remove deubgging and make some more improvements (exclude clickhouse members)

Author: Blargian

.github/workflows/trademark-cla-approval.yml

@@ -18,19 +18,6 @@ jobs:
     if: github.event_name == 'workflow_dispatch' || github.event.label.name == 'cla-signed'
 
     steps:
-      - name: Debug - Event info
-        run: |
-          echo "=== CLA APPROVAL DEBUG ==="
-          echo "Event: ${{ github.event_name }}"
-          echo "Action: ${{ github.event.action }}"
-          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
-            echo "Manual trigger - PR: ${{ github.event.inputs.pr_number }}"
-          else
-            echo "Label: ${{ github.event.label.name }}"
-            echo "Added by: ${{ github.actor }}"
-            echo "PR number: ${{ github.event.number }}"
-          fi
-          echo "================================="
 
       - name: Generate Token
         id: generate-token
@@ -45,35 +32,24 @@ jobs:
         with:
           github-token: ${{ steps.generate-token.outputs.token || secrets.GITHUB_TOKEN }}
           script: |
-            console.log('=== PROCESSING CLA APPROVAL ===');
-            console.log('Event:', context.eventName);
-            console.log('Actor:', context.actor);
-            
             let prNumber;
             
             // Determine PR number
             if (context.eventName === 'workflow_dispatch') {
               prNumber = parseInt('${{ github.event.inputs.pr_number }}');
-              console.log('Manual trigger for PR:', prNumber);
             } else if (context.eventName === 'pull_request') {
               prNumber = context.payload.pull_request.number;
-              console.log('Label trigger for PR:', prNumber);
-              console.log('Label added:', context.payload.label.name);
             } else {
-              console.log('Unexpected event type, skipping...');
               return;
             }
             
-            console.log('Processing CLA approval for PR:', prNumber);
-            
             // Get PR details
             const { data: pr } = await github.rest.pulls.get({
               owner: context.repo.owner,
               repo: context.repo.repo,
               pull_number: prNumber
             });
             
-            console.log('PR author:', pr.user.login);
             
             // Check if the person triggering has the right permissions
             try {
@@ -83,14 +59,10 @@ jobs:
                 username: context.actor
               });
             
-              console.log('Actor permission level:', collaboration.permission);
-            
               // Only admin, maintain, or write permissions can approve CLA
               const isAuthorized = ['admin', 'maintain', 'write'].includes(collaboration.permission);
-              console.log('Is authorized to approve CLA:', isAuthorized);
             
               if (!isAuthorized) {
-                console.log('User does not have permission to approve CLA');
             
                 // If this was a label event, remove the label
                 if (context.eventName !== 'workflow_dispatch') {
@@ -110,7 +82,6 @@ jobs:
                   body: `@${context.actor} Only repository maintainers can approve CLAs. ${context.eventName !== 'workflow_dispatch' ? 'The label has been removed.' : ''}`
                 });
             
-                console.log('Unauthorized approval attempt blocked');
                 return;
               }
             
@@ -122,17 +93,14 @@ jobs:
               });
             
               const hasClaMeeded = labels.some(label => label.name === 'cla-required');
-              console.log('PR has cla-required label:', hasClaMeeded);
             
               if (!hasClaMeeded) {
-                console.log('PR does not have cla-required label, no action needed');
                 return;
               }
             
               // Ensure cla-signed label is present
               const hasClaSigned = labels.some(label => label.name === 'cla-signed');
               if (!hasClaSigned) {
-                console.log('Adding cla-signed label...');
                 await github.rest.issues.addLabels({
                   owner: context.repo.owner,
                   repo: context.repo.repo,
@@ -142,7 +110,6 @@ jobs:
               }
             
               // Authorized - proceed with approval
-              console.log('Processing authorized CLA approval...');
             
               // Remove the blocking label
               try {
@@ -152,9 +119,8 @@ jobs:
                   issue_number: prNumber,
                   name: 'cla-required'
                 });
-                console.log('Removed cla-required label');
               } catch (e) {
-                console.log('cla-required label not found or already removed:', e.message);
+                // Label not found or already removed
               }
             
               // Check if confirmation comment already exists
@@ -185,14 +151,8 @@ jobs:
             
               This PR is now unblocked and can proceed with normal review!`
                 });
-                console.log('Posted confirmation comment');
               }
             
-              console.log('CLA approval completed successfully');
-            
             } catch (error) {
-              console.error('Error processing CLA approval:', error);
               throw error;
             }
-            
-            console.log('=== END CLA APPROVAL PROCESSING ===');

.github/workflows/trademark-cla-notice.yml

@@ -14,28 +14,6 @@ jobs:
     permissions: write-all
 
     steps:
-      - name: Debug - Check if secrets exist
-        run: |
-          echo "=== SECRET CHECK ==="
-          if [ -z "${{ secrets.WORKFLOW_AUTH_PUBLIC_APP_ID }}" ]; then
-            echo "WORKFLOW_AUTH_PUBLIC_APP_ID is empty or not set"
-          else
-            echo "WORKFLOW_AUTH_PUBLIC_APP_ID is set"
-          fi
-          
-          if [ -z "${{ secrets.WORKFLOW_AUTH_PUBLIC_PRIVATE_KEY }}" ]; then
-            echo "WORKFLOW_AUTH_PUBLIC_PRIVATE_KEY is empty or not set"
-          else
-            echo "WORKFLOW_AUTH_PUBLIC_PRIVATE_KEY is set"
-          fi
-          
-          if [ -z "${{ secrets.GITHUB_PAT }}" ]; then
-            echo "GITHUB_PAT is empty or not set"
-          else
-            echo "GITHUB_PAT is set"
-          fi
-          echo "==================="
-
       - name: Generate Token
         id: generate-token
         continue-on-error: true
@@ -44,17 +22,6 @@ jobs:
           app-id: "${{ secrets.WORKFLOW_AUTH_PUBLIC_APP_ID }}"
           private-key: "${{ secrets.WORKFLOW_AUTH_PUBLIC_PRIVATE_KEY }}"
 
