABot:
if: github.event_name == 'pull_request_target' || contains(github.event.comment.html_url, '/pull/')
runs-on: ubuntu-latest
steps:
- name: "CLA Signature Bot"
uses: MetaMask/cla-signature-bot@v3.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
path-to-signatures: 'cla.json'
url-to-cladocument: 'https://metamask.io/cla.html'
# This branch can't have protections, commits are made directly to the specified branch.
branch: 'cla-signatures'
allowlist: dependabot
allow-organization-members: true
blockchain-storage-flag: false