CLA Gate #422
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CLA Gate | |
| # This workflow publishes a repository-owned commit status named `CLA Gate`. | |
| # Make `CLA Gate` required instead of requiring CLA Assistant's raw `license/cla` | |
| # status directly. That lets merge queue entries pass without waiting for CLA | |
| # Assistant to report on the synthetic merge-group SHA, while pull requests still | |
| # mirror the real CLA Assistant result. | |
| on: | |
| status: | |
| merge_group: | |
| permissions: | |
| contents: read | |
| statuses: write | |
| jobs: | |
| publish-cla-gate-status: | |
| name: CLA status | |
| runs-on: ubuntu-latest | |
| if: github.event_name != 'status' || github.event.context == 'license/cla' | |
| steps: | |
| - name: Check out trusted base code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| - uses: dsherret/rust-toolchain-file@v1 | |
| - name: Publish CLA Gate status | |
| uses: actions/github-script@v7 | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| with: | |
| script: | | |
| const { execFileSync } = require("child_process"); | |
| function claStatus(args) { | |
| const command = ["ci", "cla-assistant", "status", ...args]; | |
| core.info(`Running cargo ${command.join(" ")}`); | |
| const output = execFileSync("cargo", command, { | |
| encoding: "utf8", | |
| env: process.env, | |
| }); | |
| core.info(`cargo ci output: ${output.trim()}`); | |
| const status = JSON.parse(output); | |
| core.info( | |
| `Resolved license/cla for ${status.sha}: state=${status.state || "missing"} ` + | |
| `description=${status.description || "<none>"} ` + | |
| `target_url=${status.target_url || "<none>"}` | |
| ); | |
| return status; | |
| } | |
| async function postStatus({ sha, state, description, targetUrl }) { | |
| const statusContext = "CLA Gate"; | |
| core.info( | |
| `Publishing ${statusContext}=${state} for ${sha}: ${description}` | |
| ); | |
| await github.rest.repos.createCommitStatus({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| sha, | |
| state, | |
| description, | |
| context: statusContext, | |
| target_url: targetUrl, | |
| }); | |
| } | |
| let targetSha; | |
| let claStatusArgs; | |
| core.info( | |
| `Handling ${context.eventName} event for workflow SHA ${process.env.GITHUB_SHA}` | |
| ); | |
| if (context.eventName === "merge_group") { | |
| core.info(`Merge group SHA is ${process.env.GITHUB_SHA}`); | |
| await postStatus({ | |
| sha: process.env.GITHUB_SHA, | |
| state: "success", | |
| description: "Merge group entry; CLA already checked before queue", | |
| }); | |
| return; | |
| } | |
| if (context.eventName === "status") { | |
| targetSha = context.payload.sha; | |
| claStatusArgs = ["--sha", targetSha]; | |
| core.info( | |
| `status event context=${context.payload.context} state=${context.payload.state} sha=${targetSha}` | |
| ); | |
| } else { | |
| core.setFailed(`Unsupported event type: ${context.eventName}`); | |
| return; | |
| } | |
| core.info(`Checking license/cla with args: ${claStatusArgs.join(" ")}`); | |
| const status = claStatus(claStatusArgs); | |
| if (!status.state) { | |
| core.info(`No CLA Gate status to publish for ${targetSha}`); | |
| return; | |
| } | |
| await postStatus({ | |
| sha: targetSha, | |
| state: status.state, | |
| description: status.description || undefined, | |
| targetUrl: status.target_url || undefined, | |
| }); |