From cf9e990be6dd0282aef044e2142473f007fcdd9c Mon Sep 17 00:00:00 2001
From: "igor.grzankowski" <@splunk.com>
Date: Tue, 9 Dec 2025 18:31:35 +0100
Subject: [PATCH 1/4] Add CLA check
---
.github/workflows/cla-check.yml | 89 +++++++++++++++++++++++++++++++++
1 file changed, 89 insertions(+)
create mode 100644 .github/workflows/cla-check.yml
diff --git a/.github/workflows/cla-check.yml b/.github/workflows/cla-check.yml
new file mode 100644
index 000000000..ee5415b21
--- /dev/null
+++ b/.github/workflows/cla-check.yml
@@ -0,0 +1,89 @@
+name: "CLA Check"
+on:
+ issue_comment:
+ types: [created]
+ pull_request_target:
+ types: [opened, closed, synchronize]
+
+permissions:
+ actions: write
+ contents: write
+ pull-requests: write
+ statuses: write
+
+jobs:
+ cla-check:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Check if user is Splunk org member
+ id: check-org
+ continue-on-error: true
+ run: |
+ # Check if the PR author is a member of the Splunk organization
+ if [ "${{ github.event_name }}" == "pull_request_target" ]; then
+ AUTHOR="${{ github.event.pull_request.user.login }}"
+ else
+ AUTHOR="${{ github.event.comment.user.login }}"
+ fi
+
+ echo "Checking if $AUTHOR is a Splunk org member..."
+
+ # Check organization membership (returns 204 if member, 404 if not)
+ STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
+ -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+ "https://api.github.com/orgs/splunk/members/$AUTHOR")
+
+ if [ "$STATUS" == "204" ]; then
+ echo "is_splunk_member=true" >> $GITHUB_OUTPUT
+ echo "â
$AUTHOR is a Splunk organization member"
+ else
+ echo "is_splunk_member=false" >> $GITHUB_OUTPUT
+ echo "âšī¸ $AUTHOR is not a Splunk organization member"
+ fi
+
+ - name: Set success status for Splunk employees
+ if: steps.check-org.outputs.is_splunk_member == 'true' && github.event_name == 'pull_request_target'
+ uses: actions/github-script@v7
+ with:
+ script: |
+ // Post success comment
+ await github.rest.issues.createComment({
+ issue_number: context.issue.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ body: 'â
**CLA verification passed** - Contributor is a Splunk organization member. No additional CLA signature required.'
+ });
+
+ // Set commit status to success
+ await github.rest.repos.createCommitStatus({
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ sha: context.payload.pull_request.head.sha,
+ state: 'success',
+ context: 'CLA Check',
+ description: 'Splunk org member - CLA not required'
+ });
+
+ - name: "CLA Check"
+ if: |
+ steps.check-org.outputs.is_splunk_member != 'true' &&
+ ((github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target')
+ uses: contributor-assistant/github-action@v2.5.2
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # The below token should have repo scope and must be manually added by a maintainer in the GitHub Secrets
+ PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_ASSISTANT_PAT }}
+ with:
+ path-to-signatures: '.github/cla-signatures.json'
+ path-to-document: 'https://www.splunk.com/en_us/form/contributions.html'
+ branch: 'main'
+ allowlist: bot*,dependabot*,*[bot],renovate*,snyk-bot
+
+ # the following fields are optional
+ remote-organization-name: splunk
+ remote-repository-name: splunk-operator-cla-signatures
+
+ # custom messages
+ custom-pr-sign-comment: 'Thank you for your contribution! Before we can merge this pull request, we need you to sign our Contributor License Agreement.
**đ Please visit [Splunk CLA Form](https://www.splunk.com/en_us/form/contributions.html) to sign the CLA.**
Once you have signed, please comment:
```I have read the CLA Document and I hereby sign the CLA```
**Note**: Splunk organization members are automatically verified and do not need to sign.'
+ custom-allsigned-prcomment: 'All contributors have signed the CLA â
. Thank you!'
