migrate code to new repo #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Workflow to check if a user is eligible to contribute or needs to sign the CLA | |
| name: CLA Check | |
| on: | |
| # because the cla workflow will run on worflows generated from forks, they do not have access to secrets | |
| # pull_request_target only runs the workflow on the master branch but allows access to secrets | |
| # the one downside of this approach is that making changes to the cla workflow itself is more tedious. For development purposes | |
| # the cla workflow will need to be manually tested using workflow_dispatch in the actions tab. | |
| pull_request_target: | |
| branches: | |
| - 'master' | |
| - 'main' | |
| # Workflows that are in required checks have to run in merge queue. | |
| # Otherwise their status is not reported and merge fails: | |
| # https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue#triggering-merge-group-checks-with-github-actions | |
| merge_group: | |
| # It is currently required to also have pull_request trigger for merge_group to work: | |
| # https://github.com/orgs/community/discussions/51120#discussioncomment-6312578 | |
| # However, pull_request does not allow access to secrets for forked PRs, which is why we exclude the trigger in the check-membership workflow | |
| pull_request: | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| check-membership: | |
| name: Check Membership | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.user.login != 'github-actions[bot]' && github.event_name != 'pull_request' }} | |
| outputs: | |
| is_member: ${{ steps.check-membership.outputs.is_member}} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: 'dfinity/repositories-open-to-contributions' | |
| - name: Check Membership | |
| id: check-membership | |
| uses: ./reusable_workflows/check_membership/ | |
| with: | |
| github-token: ${{ secrets.CLA_READ_ORG_MEMBERSHIP }} | |
| check-external-contributions: | |
| name: Check External Contributions | |
| runs-on: ubuntu-latest | |
| needs: check-membership | |
| if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: 'dfinity/repositories-open-to-contributions' | |
| - name: Check if accepting external contributions | |
| id: accepts_external_contrib | |
| uses: ./reusable_workflows/check_external_contrib/ | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Close Pull Request | |
| id: close_pr | |
| if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'true' }} | |
| run: | | |
| message="This repository does not accept external contributions yet. | |
| We are therefore closing this Pull Request, thank you for your understanding. | |
| — The DFINITY Foundation" | |
| gh pr close ${{ github.event.number }} --comment "$message" | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Add Label | |
| uses: actions-ecosystem/action-add-labels@v1 | |
| if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }} | |
| with: | |
| labels: external-contributor | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }} | |
| with: | |
| repository: 'dfinity/repositories-open-to-contributions' | |
| - name: Check CLA | |
| id: check-cla | |
| uses: ./reusable_workflows/check_cla_pr/ | |
| if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }} | |
| with: | |
| github-token: ${{ secrets.CLA_COMMENT_ON_PRS }} |