further improvements

Blargian · Blargian · commit 9be4cd4d1406 · 2025-07-19T22:26:32.000+02:00
diff --git a/.github/workflows/trademark-cla-approval.yml b/.github/workflows/trademark-cla-approval.yml
@@ -17,7 +17,12 @@ permissions: write-all
 jobs:
   process-cla-approval:
     runs-on: ubuntu-latest
-    if: (github.event_name == 'workflow_dispatch' || github.event.label.name == 'cla-signed' || github.event_name == 'issue_comment') && !contains(github.actor, 'workflow-authentication-public')
+    if: |
+      (
+        github.event_name == 'workflow_dispatch' ||
+        (github.event_name == 'pull_request_target' && github.event.label.name == 'cla-signed') ||
+        github.event_name == 'issue_comment'
+      ) && github.actor != 'workflow-authentication-public[bot]'
 
     steps:
 
@@ -252,38 +257,66 @@ jobs:
       - name: Record manual CLA approval
         if: success() && steps.process-cla-approval.outputs.pr_number != ''
         run: |
+          set -e  # Exit on any error
+          
           echo "=== DEBUG: Record manual CLA approval step starting ==="
           echo "Available outputs:"
           echo "  pr_number: '${{ steps.process-cla-approval.outputs.pr_number }}'"
           echo "  pr_author: '${{ steps.process-cla-approval.outputs.pr_author }}'"
           echo "  approved_by: '${{ steps.process-cla-approval.outputs.approved_by }}'"
           
-          # Ensure signatures file exists
-          if [ ! -f "cla-signatures.json" ]; then
-            echo '{"signatures": []}' > cla-signatures.json
-            echo "Created new cla-signatures.json file"
-          else
-            echo "cla-signatures.json already exists"
-          fi
-          
-          # Extract approval details from previous step outputs
+          # Extract and validate approval details from previous step outputs
           USERNAME="${{ steps.process-cla-approval.outputs.pr_author }}"
           DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
           PR_NUMBER="${{ steps.process-cla-approval.outputs.pr_number }}"
           APPROVED_BY="${{ steps.process-cla-approval.outputs.approved_by }}"
           
+          # Validate required fields
+          if [ -z "$USERNAME" ] || [ -z "$PR_NUMBER" ] || [ -z "$APPROVED_BY" ]; then
+            echo "ERROR: Missing required fields for signature recording"
+            echo "  USERNAME: '$USERNAME'"
+            echo "  PR_NUMBER: '$PR_NUMBER'"
+            echo "  APPROVED_BY: '$APPROVED_BY'"
+            exit 1
+          fi
+          
           echo "Recording manual trademark addendum approval:"
           echo "  Username: $USERNAME"
           echo "  PR Number: $PR_NUMBER"
           echo "  Approved by: $APPROVED_BY"
           echo "  Date: $DATE"
           
-          # Check if this user already has a signature for this PR
-          EXISTING_SIGNATURE=$(jq --arg user "$USERNAME" --arg pr "$PR_NUMBER" '.signatures[] | select(.username == $user and .pr_number == ($pr | tonumber))' cla-signatures.json)
+          # Ensure contribute directory exists
+          mkdir -p contribute
+          
+          # Ensure signatures file exists and is valid JSON
+          SIGNATURES_FILE="contribute/trade-addendum-signatures.json"
+          if [ ! -f "$SIGNATURES_FILE" ]; then
+            echo '{"signatures": []}' > "$SIGNATURES_FILE"
+            echo "Created new $SIGNATURES_FILE file"
+          else
+            echo "$SIGNATURES_FILE already exists"
+            # Validate existing JSON
+            if ! jq empty "$SIGNATURES_FILE" 2>/dev/null; then
+              echo "WARNING: Existing $SIGNATURES_FILE is invalid JSON, recreating..."
+              cp "$SIGNATURES_FILE" "contribute/trade-addendum-signatures-backup-$(date +%s).json" || true
+              echo '{"signatures": []}' > "$SIGNATURES_FILE"
+            fi
+          fi
+          
+          # Check if this user already has a signature for this PR with error handling
+          EXISTING_SIGNATURE=""
+          if EXISTING_SIGNATURE=$(jq --arg user "$USERNAME" --arg pr "$PR_NUMBER" '.signatures[]? | select(.username == $user and .pr_number == ($pr | tonumber))' "$SIGNATURES_FILE" 2>/dev/null); then
+            echo "Successfully checked for existing signature"
+          else
+            echo "WARNING: Error checking for existing signature, assuming none exists"
+            EXISTING_SIGNATURE=""
+          fi
           
