-
Notifications
You must be signed in to change notification settings - Fork 0
115 lines (101 loc) · 3.8 KB
/
check_cla.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# Workflow to check if a user is eligible to contribute or needs to sign the CLA
name: CLA Check
on:
# because the cla workflow will run on worflows generated from forks, they do not have access to secrets
# pull_request_target only runs the workflow on the master branch but allows access to secrets
pull_request_target:
branches:
- 'master'
- 'main'
pull_request:
merge_group:
# we do not need this workflow to run on merge_group because its whole purpose is to check if the PR is mergeable
# to test changes to this workflow, it needs to be manually run on the specific branch
workflow_dispatch:
jobs:
check-fork:
name: Check External
runs-on: ubuntu-latest
permissions: write-all
outputs:
is_external: ${{ steps.check-fork.outputs.is_external }}
steps:
- name: Check Fork
id: check-external
shell: bash
run: |
if [ ${{ github.event.repository.name }} != ${{ github.event.pull_request.head.repo.full_name }} ]; then
is_external="true"
else
is_external="false"
fi
echo $is_external
echo "'is_external=$is_external' >> $GITHUB_OUTPUT"
- name: DEBUG
id: debug
shell: bash
run: |
echo ${{ needs.check-fork.outputs.is_external }}
check-external-contributions:
name: Check External Contributions
runs-on: ubuntu-latest
needs: check-fork
permissions: write-all
if: ${{ needs.check-fork.outputs.is_external == 'true' && needs.check-fork.result == 'success' }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
repository: 'dfinity/public-workflows'
- name: Install Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install Dependencies
run: pip install -r requirements.txt
- name: Check if accepting external contributions
id: accepts_external_contrib
run: |
export PYTHONPATH="$PWD/reusable_workflows/"
python reusable_workflows/check_membership/check_external_contrib.py
shell: bash
env:
GH_TOKEN: ${{ github.token }}
REPO: ${{ github.event.repository.name }}
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Close Pull Request
id: close_pr
if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'true' }}
run: |
message="This repository does not accept external contributions yet.
We are therefore closing this Pull Request, thank you for your understanding.
— The DFINITY Foundation"
gh pr close ${{ github.event.number }} --comment "$message"
env:
GH_TOKEN: ${{ github.token }}
- name: Add Label
uses: actions-ecosystem/action-add-labels@v1
if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }}
with:
labels: external-contributor
- name: Checkout
uses: actions/checkout@v3
if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }}
with:
repository: 'dfinity/public-workflows'
- name: Check CLA
id: check-cla
run: |
export PYTHONPATH="$PWD/reusable_workflows/"
python reusable_workflows/check_cla/check_cla_pr.py
shell: bash
if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }}
env:
GH_ORG: ${{ github.repository_owner }}
GH_TOKEN: ${{ secrets.CLA_COMMENT_ON_PRS }}
REPO: ${{ github.event.repository.name }}
PR_ID: ${{ github.event.number }}