ci: Add contributor license agreement check #1850
Conversation
|
Looks good to me, and the |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check if CLA signed | ||
| uses: canonical/has-signed-canonical-cla@5d1443b94417bd150ad234a82fe21f7340a25e4d # v2.1.0 |
There was a problem hiding this comment.
minor:
I wonder if we could trust the canonical org and reference this action by branch like @v2
There was a problem hiding this comment.
I'd be on board with an entry for canonical to the .github/zizmor.yml policies being added in this PR.
There was a problem hiding this comment.
I wondered about that. You'd hope that we could. It feels pretty broad, but I guess it's sending the wrong message if we don't :)
|
|
||
| on: | ||
| pull_request: | ||
| workflow_dispatch: |
There was a problem hiding this comment.
This seems a bit odd... what would be checked?
Perhaps authors of the last NN commits?
There was a problem hiding this comment.
I was thinking it would be useful if it failed, then the contributor signed the CLA, and we could run it manually. But maybe we can just re-run the failed check, so that would be sufficient.
|
It looks like maybe an org level one is meant to run. I've asked in MM for information. Maybe it's failing to run unless we duplicate it? That would be weird. I see that pattern in other repos, though. |
|
Apparently this is being run at an org level so no need to add it ourselves. I assume they will sort out the issue with it not running. |
3 participants
It seems like the
canonicalorganisation is now forcing all repositories to have a passing CLA check, so check if adding that workflow here solves that issue.This is the workflow that the action recommends, with minor security improvements, and allowing workflow-dispatch.
Fixes #1851.