We are excited to announce that we developed a CLA Assistant Github Action (a light version of CLA Assistant). With this GitHub Action we get rid of the need for a centrally managed database by storing the contributor's signature data in a decentralized way - in the repository's file system plus optionally on the Ethereum Blockchain
Feel free to test this GitHub Action and give us the feedback.
- decentralized data storage
- fully integrated with github environment
- no UI required
- no need for permission/scope handling
- contributors can sign the CLA by just posting a Pull Request comment
- signatures will be stored in a file inside the repository plus optionally on the Ethereum Blockchain
name: "CLA Assistant"
on:
issue_comment:
types: [created]
pull_request:
types: [opened,closed,synchronize]
jobs:
CLAssistant:
runs-on: ubuntu-latest
steps:
- name: "CLA Assistant"
if: (github.event.comment.body == 'recheckcla' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request'
uses: cla-assistant/github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
path-to-signatures: 'signatures/version1/cla.json'
path-To-cladocument: 'https://github.com/ibakshay/test-action-workflow/blob/master/cla.md'
branch: 'master'
blockchain-storage-flag: falseCLA action workflow will be triggered on all Pull Request opened, synchronize
CLA workflow creates a comment on Pull Request asking contributors who have not signed the CLA to sign and also fails the pull request status check with a failure. The contributors are asked to sign the CLA within the pull request by copy and pasting "I have read the CLA Document and I hereby sign the CLA" as a Pull Request comment like below.
If the contributor has already signed the CLA then the PR status will pass with success.
By default, the GitHub Action workflow will also create an empty commit with message "@#contributorname# has signed the CLA" whenever a contributor signs the CLA.
After the contributor signed the CLA, the contributor's signature with metadata will be stored in a json file inside the repository like below screenshot and you can specify the custom path to this file with path-to-signatures input in the workflow .
The default path is path-to-signatures: 'signatures/version1/cla.json'
To make the whole process more fraud resistant we grant the option to additionally store the signatures on the Ethereum Blockchain. To use this feature just set the blockchain-storage-flag: true. It might take some minutes until the transaction is validated. After this you can view the signatures stored on the Ethereum Blockchain here - special credits and thanks goes to @FabianRiewe.
| Name | Requirement | Description |
|---|---|---|
GITHUB_TOKEN |
required | Must be in the form of GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} , CLA Action uses this in-built GitHub token to make the API calls for interacting with GitHub. It is built into Github Actions and does not need to be manually specified in your secrets store. More Info |
| Name | Requirement | Description |
|---|---|---|
path-To-cladocument |
required | provide full URL https://<clafile> to the Contributor License Agreement (CLA) to which the Contributor can read before signing the CLA. It can be a file inside the repository or it can be a gist |
blockchain-storage-flag |
required | provide the boolean true or false to optionally store the Controbutor's signature data in the Ethereum blockchain |
path-to-signatures |
optional | Path to the JSON file where all the signatures of the contributors will be stored inside the repository. Default path is "./signatures/cla.json". |
branch |
optional | Branch in which all the signatures of the contributors will be stored and Default branch is master |
empty-commit-flag |
optional | provide the boolean true or false so that GitHub Actions will add empty commit whenever the user signs the CLA. Default is true |
This action won't work for Pull Request coming from the forks as the GitHub Action Token does not have write access for the forks, However, the GitHub team assured in one of the discussion that they will ship this feature to enable read/write access for the PRs coming from the forks.
LGPL -3.0
❤️ from the GitHub team @SAP