Skip to content

Contributor agreement [improved] #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
komarov wants to merge 8 commits into
base: apply-patches-v1.25.2
Choose a base branch
from
Open

Contributor agreement [improved] #21

komarov wants to merge 8 commits into from

Conversation

@komarov
Copy link
Collaborator

@komarov komarov commented Dec 9, 2025
edited
Loading

An iteration upon the closed #15 (first 4 commits have been copied over).

New models ContributorAgreement and SignedContributorAgreement are introduced.

A new Settings > Contributor Agreements page is introduced.
The page allows a user to review the text of existing contributor agreements
and to sign any of them.

A new /api/v1/users/{username}/contributor-agreements/{slug} endpoint allows to
check if a user has signed a contributor agreement.
This api endpoint can be used by a gitea action workflow as described in https://projects.blender.org/infrastructure/clacheck-runner

Updated in this iteration:

  • SignContributorAgreement function now searches for failed cla.yml workflows that were triggered by the current user and reruns them (search limited to 10 latest workflow runs). This updates the failed check status automatically and doesn't require any additional actions from the user.
  • The API response body is now formatted to make the instructions more prominent.

In addition to these changes the runner code (https://projects.blender.org/infrastructure/clacheck-runner) was updated to automatically post a pull request comment when a check fails:

@username please sign the contributor agreement $CLA_SLUG at https://projects.blender.org/user/settings/contributor_agreements

@komarov
BLENDER: contributor agreement support
02f0b30 
New models ContributorAgreement and SignedContributorAgreement are introduced.

A new Settings > Contributor Agreements page is introduced.
The page allows a user to review the text of existing contributor agreements
and to sign any of them.

A new /api/v1/users/{username}/contributor-agreements/{slug} endpoint allows to
check if a user has signed a contributor agreement.
This api endpoint can be used by a gitea action workflow, e.g. like this:

```
    name: contributor agreement check

    on:
      pull_request_target:
        types: [opened, ready_for_review, reopened, review_requested]

    env:
      CONTRIBUTOR_AGREEMENT: ...

    jobs:
      check_api:
        runs-on: ...
        steps:
          - run: echo "Checking $CONTRIBUTOR_AGREEMENT for ${{ gitea.event.pull_request.user.login }}"
          - run: result=$(curl --show-error --silent "$GITHUB_API_URL/users/${{ gitea.event.pull_request.user.login }}/contributor-agreements/$CONTRIBUTOR_AGREEMENT"); if [ "$result" == "OK" ]; then exit 0; else echo $result; exit 1; fi
```
@komarov
cleanup signed agreements on user deletion
89490da
@komarov
Admin UI for listing/search and batch signing
1e17d99
@komarov
always add a prefix for the batch sign comment
8d3b52e
@komarov
Fix SearchUsers usage
5cd92a8 
changed in b0936f4
@komarov
rerun failed cla.yml jobs on cla sign
d0bca15
@komarov komarov force-pushed the contributor-agreement2 branch from 7aaf423 to d0bca15 Compare December 10, 2025 11:42
@komarov komarov marked this pull request as ready for review December 11, 2025 15:36
@komarov
Copy link
Collaborator Author

komarov commented Dec 11, 2025

@brechtvl @bartvdbraak here are the updates for the CLA check implementation (mentioned in PR description above).

I don't particularly like the coupling of the CLA signing code with the workflow reruns, but as the user testing showed we need to have some automation and this seemed like the only realistic place to put it. One alternative is to remove this automation and to instruct the user to close/reopen the PR, but this feels rather clumsy as an interface.

brechtvl
brechtvl reviewed Dec 11, 2025
View reviewed changes
Copy link
Collaborator

@brechtvl brechtvl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The coupling seems unavoidable and with CLAs on GitHub something similar happens.

I have just one comment after read through the implementation.

routers/web/user/setting/contributor_agreements.go

// rerunFailedActions looks for recent cla.yml failures triggered by the user and reruns those.
func rerunFailedActions(ctx *gitea_context.Context, user *user_model.User) error {
runs, err := db.Find[actions_model.ActionRun](ctx, actions_model.FindRunOptions{
Copy link
Collaborator

@brechtvl brechtvl Dec 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this return the 10 most recent runs? It wasn't obvious to me looking at the FindRunOptions implementation.

If not that could cause problems especially when a user needs to sign a second CLA a long time after the first one.

Copy link
Collaborator Author

@komarov komarov Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the order is defined in https://github.com/go-gitea/gitea/blob/01351cc6c792635568872e6766445a573368144a/models/actions/run_list.go#L125

If that changes unexpectedly we will have a problem though. Maybe there's is a simple way to guarantee the order.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brechtvl brechtvl brechtvl left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@komarov @brechtvl