name: "CLA Assistant" on: issue_comment: types: [created] pull_request_target: types: [opened, closed, synchronize] # explicitly configure permissions, in case your GITHUB_TOKEN workflow permissions are set to read-only in repository settings permissions: actions: write contents: write # this can be 'read' if the signatures are in remote repository pull-requests: write statuses: write jobs: CLAAssistant: runs-on: ubuntu-latest steps: # Mint a short-lived GitHub App installation token (≈1h, auto-revoked at job # end) instead of a long-lived personal PAT. The App must be installed on this # repo and added to main's branch-protection bypass list so it can commit the # signature file. Requires repo secrets/vars CLA_APP_ID and CLA_APP_PRIVATE_KEY. - name: Generate CLA app token id: app-token uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: app-id: ${{ vars.CLA_APP_ID }} private-key: ${{ secrets.CLA_APP_PRIVATE_KEY }} - name: "CLA Assistant" if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' # Maintained node24 fork of the (archived) contributor-assistant/github-action. # Pinned to a commit SHA because the fork publishes no semver tags. uses: SiliconLabsSoftware/action-cla-assistant@89980ac6cfe974ea7703b4ccfbaeb1b2cc6065d2 # silabs_flavour_v2 (node24) env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} with: path-to-signatures: "signatures/version1/cla.json" path-to-document: "https://github.com/getzep/graphiti/blob/main/Zep-CLA.md" # e.g. a CLA or a DCO document branch: "main" allowlist: paul-paliychuk,prasmussen15,danielchalef,dependabot[bot],ellipsis-dev,Claude[bot],claude[bot] # the followings are the optional inputs - If the optional inputs are not given, then default values will be taken #remote-organization-name: enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository) #remote-repository-name: enter the remote repository name where the signatures should be stored (Default is storing the signatures in the same repository) #create-file-commit-message: 'For example: Creating file for storing CLA Signatures' #signed-commit-message: 'For example: $contributorName has signed the CLA in $owner/$repo#$pullRequestNo' #custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign' #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA' #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.' #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true) #use-dco-flag: true - If you are using DCO instead of CLA