Merge pull request #4130 from Blargian/legal_flow_changes

Blargian · web-flow · commit 374395ea44f2 · 2025-07-20T16:21:21.000+02:00
Legal: more changes
diff --git a/.github/workflows/trademark-cla-approval.yml b/.github/workflows/trademark-cla-approval.yml
@@ -24,7 +24,7 @@ jobs:
         id: process-comment
         uses: actions/github-script@v7
         with:
-          github-token: ${{ steps.generate-token.outputs.token || secrets.GITHUB_TOKEN }}
+          github-token: ${{ steps.generate-token.outputs.token }}
           script: |
             // Only process comments on pull requests
             if (!context.payload.issue.pull_request) {
@@ -137,82 +137,10 @@ jobs:
             
             console.log('Added trademark-addendum-signed label successfully');
             
-            // IMMEDIATELY record the signature in the same step
-            console.log('=== Recording signature immediately ===');
-            
-            // Record signature using GitHub's REST API to create/update the file
-            const currentDate = new Date().toISOString();
-            const signaturesFilePath = 'contribute/trade-addendum-signatures.json';
-            
-            // Get existing signatures file if it exists
-            let existingContent = { signatures: [] };
-            try {
-              const { data: existingFile } = await github.rest.repos.getContent({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                path: signaturesFilePath
-              });
-              
-              const content = Buffer.from(existingFile.content, 'base64').toString('utf8');
-              existingContent = JSON.parse(content);
-              console.log('Found existing signatures file');
-            } catch (error) {
-              console.log('No existing signatures file found, creating new one');
-              existingContent = { signatures: [] };
-            }
-            
-            // Check if signature already exists for this user and PR
-            const existingSignature = existingContent.signatures.find(sig => 
-              sig.username === prAuthor && sig.pr_number === parseInt(prNumber)
-            );
-            
-            if (!existingSignature) {
-              // Add new signature
-              const newSignature = {
-                username: prAuthor,
-                date: currentDate,
-                pr_number: parseInt(prNumber),
-                approved_by: prAuthor
-              };
-              
-              existingContent.signatures.push(newSignature);
-              console.log(`Adding new signature for ${prAuthor}`);
-              
-              // Create/update the file
-              const updatedContent = JSON.stringify(existingContent, null, 2);
-              const contentBase64 = Buffer.from(updatedContent).toString('base64');
-              
-              try {
-                // Try to update existing file
-                const { data: existingFile } = await github.rest.repos.getContent({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  path: signaturesFilePath
-                });
-                
-                await github.rest.repos.createOrUpdateFileContents({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  path: signaturesFilePath,
-                  message: `Add trademark addendum signature for @${prAuthor} (PR #${prNumber})\n\nThis signature was recorded automatically by the CLA approval workflow.`,
-                  content: contentBase64,
-                  sha: existingFile.sha
-                });
-              } catch (error) {
-                // File doesn't exist, create it
-                await github.rest.repos.createOrUpdateFileContents({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  path: signaturesFilePath,
-                  message: `Add trademark addendum signature for @${prAuthor} (PR #${prNumber})\n\nThis signature was recorded automatically by the CLA approval workflow.`,
-                  content: contentBase64
-                });
-              }
-              
-              console.log(`✅ Signature recorded successfully for ${prAuthor}`);
-            } else {
-              console.log(`ℹ️ Signature already exists for ${prAuthor} on PR #${prNumber}`);
-            }
+            // Store signature details for the next step
+            core.setOutput('pr_number', prNumber);
+            core.setOutput('pr_author', prAuthor);
+            core.setOutput('approved_by', prAuthor);
             
             // Add confirmation comment
             const confirmationBody = [
@@ -235,3 +163,76 @@ jobs:
             });
             
             console.log(`✅ CLA agreement processed successfully for ${prAuthor}`);
+
+      - name: Check out repository
+        if: success() && steps.process-comment.outputs.pr_number != ''
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ steps.generate-token.outputs.token }}
+
+      - name: Record signature to file
+        if: success() && steps.process-comment.outputs.pr_number != ''
+        run: |
+          set -e
+          
+          echo "=== Recording signature immediately after label addition ==="
+          
+          # Get signature details
+          USERNAME="${{ steps.process-comment.outputs.pr_author }}"
+          DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+          PR_NUMBER="${{ steps.process-comment.outputs.pr_number }}"
+          APPROVED_BY="${{ steps.process-comment.outputs.approved_by }}"
+          
+          echo "Recording signature for PR #$PR_NUMBER"
+          echo "  Username: $USERNAME"
+          echo "  Approved by: $APPROVED_BY"
+          echo "  Date: $DATE"
+          
+          # Ensure contribute directory exists
+          mkdir -p contribute
+          
+          # Signature file
+          SIGNATURES_FILE="contribute/trade-addendum-signatures.json"
+          
+          # Create or read existing signatures file
+          if [ ! -f "$SIGNATURES_FILE" ]; then
+            echo '{"signatures": []}' > "$SIGNATURES_FILE"
+            echo "Created new signatures file"
+          fi
+          
+          # Check if signature already exists
+          EXISTING=$(jq --arg user "$USERNAME" --arg pr "$PR_NUMBER" '.signatures[] | select(.username == $user and .pr_number == ($pr | tonumber))' "$SIGNATURES_FILE" 2>/dev/null || echo "")
+          
+          if [ -z "$EXISTING" ]; then
+            # Add new signature
+            jq --arg user "$USERNAME" \
+               --arg date "$DATE" \
+               --arg pr "$PR_NUMBER" \
+               --arg approved_by "$APPROVED_BY" \
+               '.signatures += [{
+                 "username": $user,
+                 "date": $date,
+                 "pr_number": ($pr | tonumber),
+                 "approved_by": $approved_by
+               }]' "$SIGNATURES_FILE" > tmp.json && mv tmp.json "$SIGNATURES_FILE"
+            
+            echo "✅ Added signature for $USERNAME"
+          else
+            echo "ℹ️ Signature already exists for $USERNAME on PR #$PR_NUMBER"
+          fi
+          
+          # Configure git
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          
+          # Check if there are changes and commit
+          if ! git diff --quiet "$SIGNATURES_FILE"; then
+            git add "$SIGNATURES_FILE"
+            git commit -m "Add trademark addendum signature for @$USERNAME (PR #$PR_NUMBER)" \
+                       -m "This signature was recorded automatically by the CLA approval workflow."
+            git push
+            echo "✅ Signature committed and pushed successfully"
+          else
+            echo "ℹ️ No changes to commit"
+          fi