+ lock-pullrequest-aftermerge: false
From 69916be44f3b79fe2def5b62b256fc11fb4e89da Mon Sep 17 00:00:00 2001
From: "igor.grzankowski" <@splunk.com>
Date: Tue, 16 Dec 2025 12:56:47 +0100
Subject: [PATCH 2/4] Use correct workflow
---
.github/workflows/cla-check.yml | 111 ++++++++++----------------------
1 file changed, 34 insertions(+), 77 deletions(-)
diff --git a/.github/workflows/cla-check.yml b/.github/workflows/cla-check.yml
index ee5415b21..7283981bb 100644
--- a/.github/workflows/cla-check.yml
+++ b/.github/workflows/cla-check.yml
@@ -1,89 +1,46 @@
-name: "CLA Check"
+name: "Agreements"
+
on:
issue_comment:
- types: [created]
+ types: [ created ]
pull_request_target:
- types: [opened, closed, synchronize]
-
-permissions:
- actions: write
- contents: write
- pull-requests: write
- statuses: write
+ types: [ opened, closed, synchronize ]
jobs:
- cla-check:
+ ContributorLicenseAgreement:
runs-on: ubuntu-latest
steps:
- - name: Check if user is Splunk org member
- id: check-org
- continue-on-error: true
- run: |
- # Check if the PR author is a member of the Splunk organization
- if [ "${{ github.event_name }}" == "pull_request_target" ]; then
- AUTHOR="${{ github.event.pull_request.user.login }}"
- else
- AUTHOR="${{ github.event.comment.user.login }}"
- fi
-
- echo "Checking if $AUTHOR is a Splunk org member..."
-
- # Check organization membership (returns 204 if member, 404 if not)
- STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
- -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
- "https://api.github.com/orgs/splunk/members/$AUTHOR")
-
- if [ "$STATUS" == "204" ]; then
- echo "is_splunk_member=true" >> $GITHUB_OUTPUT
- echo "â
$AUTHOR is a Splunk organization member"
- else
- echo "is_splunk_member=false" >> $GITHUB_OUTPUT
- echo "âšī¸ $AUTHOR is not a Splunk organization member"
- fi
-
- - name: Set success status for Splunk employees
- if: steps.check-org.outputs.is_splunk_member == 'true' && github.event_name == 'pull_request_target'
- uses: actions/github-script@v7
+ - name: "CLA Assistant"
+ if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+ uses: cla-assistant/github-action@v2.1.3-beta
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ PERSONAL_ACCESS_TOKEN: ${{ secrets.PAT_CLATOOL }}
with:
- script: |
- // Post success comment
- await github.rest.issues.createComment({
- issue_number: context.issue.number,
- owner: context.repo.owner,
- repo: context.repo.repo,
- body: 'â
**CLA verification passed** - Contributor is a Splunk organization member. No additional CLA signature required.'
- });
-
- // Set commit status to success
- await github.rest.repos.createCommitStatus({
- owner: context.repo.owner,
- repo: context.repo.repo,
- sha: context.payload.pull_request.head.sha,
- state: 'success',
- context: 'CLA Check',
- description: 'Splunk org member - CLA not required'
- });
-
- - name: "CLA Check"
- if: |
- steps.check-org.outputs.is_splunk_member != 'true' &&
- ((github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target')
- uses: contributor-assistant/github-action@v2.5.2
+ path-to-signatures: "signatures/version1/cla.json"
+ path-to-document: "https://github.com/splunk/cla-agreement/blob/main/CLA.md" # e.g. a CLA or a DCO document
+ branch: "main"
+ allowlist: dependabot[bot]
+ remote-organization-name: splunk
+ remote-repository-name: cla-agreement
+ CodeOfConduct:
+ runs-on: ubuntu-latest
+ steps:
+ - name: "COC Assistant"
+ if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the Code of Conduct and I hereby accept the Terms') || github.event_name == 'pull_request_target'
+ uses: cla-assistant/github-action@v2.1.3-beta
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # The below token should have repo scope and must be manually added by a maintainer in the GitHub Secrets
- PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_ASSISTANT_PAT }}
+ PERSONAL_ACCESS_TOKEN: ${{ secrets.PAT_CLATOOL }}
with:
- path-to-signatures: '.github/cla-signatures.json'
- path-to-document: 'https://www.splunk.com/en_us/form/contributions.html'
- branch: 'main'
- allowlist: bot*,dependabot*,*[bot],renovate*,snyk-bot
-
- # the following fields are optional
+ path-to-signatures: "signatures/version1/coc.json"
+ path-to-document: "https://github.com/splunk/cla-agreement/blob/main/CODE_OF_CONDUCT.md" # e.g. a COC or a DCO document
+ branch: "main"
+ allowlist: dependabot[bot]
remote-organization-name: splunk
- remote-repository-name: splunk-operator-cla-signatures
-
- # custom messages
- custom-pr-sign-comment: 'Thank you for your contribution! Before we can merge this pull request, we need you to sign our Contributor License Agreement.
