roblox / cla-signature-bot Goto Github PK
View Code? Open in Web Editor NEWGitHub Action for self-contained handling of CLA signatures
License: Apache License 2.0
GitHub Action for self-contained handling of CLA signatures
License: Apache License 2.0
Currently the app needs a PAT (tied to a specific account) to perform auth for the remote repository. Modify this to allow for GitHub App auth instead, allowing the action to authenticate as an app. The app should only need repo read/write scopes to be able to read and write to the cla.json file in the remote repo, nothing more.
Describe the bug
I try to use the CLA-Signature bot with the described configuration. The bot is started but cannot be downloaded. The error message is
Failed to resolve action download info. Error: Unable to resolve action `Roblox/[email protected]`, unable to find version `2.0.1`
I tried the following definitions for uses
in the script:
uses: roblox/[email protected]
(this is the one used in the documentation)uses: roblox/[email protected]
(based on the current latest release)uses: roblox/cla-assistant
is not accepteduses: https://github.com/roblox/[email protected]
is also not acceptedTo Reproduce
Steps to reproduce the behavior:
Actions
tab of your repository to see the errorExpected behavior
GitHub actions should be able to download the bot.
Log
Current runner version: '2.275.1'
Operating System
Virtual Environment
Prepare workflow directory
Prepare all required actions
Getting action download info
Failed to resolve action download info. Error: Unable to resolve action `Roblox/[email protected]`, unable to find version `2.0.1`
Retrying in 20.256 seconds
Failed to resolve action download info. Error: Unable to resolve action `Roblox/[email protected]`, unable to find version `2.0.1`
Retrying in 11.918 seconds
Error: Failed to resolve action download info.
Describe the bug
When opening a fork-based PR the secret value for the remote repo PAT is not supplied for security reasons. This causes an error as that input is marked as required and it is blank.
To Reproduce
Open a PR from a fork.
Suggested fix:
Add a unit test for this situation as it should be handled gracefully. The remote repo should be anonymous-readable so that the PAT is not mandatory for read operations.
On the other hand, if we attempt to write to a remote repo while we lack a remote repo PAT we should fail.
Describe the bug
After making a comment on an issue on a repo with the CLA bot, it sent me an email that it had failed.
https://github.com/Roblox/testez/actions/runs/172094273
This did not stop me from commenting BTW.
Expected behavior
The CLA bot probably shouldn't run at all for issues and issue comments.
It requires some duplicated effort to maintain an employee whitelist across many repositories in the same organization.
It would be great to support pulling the contributor whitelist from a central repository, perhaps the same repository that contains who has signed the CLA.
The current recommendation is that employees be added to the whitelist for the CLA bot, but this needs to be done for each employee for each repo. Some way to automate this would help a lot. Probably the simplest option would be to allow the bot to accept teams in its whitelist.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.