Add configuration for CLA Assistant GitHub Action

[michaelosthege]

Internal ticket: https://jugit.fz-juelich.de/IBG-1/rse/proxy-issues/-/issues/17

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (53f9409) 90.19% compared to head (1939885) 90.19%.
Report is 2 commits behind head on main.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #15   +/-   ##
=======================================
  Coverage   90.19%   90.19%           
=======================================
  Files           7        7           
  Lines         306      306           
=======================================
  Hits          276      276           
  Misses         30       30           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ronald-jaepel]

I've added the yml to a dumy repo to test and found a couple of things.

Namely, the $PATH_TO_CLA syntax doesn't work, we need to use ${{ env.PATH_TO_CLA }}
Also, I can't get the token-access to work. Will report back when that works

[ronald-jaepel]

So, the bot does a full isequal check before accepting sign comments (meaning the comment has to be exactly equal to the value set in custom-pr-sign-comment). We therefore can not add additional info into the single sign comment. Other then that, everything works now in my mock test.

[michaelosthege]

So, the bot does a full isequal check before accepting sign comments (meaning the comment has to be exactly equal to the value set in custom-pr-sign-comment). We therefore can not add additional info into the single sign comment. Other then that, everything works now in my mock test.

thanks for testing! Did you check with the YML version from this PR?
Because (a few hours ago) I modified that equals check to a "contains".

[ronald-jaepel]

I tested with the yml from here. I think the code you modified only decides if the comment triggers a CLA-Assistant action, not what the action is going to be, AFAIK this implements the comparison to the reference comment.

Anyways, here are my suggested changes.

name: "CLA Assistant"
on:
  pull_request_target:
    types: [opened,closed,synchronize]

# explicitly configure permissions, in case your GITHUB_TOKEN workflow permissions are set to read-only in repository settings
permissions:
  actions: write
  contents: write
  pull-requests: write
  statuses: write

jobs:
  CLAAssistant:
    runs-on: ubuntu-latest
    steps:
      - name: "CLA Assistant"
        if: (github.event.comment.body == 'recheck' || contains(github.event.comment.body, 'I have read the CLA Document and I hereby sign the CLA')) || github.event_name == 'pull_request_target'
        uses: contributor-assistant/[email protected]
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # The below token has repo scope for the project configured further below to store signatures.
          PERSONAL_ACCESS_TOKEN: ${{ secrets.JUBIOTECH_CLA_SIGNATURES }}
          PATH_TO_CLA: 'https://github.com/jubiotech/detl/blob/main/CLA.md'
        with:
          path-to-signatures: 'signatures_detl.json'
          path-to-document: $PATH_TO_CLA
          # branch should not be protected
          branch: 'main'
          allowlist: dependabot[bot]

          # the followings are the optional inputs - If the optional inputs are not given, then default values will be taken
          # 👇 the remote organization and repo where the signatures should be stored
          remote-organization-name: jubiotech
          remote-repository-name: cla-signatures
          #create-file-commit-message: 'For example: Creating file for storing CLA Signatures'
          #signed-commit-message: 'For example: $contributorName has signed the CLA in $owner/$repo#$pullRequestNo'
          custom-notsigned-prcomment: >
              Thank you for your submission, we really appreciate it!
            
              Like many open-source projects we ask that you sign our [Contributor License Agreement](${{ env.PATH_TO_CLA }}) before we can accept your contribution.
              To sign, please post two separate comments based on the following template 👇


              1. Comment:
              
              ___
              
              \- [ ] The JuBiotech maintainers know my real name.

              At least one of the following two applies:

              \- [ ] The JuBiotech maintainers know my current employer.
              
              \- [ ] I am making not making this contribution of behalf of my current employer.

              ___

              2. Comment:
              
          custom-pr-sign-comment: >
              I have read the CLA Document and I hereby sign the CLA.

          #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.'
          # 👇 prevent contributors from revoking signatures after the merge (this is also the default)
          lock-pullrequest-aftermerge: true
          #use-dco-flag: true - If you are using DCO instead of CLA

[michaelosthege]

Thanks @ronald-jaepel I applied your changes and reversed my change in the if condition.

[ronald-jaepel]

looks good to me

[schmoelder]

Shouldnt this be

I am not making this contribution on behalf of my current employer.

?

[michaelosthege]

No, if the contribution is made in the contributors free time, their current employer is irrelevant. They might also be self- or unemployed. Therefore only one of the two task items must apply.

[schmoelder]

I get that, I just think there is one making too many in the second point.

[michaelosthege]

Suggested change

	\- [ ] I am making not making this contribution on behalf of my current employer.
	\- [ ] I am *not* making this contribution on behalf of my current employer.

ah of course, sorry my in-mind-diffing was incomplete

[lieres]

I really think we need to consult Alexander Storm here. In my view, it makes a difference if somehone has an employer of if he/she made the contribution during working hours. To make things more complex, contributions in "free time" might still require permission of thge employer (or not). This is not our business but it must be clear to the contributor which option to choose. Some contributors (like Sam) have multiple accounts to clarify on/off work contributions.

[michaelosthege]

Okay, then I will summarize the proposed procedure, texts & mockup screenshots, and consult him by email (cc y'all).