From bf336292753367f4f13701cc597c370b821ecd8c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 4 Dec 2025 00:42:43 +0000 Subject: [PATCH 1/2] Initial plan From 04aa5eaef1634a7d852b9ab6c964cf7bd5ca83c3 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 4 Dec 2025 00:47:44 +0000 Subject: [PATCH 2/2] Fix CLA check workflow to pass exempt users to CLA assistant action Co-authored-by: bashandbone <89049923+bashandbone@users.noreply.github.com> --- .github/workflows/cla-check.yml | 40 ++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/.github/workflows/cla-check.yml b/.github/workflows/cla-check.yml index 3733da8..6eb6ad3 100644 --- a/.github/workflows/cla-check.yml +++ b/.github/workflows/cla-check.yml @@ -57,6 +57,7 @@ jobs: is_member: ${{ steps.check-membership.outputs.is_member }} should_run_cla: ${{ steps.check-membership. outputs.should_run_cla }} exempt_users: ${{ steps.check-membership.outputs.exempt_users }} + exempt_usernames: ${{ steps.check-membership.outputs.exempt_usernames }} steps: - name: Debug Event Context run: | @@ -147,6 +148,7 @@ jobs: # Check each user for org membership or allowlist NEEDS_CLA=() EXEMPT_USERS=() + EXEMPT_USERNAMES=() for user in $USERS; do if [[ -z "$user" ]]; then NEEDS_CLA+=("") @@ -156,6 +158,7 @@ jobs: if is_allowed_bot "$user"; then echo "Skipping bot/allowlisted account: $user" EXEMPT_USERS+=("$user (bot)") + EXEMPT_USERNAMES+=("$user") continue fi @@ -168,6 +171,7 @@ jobs: if [ "$collab_response" == "204" ]; then echo "User $user is a repository collaborator" EXEMPT_USERS+=("$user (collaborator)") + EXEMPT_USERNAMES+=("$user") continue fi @@ -181,6 +185,7 @@ jobs: if [ "$org_response" == "204" ]; then echo "User $user is a Knitli org member" EXEMPT_USERS+=("$user (org member)") + EXEMPT_USERNAMES+=("$user") continue elif [ "$org_response" == "404" ] || [ "$org_response" == "302" ]; then # 404 = not a member, 302 = requester is not an org member (can't see membership) @@ -208,6 +213,14 @@ jobs: fi echo "exempt_users=$EXEMPT_JSON" >> "$GITHUB_OUTPUT" + # Output exempt usernames as comma-separated string for allowlist + if [ ${#EXEMPT_USERNAMES[@]} -eq 0 ]; then + EXEMPT_USERNAMES_CSV="" + else + EXEMPT_USERNAMES_CSV=$(IFS=','; echo "${EXEMPT_USERNAMES[*]}") + fi + echo "exempt_usernames=$EXEMPT_USERNAMES_CSV" >> "$GITHUB_OUTPUT" + if [ ${#NEEDS_CLA[@]} -eq 0 ]; then echo "All committers are org members or allowed bots; CLA not required" echo "is_member=true" >> "$GITHUB_OUTPUT" @@ -291,19 +304,20 @@ jobs: # Patterns cover: names ending in "bot", names ending in "[bot]", and specific known bots. # The is_allowed_bot() function in check-membership uses regex, while this uses globs, # so there may be minor differences. The check-membership step is the primary filter. - allowlist: | - bot* - *bot - *[bot] - claude* - copilot* - dependabot* - github-actions* - codegen-sh* - changeset-bot* - actions-user - sourcery* - github-code-quality* + # Dynamic exempt users from check-cla job are appended at the end. + allowlist: >- + bot*, + *bot, + *[bot], + claude*, + copilot*, + dependabot*, + github-actions*, + codegen-sh*, + changeset-bot*, + actions-user, + sourcery*, + github-code-quality*${{ needs.check-cla.outputs.exempt_usernames && format(',{0}', needs.check-cla.outputs.exempt_usernames) || '' }} # Commit messages create-file-commit-message: 'chore: initialize CLA signatures for ${{ inputs.repo_name }}'