-      - name: Debug - Token generation result
-        run: |
-          echo "=== TOKEN GENERATION RESULT ==="
-          echo "Token step outcome: ${{ steps.generate-token.outcome }}"
-          if [ "${{ steps.generate-token.outcome }}" = "success" ]; then
-            echo "GitHub App token generated successfully"
-          else
-            echo "GitHub App token generation failed - will use GITHUB_TOKEN"
-          fi
-          echo "================================="
-
       - name: Check out code
         uses: actions/checkout@v4
         with:
@@ -129,62 +96,55 @@ jobs:
             
             return null;
 
-      - name: Debug - CLA requirement check
-        run: |
-          echo "=== CLA REQUIREMENT DEBUG ==="
-          echo "Event name: ${{ github.event_name }}"
-          echo "Event action: ${{ github.event.action }}"
-          
-          if [ "${{ github.event_name }}" = "pull_request" ]; then
-            echo "PR event - docs changed: ${{ steps.docs-changed.outputs.docs_changed }}"
-            echo "PR event - requires CLA: ${{ steps.docs-changed.outputs.requires_cla }}"
-          fi
-          
-          POST_CLA_CONDITION="${{ github.event_name == 'pull_request' && steps.docs-changed.outputs.requires_cla == 'true' }}"
-          echo "Post CLA comment workflow will run: $POST_CLA_CONDITION"
-          echo "================================="
-
       - name: Post CLA comment and block merge
         if: github.event_name == 'pull_request' && steps.docs-changed.outputs.requires_cla == 'true'
         uses: actions/github-script@v7
         with:
           github-token: ${{ steps.generate-token.outputs.token || secrets.GITHUB_TOKEN }}
           script: |
-            console.log('=== CLA COMMENT STEP DEBUG ===');
-            console.log('Event name:', context.eventName);
-            
             let prNumber, prAuthor;
             
             if (context.eventName == 'pull_request') {
               prNumber = context.issue.number;
               prAuthor = '${{ github.event.pull_request.user.login }}';
-              console.log('PR event - Number:', prNumber, 'Author:', prAuthor);
             }
             
             if (!prNumber || !prAuthor) {
-              console.log('Missing PR number or author, skipping...');
               return;
             }
             
-            console.log(`Processing PR #${prNumber} for author: ${prAuthor}`);
-            
             try {
+              // Check if user is in @ClickHouse/everyone team
+              let isClickHouseMember = false;
+              try {
+                await github.rest.teams.getMembershipForUserInOrg({
+                  org: 'ClickHouse',
+                  team_slug: 'everyone',
+                  username: prAuthor
+                });
+                isClickHouseMember = true;
+              } catch (error) {
+                // User is not in the team or team doesn't exist
+                isClickHouseMember = false;
+              }
+              
+              // Skip CLA requirement for ClickHouse team members
+              if (isClickHouseMember) {
+                return;
+              }
+              
               // Check if CLA comment already exists
-              console.log('Fetching existing comments...');
               const comments = await github.rest.issues.listComments({
                 issue_number: prNumber,
                 owner: context.repo.owner,
                 repo: context.repo.repo,
               });
-              console.log(`Found ${comments.data.length} existing comments`);
             
               const existingClaComment = comments.data.find(comment => 
                 (comment.user.login === 'github-actions[bot]' || comment.user.type === 'Bot') && 
                 comment.body.includes('CLA Agreement Required - MERGE BLOCKED')
               );
             
-              console.log('Existing CLA comment found:', !!existingClaComment);
-            
               if (!existingClaComment && context.eventName === 'pull_request') {
                 const claText = `# CLA Agreement Required - MERGE BLOCKED
             
@@ -194,7 +154,8 @@ jobs:
               <summary>Click to see Trademark License Addendum</summary>
             
               This Trademark License Addendum ("Addendum") shall, if You have opted 
-              in by checking the appropriate box that references this Addendum, 
+              in by replying to the comment that references this Addendum that you
+              have read and agree to theContributor License Agreement Addendum,
               supplement the terms of the Individual Contributor License Agreement
               between You and the Company ("Agreement"). Capitalized terms not
               defined herein shall have the meanings ascribed to them in the 
@@ -248,31 +209,24 @@ jobs:
               **To unblock this PR, reply with exactly:**
             
               \`\`\`
-              I have read and agree to the Contributor License Agreement.
+              I have read and agree to the Contributor License Agreement Addendum.
               CLA-SIGNATURE: ${prAuthor}
               \`\`\``;
             
-                console.log('Creating CLA comment...');
                 await github.rest.issues.createComment({
                   issue_number: prNumber,
                   owner: context.repo.owner,
                   repo: context.repo.repo,
                   body: claText
                 });
-                console.log('CLA comment created successfully');
             
-                console.log('Adding labels...');
                 await github.rest.issues.addLabels({
                   issue_number: prNumber,
                   owner: context.repo.owner,
                   repo: context.repo.repo,
                   labels: ['cla-required', 'integrations-with-image-change']
                 });
-                console.log('Labels added successfully');
-              } else {
-                console.log('CLA comment already exists or not a pull request event');
               }
-              console.log('=== END CLA COMMENT STEP DEBUG ===');
             } catch (error) {
               console.error('Error in CLA comment step:', error);
               throw error;