1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 18:00:18 +01:00
Commit Graph

8 Commits

Author SHA1 Message Date
kumavis
0a8f94af81
Create codeql-analysis.yml (#12652) 2021-11-10 17:28:25 -10:00
Mark Stacey
fae857d1c0
Fix CLA Signature bot workflow (#11250)
In a recent PR (#11240) the workflow was updated to explicitly add the
required permissions. Unfortunately the "pull-requests" permission was
added with a space instead of a dash, which apparently breaks the
workflow. It now has a dash, as shown in the example in the docs [1].

[1]: https://docs.github.com/en/actions/reference/authentication-in-a-workflow#example-1-passing-the-github_token-as-an-input
2021-06-07 18:13:31 -02:30
Mark Stacey
a58c66af1f
Restore CLA bot permissions (#11240)
The CLA bot had its write permissions revoked recently when our
organization-wide settings were updated to restrict actions to read
access by default. This PR restores write access to PRs and to the
repository itself for the CLA bot. It needs PR write access to leave
comments, and needs write access to the repo itself to commit new
signatures.
2021-06-07 11:27:15 -02:30
Mark Stacey
0c627fa4f3
Update the CLA Signature bot to v3.0.2 (#10947)
This update includes support for PRs with >100 commits.
2021-04-28 20:15:47 -02:30
Whymarrh Whitby
bffa035bc7
Add MetaMask Bot to the CLA allow list (#9426) 2020-09-16 17:42:16 -02:30
Whymarrh Whitby
cd7a3a687b
Update allow list for CLA, fix Dependabot (#9400)
This change updates the Dependabot name in the allow list of the CLA workflow.
2020-09-14 14:59:15 -02:30
Mark Stacey
7ba2310726
Update CLA bot (#9389)
The `cla-signature-bot` has been updated to `v3.0.1`. This update
includes a bug fix for PRs that have over 100 comments.
2020-09-10 13:35:03 -03:00
Mark Stacey
885bd13160
Add CLA Signature bot (#9310)
The CLA signature bot will check the authors of each PR to ensure they
have all signed the CLA. If any authors still need to sign the CLA, it
will leave a comment explaining how it can be signed, and will check
back upon each comment to see if it has been signed.

The bot used is `MetaMask/cla-signature-bot`, which is a fork of
`Roblox/cla-signature-bot`. The fork has a couple of improvements, and
it updated the PR comment text to be more appropriate for our usage.

Currently the only user on the `allowlist` is `dependabot`, but any public
members of the MetaMask organization will also be exempt from needing
to sign the CLA due to the `allow-organization-members` setting.

The signatures are stored in `cla.json` on the `cla-signatures` branch,
which is in this repository as a distinct root. We can consider moving
this to a separate repository in the future - this was just easier to
setup.
2020-08-26 13:48:35 -03:00