chore: release 5.1.1 #107
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CLA Assistant | |
| # Gates merges on a signed Contributor License Agreement. | |
| # | |
| # Uses CLA Assistant Lite (contributor-assistant/github-action): signatures are | |
| # stored as a JSON file committed to a branch of THIS repo (no third-party | |
| # service holds the data). Contributors sign by commenting the configured phrase | |
| # on their PR; the action records it and flips the check green. | |
| # | |
| # AUTH: mints a token from the shared automation GitHub App (the same App | |
| # release-please uses), so signature commits show as the bot and there's no | |
| # personal token to expire. | |
| # | |
| # SETUP REQUIRED before this enforces anything: | |
| # 1. Create/install the automation GitHub App (Contents R/W, Pull requests R/W, | |
| # Issues R/W) and add BOT_APP_ID + BOT_APP_PRIVATE_KEY repo secrets — the | |
| # same secrets release-please uses. | |
| # 2. Create the `cla-signatures` branch (empty orphan) so the action has | |
| # somewhere to write `signatures/version1/cla.json`. | |
| # 3. Finalise CLA.md (legal review) — it's the document contributors agree to. | |
| # | |
| # Until the App secrets exist the CLA step self-skips, so the check is green | |
| # (not failing) on every PR and auto-activates once they're set. | |
| on: | |
| issue_comment: | |
| types: [created] | |
| pull_request_target: | |
| types: [opened, closed, synchronize] | |
| permissions: | |
| actions: write | |
| contents: write | |
| pull-requests: write | |
| statuses: write | |
| jobs: | |
| cla: | |
| runs-on: ubuntu-latest | |
| # Empty until the automation App secrets are configured (see SETUP above). | |
| # While empty, the steps below self-skip so this check passes (green) instead | |
| # of failing on every PR with "Branch cla-signatures not found". | |
| env: | |
| HAS_APP: ${{ secrets.BOT_APP_ID != '' }} | |
| # Only act on the signature comment or on PR events (not every comment). | |
| if: (github.event.issue.pull_request && contains(github.event.comment.body, 'I have read the CLA Document and I hereby sign the CLA')) || github.event_name == 'pull_request_target' | |
| steps: | |
| - uses: actions/create-github-app-token@v3 | |
| id: app-token | |
| if: env.HAS_APP == 'true' | |
| with: | |
| app-id: ${{ secrets.BOT_APP_ID }} | |
| private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }} | |
| - uses: contributor-assistant/github-action@v2.6.1 | |
| if: env.HAS_APP == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PERSONAL_ACCESS_TOKEN: ${{ steps.app-token.outputs.token }} | |
| with: | |
| path-to-signatures: "signatures/version1/cla.json" | |
| path-to-document: "https://github.com/devicecloud-dev/dcd-cli/blob/dev/CLA.md" | |
| branch: "cla-signatures" | |
| # Do NOT lock the PR on merge (the action's default is true). release-please | |
| # comments on its release PR *after* merge; a locked conversation makes that | |
| # comment fail and takes down the whole Release job (npm publish + binaries | |
| # never run). Keeping this false is load-bearing for the release pipeline. | |
| lock-pullrequest-aftermerge: false | |
| # Internal maintainers (covered by employment/CCLA) + bots skip the prompt. | |
| allowlist: riglar,finalerock44,dependabot[bot],renovate[bot],*[bot] | |
| # Customise the bot's prompts if desired: | |
| custom-notsigned-prcomment: "Thanks for your contribution! Please sign our Contributor License Agreement before we can merge. Comment the line below to sign:" | |
| custom-pr-sign-comment: "I have read the CLA Document and I hereby sign the CLA" | |
| custom-allsigned-prcomment: "All contributors have signed the CLA. ✍️ ✅" |