**đ Please visit [Splunk CLA Form](https://www.splunk.com/en_us/form/contributions.html) to sign the CLA.**
Once you have signed, please comment:
```I have read the CLA Document and I hereby sign the CLA```
**Note**: Splunk organization members are automatically verified and do not need to sign.'
- custom-allsigned-prcomment: 'All contributors have signed the CLA â
. Thank you!'
- lock-pullrequest-aftermerge: false
+ remote-repository-name: cla-agreement
+ custom-pr-sign-comment: "I have read the Code of Conduct and I hereby accept the Terms"
+ create-file-commit-message: "For example: Creating file for storing COC Signatures"
+ signed-commit-message: "$contributorName has signed the COC in #$pullRequestNo"
+ custom-notsigned-prcomment: "All contributors have NOT signed the COC Document"
+ custom-allsigned-prcomment: "****CLA Assistant Lite bot**** All contributors have signed the COC âī¸ â
"
\ No newline at end of file
From 662c49eab625236a15df954facdbd5ba1e0fa75b Mon Sep 17 00:00:00 2001
From: "igor.grzankowski" <@splunk.com>
Date: Tue, 16 Dec 2025 14:31:06 +0100
Subject: [PATCH 3/4] Use correct PAT
---
.github/workflows/cla-check.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/cla-check.yml b/.github/workflows/cla-check.yml
index 7283981bb..988862560 100644
--- a/.github/workflows/cla-check.yml
+++ b/.github/workflows/cla-check.yml
@@ -15,7 +15,7 @@ jobs:
uses: cla-assistant/github-action@v2.1.3-beta
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- PERSONAL_ACCESS_TOKEN: ${{ secrets.PAT_CLATOOL }}
+ PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
with:
path-to-signatures: "signatures/version1/cla.json"
path-to-document: "https://github.com/splunk/cla-agreement/blob/main/CLA.md" # e.g. a CLA or a DCO document
@@ -31,7 +31,7 @@ jobs:
uses: cla-assistant/github-action@v2.1.3-beta
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- PERSONAL_ACCESS_TOKEN: ${{ secrets.PAT_CLATOOL }}
+ PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
with:
path-to-signatures: "signatures/version1/coc.json"
path-to-document: "https://github.com/splunk/cla-agreement/blob/main/CODE_OF_CONDUCT.md" # e.g. a COC or a DCO document
From 5e73c5f18af67a60ed57926c8142c9f759f9dabb Mon Sep 17 00:00:00 2001
From: "igor.grzankowski" <@splunk.com>
Date: Wed, 17 Dec 2025 13:49:09 +0100
Subject: [PATCH 4/4] add permissions
---
.github/workflows/cla-check.yml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/.github/workflows/cla-check.yml b/.github/workflows/cla-check.yml
index 988862560..b84ca13b1 100644
--- a/.github/workflows/cla-check.yml
+++ b/.github/workflows/cla-check.yml
@@ -1,5 +1,9 @@
name: "Agreements"
+permissions:
+ contents: write
+ pull-requests: write
+
on:
issue_comment:
types: [ created ]