           if [ -z "$EXISTING_SIGNATURE" ]; then
-            # Add new signature entry
-            jq --arg user "$USERNAME" \
+            # Add new signature entry with robust error handling
+            echo "Adding new signature entry..."
+            if jq --arg user "$USERNAME" \
                --arg date "$DATE" \
                --arg pr "$PR_NUMBER" \
                --arg approved_by "$APPROVED_BY" \
@@ -292,23 +325,88 @@ jobs:
                  "date": $date,
                  "pr_number": ($pr | tonumber),
                  "approved_by": $approved_by
-               }]' cla-signatures.json > tmp.json && mv tmp.json cla-signatures.json
+               }]' "$SIGNATURES_FILE" > tmp.json 2>/dev/null; then
+              mv tmp.json "$SIGNATURES_FILE"
+              echo "✅ New trademark addendum signature added successfully"
+            else
+              echo "ERROR: Failed to add signature with jq, using fallback method"
+              # Fallback: manually construct JSON entry
+              NEW_ENTRY="{\"username\": \"$USERNAME\", \"date\": \"$DATE\", \"pr_number\": $PR_NUMBER, \"approved_by\": \"$APPROVED_BY\"}"
+              if [ -s "$SIGNATURES_FILE" ]; then
+                # File has content, merge new entry
+                jq --argjson newEntry "$NEW_ENTRY" '.signatures += [$newEntry]' "$SIGNATURES_FILE" > tmp.json || {
+                  echo "Fallback failed, creating new signatures file with entry"
+                  echo "{\"signatures\": [$NEW_ENTRY]}" > "$SIGNATURES_FILE"
+                }
+                if [ -f tmp.json ]; then mv tmp.json "$SIGNATURES_FILE"; fi
+              else
+                echo "{\"signatures\": [$NEW_ENTRY]}" > "$SIGNATURES_FILE"
+              fi
+              echo "✅ Signature added using fallback method"
+            fi
+          else
+            echo "ℹ️ Signature already exists for this user and PR"
+          fi
           
-            echo "New trademark adendum signature added"
+          # Verify the signature was recorded
+          echo "=== Verifying signature was recorded ==="
+          if jq --arg user "$USERNAME" --arg pr "$PR_NUMBER" '.signatures[] | select(.username == $user and .pr_number == ($pr | tonumber))' "$SIGNATURES_FILE" >/dev/null 2>&1; then
+            echo "✅ VERIFICATION PASSED: Signature found in $SIGNATURES_FILE"
           else
-            echo "Signature already exists for this user and PR"
+            echo "❌ VERIFICATION FAILED: Signature NOT found in $SIGNATURES_FILE"
+            echo "Current signatures file content:"
+            cat "$SIGNATURES_FILE" || echo "Failed to read signatures file"
+            exit 1
           fi
           
-          # Commit the updated file
+          # Commit the updated file with enhanced error handling
+          echo "=== Committing signature file ==="
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
           
           # Configure git to use the token for authentication
           TOKEN="${{ steps.generate-token.outputs.token || secrets.GITHUB_TOKEN }}"
-          git remote set-url origin "https://x-access-token:${TOKEN}@github.com/${{ github.repository }}.git"
+          if [ -n "$TOKEN" ]; then
+            git remote set-url origin "https://x-access-token:${TOKEN}@github.com/${{ github.repository }}.git"
+          else
+            echo "WARNING: No authentication token available"
+          fi
           
-          git add cla-signatures.json
-          git commit -m "Add manual approval for @$USERNAME (PR #$PR_NUMBER) by @$APPROVED_BY" || echo "No changes to commit"
-          git push
+          # Check if there are changes to commit
+          if git diff --quiet "$SIGNATURES_FILE"; then
+            echo "ℹ️ No changes to commit in $SIGNATURES_FILE"
+          else
+            git add "$SIGNATURES_FILE"
+            if git commit -m "Add trademark addendum signature for @$USERNAME (PR #$PR_NUMBER) by @$APPROVED_BY
+
+            This signature was recorded automatically by the CLA approval workflow.
+            
+            Details:
+            - PR Number: #$PR_NUMBER
+            - PR Author: @$USERNAME  
+            - Approved By: @$APPROVED_BY
+            - Date: $DATE
+            - Event: ${{ github.event_name }}"; then
+              echo "✅ Successfully committed signature file"
+              
+              # Attempt to push with retry logic
+              for i in {1..3}; do
+                if git push; then
+                  echo "✅ Successfully pushed signature file (attempt $i)"
+                  break
+                elif [ $i -eq 3 ]; then
+                  echo "❌ Failed to push after 3 attempts"
+                  echo "Signature was recorded locally but failed to push to remote"
+                  exit 1
+                else
+                  echo "⚠️ Push attempt $i failed, retrying in 5 seconds..."
+                  sleep 5
+                fi
+              done
+            else
+              echo "❌ Failed to commit signature file"
+              exit 1
+            fi
+          fi
           
-          echo "Manual trademark addendum approval recorded successfully"
+          echo "✅ Manual trademark addendum approval recorded successfully"
