From e858ba1e08efd4cb65b45302804e1f2480b98030 Mon Sep 17 00:00:00 2001 From: Michael Duggan Date: Mon, 29 Sep 2025 16:28:50 -0400 Subject: [PATCH 1/2] implement shared cla action --- .github/workflows/cla-assistant.yml | 40 +++------------- .github/workflows/cla.yml | 72 +++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 33 deletions(-) create mode 100644 .github/workflows/cla.yml diff --git a/.github/workflows/cla-assistant.yml b/.github/workflows/cla-assistant.yml index 3c26ba6..a187a68 100644 --- a/.github/workflows/cla-assistant.yml +++ b/.github/workflows/cla-assistant.yml @@ -1,4 +1,4 @@ -name: CLA validation +name: CLA Validation on: issue_comment: @@ -8,39 +8,13 @@ on: permissions: actions: write - contents: read + contents: read pull-requests: write statuses: write - + jobs: CLAAssistant: - runs-on: ubuntu-latest - if: ${{ github.actor != 'dependabot[bot]' }} - steps: - - name: Create CLA Assistant Lite bot token - uses: actions/create-github-app-token@v2 - id: app-token - with: - app-id: ${{ secrets.SILABSIN_CLA_BOT_APP_ID }} - private-key: ${{ secrets.SILABSIN_CLA_BOT_APP_PRIVATE_KEY }} - owner: SiliconLabsInternal - repositories: contributor-license-agreements - - - name: Mask generated token - run: echo "::add-mask::${{ steps.app-token.outputs.token }}" - - - name: "CLA Assistant" - if: ${{ contains(github.event.comment.body, 'I have read the CLA Document and I hereby sign the CLA') }} || github.event_name == 'pull_request_target' - uses: SiliconLabsSoftware/action-cla-assistant@silabs_flavour_v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PERSONAL_ACCESS_TOKEN: ${{ steps.app-token.outputs.token }} - with: - path-to-signatures: "cla_signatures_db.json" - path-to-document: "https://github.com/SiliconLabsSoftware/agreements-and-guidelines/blob/main/contributor_license_agreement.md" - branch: 'cla-database' - allowlist: silabs-*,bot* - remote-organization-name: "SiliconLabsInternal" - remote-repository-name: "contributor-license-agreements" - create-file-commit-message: "Created the CLA database file. CLA Assistant Lite bot created this file." - signed-commit-message: "$contributorName has signed the CLA in $owner/$repo#$pullRequestNo" \ No newline at end of file + uses: ./.github/workflows/cla.yml + secrets: + CLA_APP_ID: ${{ secrets.SILABSIN_CLA_BOT_APP_ID }} + CLA_APP_PRIVATE_KEY: ${{ secrets.SILABSIN_CLA_BOT_APP_PRIVATE_KEY }} diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml new file mode 100644 index 0000000..c31b476 --- /dev/null +++ b/.github/workflows/cla.yml @@ -0,0 +1,72 @@ +name: Reusable CLA validation + +on: + workflow_call: + inputs: + remote_org: + type: string + default: "SiliconLabsInternal" + remote_repo: + type: string + default: "contributor-license-agreements" + signatures_path: + type: string + default: "cla_signatures_db.json" + document_url: + type: string + default: "https://github.com/SiliconLabsSoftware/agreements-and-guidelines/blob/main/contributor_license_agreement.md" + allowlist: + type: string + default: silabs-*,bot* + branch: + type: string + default: "cla-database" + runner: + type: string + default: "ubuntu-latest" + secrets: + CLA_APP_ID: + required: true + CLA_APP_PRIVATE_KEY: + required: true + +permissions: + actions: write + contents: read + pull-requests: write + statuses: write + +jobs: + cla: + runs-on: ${{ inputs.runner }} + if: | + github.event.pull_request.user.login != 'dependabot[bot]' && + github.event.pull_request.user.login != 'silabs-matter-ci-bot' + steps: + - name: Create CLA Assistant Lite bot token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.CLA_APP_ID }} + private-key: ${{ secrets.CLA_APP_PRIVATE_KEY }} + owner: ${{ inputs.remote_org }} + repositories: ${{ inputs.remote_repo }} + + - name: Mask generated token + run: echo "::add-mask::${{ steps.app-token.outputs.token }}" + + - name: CLA Assistant + if: ${{ (contains(github.event.comment.body, 'I have read the CLA Document and I hereby sign the CLA') && github.event.issue.pull_request) || github.event_name == 'pull_request_target' }} + uses: SiliconLabsSoftware/action-cla-assistant@silabs_flavour_v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PERSONAL_ACCESS_TOKEN: ${{ steps.app-token.outputs.token }} + with: + path-to-signatures: ${{ inputs.signatures_path }} + path-to-document: ${{ inputs.document_url }} + branch: ${{ inputs.branch }} + allowlist: ${{ inputs.allowlist }} + remote-organization-name: ${{ inputs.remote_org }} + remote-repository-name: ${{ inputs.remote_repo }} + create-file-commit-message: "Created the CLA database file. CLA Assistant Lite bot created this file." + signed-commit-message: "$contributorName has signed the CLA in $owner/$repo#$pullRequestNo" From 4db12513ebb0695502e8419f6af7f69fd099f438 Mon Sep 17 00:00:00 2001 From: Michael Duggan Date: Mon, 1 Dec 2025 15:26:47 -0500 Subject: [PATCH 2/2] remove pull_request check --- .github/workflows/cla.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index c31b476..06acb9f 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -56,7 +56,7 @@ jobs: run: echo "::add-mask::${{ steps.app-token.outputs.token }}" - name: CLA Assistant - if: ${{ (contains(github.event.comment.body, 'I have read the CLA Document and I hereby sign the CLA') && github.event.issue.pull_request) || github.event_name == 'pull_request_target' }} + if: ${{ (contains(github.event.comment.body, 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' }} uses: SiliconLabsSoftware/action-cla-assistant@silabs_flavour_v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}