feat: Onboards the CLA Assistant as a reusable GitHub Action #670
Merged
feat: Onboards the CLA Assistant as a reusable GitHub Action #670
Conversation
- Implemented CLA signature storage and management through a new GitHub Action. - Added functionality to add empty commits for CLA signatures. - Created a checkAllowList function to filter committers based on an allowlist. - Developed a GraphQL query to fetch committers from pull requests. - Defined interfaces for committers and their details. - Set up main execution flow for the action, including locking pull requests after merges. - Integrated persistence methods for managing CLA signatures in a remote repository. - Added pull request comment handling to manage CLA signing notifications. - Implemented a mechanism to rerun workflows if the last check failed. - Created shared utility functions for input handling and comment generation. - Configured TypeScript for the project with strict type checking.
- Changed package.json to use "type": "module" and updated dependencies to their latest versions. - Updated import statements across the codebase to use .js extensions for ES module compatibility. - Refactored functions to utilize octokit.rest methods instead of deprecated octokit methods. - Improved regex handling in checkAllowList function and ensured proper type handling. - Enhanced TypeScript configuration for better module resolution and compatibility.
github-actions
bot
added
bug
borislavr
previously approved these changes
Mar 26, 2026
- Replace non-null assertions (!) with optional chaining (?.) - Use `import type` for type-only imports - Replace `==` with `===` to avoid unsafe type coercion - Convert `let` to `const` for variables that are never reassigned - Replace `var` with `let` in for-loop - Convert function expressions to arrow functions - Remove explicit `any` types: add IClaFileContent interface, type function parameters, remove unnecessary Promise<any> return types - Remove unused `core` import in signatureComment.ts - Use anonymous catch block instead of unused catch variable
- Use import type for type-only imports in pullRequestComment, pullRequestCommentContent, signatureComment, setupClaCheck - Replace non-null assertions (!) with optional chaining (?.) - Replace == with === to avoid unsafe type coercion - Replace committerMap && committerMap.x with committerMap?.x - Replace .map() with .forEach() for side-effect-only callbacks - Replace void with undefined in union return type - Add explicit type annotation for implicitly-typed let variable
borislavr
previously approved these changes
Mar 26, 2026
…ps://github.com/Netcracker/qubership-workflow-hub into 669-feat-cla-action-onboard-to-qubersip-actions
borislavr
approved these changes
Mar 26, 2026
nookyo
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Summary
Onboards the CLA Assistant as a reusable GitHub Action within the
qubership-workflow-hubmonorepo. The action automates CLA signature collection on pull requests, storing signed contributor data in a remote JSON file and blocking merges until all contributors have signed.Issue
Closes #669
Breaking Change?
Scope / Project
actions/cla-assistantImplementation Notes
cla-assistant/github-actionto fit the qubership-workflow-hub structure."type": "module") and updated all imports to use.jsextensions for Node ESM compatibility.@vercel/ncc— output lives indist/index.jsand is committed so the action can be referenced directly from a workflow without a separate install step."404", causing the action to always throw instead of creating the CLA file on first run. Now handles both404(number) and'404'(string) for robustness.path-to-signatures,path-to-document,branch,allowlist,remote-repository-name,use-dco-flag,lock-pullrequest-aftermerge,suggest-recheck.GITHUB_TOKENand optionallyPERSONAL_ACCESS_TOKEN(needed when the signatures file lives in a separate repository).Tests / Evidence
npm run build(tsc + ncc).cla.jsonfile on first run, and passed after signing.Additional Notes
node_modulesare not committed;dist/index.jsis the only required build artifact at runtime.PERSONAL_ACCESS_TOKENhasreposcope on theremote-repository-namerepository.setupClaCheck,checkAllowList, andpersistencemodules.