diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml new file mode 100644 index 0000000..ad8320c --- /dev/null +++ b/.github/workflows/cla.yml @@ -0,0 +1,34 @@ +name: CLA Assistant + +on: + issue_comment: + types: [created] + pull_request_target: # zizmor: ignore[dangerous-triggers] delegates to pinned reusable CLA workflow; never check out PR code here + types: [opened, synchronize, reopened, closed] + +permissions: + actions: write + contents: read + issues: write + pull-requests: write + statuses: write + +jobs: + cla: + if: >- + ( + github.event_name == 'pull_request_target' + && github.event.pull_request.user.login != 'dependabot[bot]' + ) || ( + github.event_name == 'issue_comment' + && github.event.issue.pull_request + && ( + github.event.comment.body == 'recheck' + || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA' + ) + ) + uses: stella/.github/.github/workflows/cla.yml@44c8092f11c2f454916c320aa7d2144c173329d8 + with: + allowlist: dependabot[bot],renovate[bot],github-actions[bot],google-labs-jules[bot],cursoragent + secrets: + CLA_APP_PRIVATE_KEY: ${{ secrets.CLA_APP_PRIVATE_KEY }}