Update check_cla.yml #158
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Workflow to check if a user is eligible to contribute or needs to sign the CLA | |
name: CLA Check | |
on: | |
# because the cla workflow will run on worflows generated from forks, they do not have access to secrets | |
# pull_request_target only runs the workflow on the master branch but allows access to secrets | |
pull_request_target: | |
branches: | |
- 'master' | |
- 'main' | |
pull_request: | |
merge_group: | |
# we do not need this workflow to run on merge_group because its whole purpose is to check if the PR is mergeable | |
# to test changes to this workflow, it needs to be manually run on the specific branch | |
workflow_dispatch: | |
jobs: | |
check-membership: | |
name: Check Membership | |
runs-on: ubuntu-latest | |
# Dont run this workflow if it was triggered by one of these bots | |
# Don't run it during a merge queue, as it can't correctly identify the actor | |
if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.user.login != 'github-actions[bot]' && github.event_name != 'merge_group' }} | |
outputs: | |
is_member: ${{ steps.check-membership.outputs.is_member}} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
repository: 'dfinity/public-workflows' | |
- name: Install Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install Dependencies | |
run: pip install -r requirements.txt | |
- name: Check Membership | |
id: check-membership | |
run: python reusable_workflows/check_membership/check_membership.py | |
shell: bash | |
env: | |
GH_TOKEN: ${{ secrets.CLA_READ_ORG_MEMBERSHIP }} | |
GH_ORG: ${{ github.repository_owner }} | |
USER: ${{ github.event.pull_request.user.login }} | |
check-external-contributions: | |
name: Check External Contributions | |
runs-on: ubuntu-latest | |
needs: check-membership | |
permissions: write-all | |
if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
repository: 'dfinity/public-workflows' | |
- name: Install Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install Dependencies | |
run: pip install -r requirements.txt | |
- name: Check if accepting external contributions | |
id: accepts_external_contrib | |
run: | | |
export PYTHONPATH="$PWD/reusable_workflows/" | |
python reusable_workflows/check_membership/check_external_contrib.py | |
shell: bash | |
env: | |
GH_TOKEN: ${{ github.token }} | |
REPO: ${{ github.event.repository.name }} | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Comment on PR | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
github.rest.issues.createComment({ | |
This repository does not accept external contributions yet. | |
We are therefore closing this Pull Request, thank you for your understanding. | |
— The DFINITY Foundation | |
}) | |
- name: Close Pull Request | |
id: close_pr | |
if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'true' }} | |
run: | | |
message="This repository does not accept external contributions yet. | |
We are therefore closing this Pull Request, thank you for your understanding. | |
— The DFINITY Foundation" | |
gh pr close ${{ github.event.number }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Add Label | |
uses: actions-ecosystem/action-add-labels@v1 | |
if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }} | |
with: | |
labels: external-contributor | |
- name: Checkout | |
uses: actions/checkout@v3 | |
if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }} | |
with: | |
repository: 'dfinity/public-workflows' | |
- name: Check CLA | |
id: check-cla | |
run: | | |
export PYTHONPATH="$PWD/reusable_workflows/" | |
python reusable_workflows/check_cla/check_cla_pr.py | |
shell: bash | |
if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }} | |
env: | |
GH_ORG: ${{ github.repository_owner }} | |
GH_TOKEN: ${{ secrets.CLA_COMMENT_ON_PRS }} | |
REPO: ${{ github.event.repository.name }} | |
PR_ID: ${{ github.event.number }} |