Skip to content

ci: Add contributor license agreement check #1850

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
tonyandrewmeyer wants to merge 5 commits into from
+14 −0
Closed

ci: Add contributor license agreement check #1850

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a7a382e
feat: add sbomber workflow and manifests
tonyandrewmeyer Jun 24, 2025
4a721af
Merge branch 'main' into add-sbomber
tonyandrewmeyer Jun 24, 2025
8d501f0
Merge pull request #12 from tonyandrewmeyer/add-sbomber
tonyandrewmeyer Jun 24, 2025
f857f80
ci: add a check for CLA signing
tonyandrewmeyer Jun 25, 2025
927f88e
Remove things from accidental ahead fork.
tonyandrewmeyer Jun 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .github/workflows/cla.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: cla-check

on:
pull_request:
workflow_dispatch:
Copy link
Copy Markdown
Contributor

@dimaqq dimaqq Jun 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems a bit odd... what would be checked?

Perhaps authors of the last NN commits?

Copy link
Copy Markdown
Collaborator Author

@tonyandrewmeyer tonyandrewmeyer Jun 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking it would be useful if it failed, then the contributor signed the CLA, and we could run it manually. But maybe we can just re-run the failed check, so that would be sufficient.


permissions: {}

jobs:
cla-check:
runs-on: ubuntu-latest
steps:
- name: Check if CLA signed
uses: canonical/has-signed-canonical-cla@5d1443b94417bd150ad234a82fe21f7340a25e4d # v2.1.0
Copy link
Copy Markdown
Contributor

@dimaqq dimaqq Jun 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor:
I wonder if we could trust the canonical org and reference this action by branch like @v2

Copy link
Copy Markdown
Contributor

@james-garner-canonical james-garner-canonical Jun 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd be on board with an entry for canonical to the .github/zizmor.yml policies being added in this PR.

Copy link
Copy Markdown
Collaborator Author

@tonyandrewmeyer tonyandrewmeyer Jun 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wondered about that. You'd hope that we could. It feels pretty broad, but I guess it's sending the wrong message if we don't :)