Add golang version

Signed-off-by: Lukasz Gryglicki <[email protected]>

Author: lukaszgryglicki

cla-backend-go/events/event_data.go

@@ -457,6 +457,23 @@ type CorporateSignatureSignedEventData struct {
 	SignatoryName string
 }
 
+// BypassCLAEventData event data model
+type BypassCLAEventData struct {
+	Repo   string
+	Config string
+	Actor  string
+}
+
+func (ed *BypassCLAEventData) GetEventDetailsString(args *LogEventArgs) (string, bool) {
+	data := fmt.Sprintf("repo='%s', config='%s', actor='%s'", ed.Repo, ed.Config, ed.Actor)
+	return data, true
+}
+
+func (ed *BypassCLAEventData) GetEventSummaryString(args *LogEventArgs) (string, bool) {
+	data := fmt.Sprintf("repo='%s', config='%s', actor='%s'", ed.Repo, ed.Config, ed.Actor)
+	return data, true
+}
+
 func (ed *CorporateSignatureSignedEventData) GetEventDetailsString(args *LogEventArgs) (string, bool) {
 	data := fmt.Sprintf("The signature was signed for the project %s and company %s by %s", args.ProjectName, ed.CompanyName, ed.SignatoryName)
 	if args.UserName != "" {

cla-backend-go/events/event_types.go

@@ -99,4 +99,6 @@ const (
 
 	IndividualSignatureSigned = "individual.signature.signed"
 	CorporateSignatureSigned  = "corporate.signature.signed"
+
+	BypassCLA = "Bypass CLA"
 )

cla-backend-go/github/bots.go

@@ -0,0 +1,213 @@
+// Copyright The Linux Foundation and each contributor to CommunityBridge.
+// SPDX-License-Identifier: MIT
+
+package github
+
+import (
+	"fmt"
+	"github.com/linuxfoundation/easycla/cla-backend-go/events"
+	"github.com/linuxfoundation/easycla/cla-backend-go/gen/v1/models"
+	log "github.com/linuxfoundation/easycla/cla-backend-go/logging"
+	"github.com/sirupsen/logrus"
+	"regexp"
+	"strings"
+)
+
+// propertyMatches returns true if value matches the pattern.
+// - "*" matches anything
+// - "re:..." matches regex (value must be non-empty)
+// - otherwise, exact match
+func propertyMatches(pattern, value string) bool {
+	f := logrus.Fields{
+		"functionName": "github.propertyMatches",
+		"pattern":      pattern,
+		"value":        value,
+	}
+	if pattern == "*" {
+		return true
+	}
+	if value == "" {
+		return false
+	}
+	if strings.HasPrefix(pattern, "re:") {
+		regex := pattern[3:]
+		re, err := regexp.Compile(regex)
+		if err != nil {
+			log.WithFields(f).Debugf("Error in propertyMatches: bad regexp: %s, error: %v", regex, err)
+			return false
+		}
+		return re.MatchString(value)
+	}
+	return value == pattern
+}
+
+// stripOrg removes the organization part from the repository name.
+// If input is "org/repo", returns "repo". If no "/", returns input unchanged.
+func stripOrg(repoFull string) string {
+	idx := strings.Index(repoFull, "/")
+	if idx >= 0 && idx+1 < len(repoFull) {
+		return repoFull[idx+1:]
+	}
+	return repoFull
+}
+
+// isActorSkipped returns true if the given actor should be skipped according to the skip_cla config pattern.
+// config format: "<username_pattern>;<email_pattern>"
+// Actor.CommitAuthor.Login and Actor.CommitAuthor.Email should be *string, can be nil.
+func isActorSkipped(actor *UserCommitSummary, config string) bool {
+	f := logrus.Fields{
+		"functionName": "github.isActorSkipped",
+		"config":       config,
+	}
+	// Defensive: must have exactly one ';'
+	if !strings.Contains(config, ";") {
+		log.WithFields(f).Debugf("Invalid skip_cla config format: %s, expected '<username_pattern>;<email_pattern>'", config)
+		return false
+	}
+	parts := strings.SplitN(config, ";", 2)
+	if len(parts) != 2 {
+		return false
+	}
+	usernamePattern := parts[0]
+	emailPattern := parts[1]
+	var (
+		username string
+		email    string
+	)
+	if actor.CommitAuthor != nil && actor.CommitAuthor.Login != nil {
+		username = *actor.CommitAuthor.Login
+	}
+	if actor.CommitAuthor != nil && actor.CommitAuthor.Email != nil {
+		email = *actor.CommitAuthor.Email
+	}
+
+	return propertyMatches(usernamePattern, username) && propertyMatches(emailPattern, email)
+}
+
+// SkipWhitelistedBots- check if the actors are whitelisted based on the skip_cla configuration.
+// Returns two lists:
+// - actors still missing cla: actors who still need to sign the CLA after checking skip_cla
+// - whitelisted actors: actors who are skipped due to skip_cla configuration
+// :param orgModel: The GitHub organization model instance.
+// :param orgRepo: The repository name in the format 'org/repo'.
+// :param actorsMissingCla: List of UserCommitSummary objects representing actors who are missing CLA.
+// :return: two arrays (actors still missing CLA, whitelisted actors)
+// : in cla-{stage}-github-orgs table there can be a skip_cla field which is a dict with the following structure:
+//
+//	{
+//	    "repo-name": "<username_pattern>;<email_pattern>",
+//	    "re:repo-regexp": "<username_pattern>;<email_pattern>",
+//	    "*": "<username_pattern>;<email_pattern>"
+//	}
+//
+// where:
+//   - repo-name is the exact repository name under given org (e.g., "my-repo" not "my-org/my-repo")
+//   - re:repo-regexp is a regex pattern to match repository names
+//   - * is a wildcard that applies to all repositories
+//   - <username_pattern> is a GitHub username pattern (exact match or regex prefixed by re: or match all '*')
+//   - <email_pattern> is a GitHub email pattern (exact match or regex prefixed by re: or match all '*')
+//     The username and email patterns are separated by a semicolon (;).
+//     If the skip_cla is not set, it will skip the whitelisted bots check.
+func SkipWhitelistedBots(ev events.Service, orgModel *models.GithubOrganization, orgRepo, projectID string, actorsMissingCLA []*UserCommitSummary) ([]*UserCommitSummary, []*UserCommitSummary) {
+	repo := stripOrg(orgRepo)
+	f := logrus.Fields{
+		"functionName": "github.SkipWhitelistedBots",
+		"orgRepo":      orgRepo,
+		"repo":         repo,
+		"projectID":    projectID,
+	}
+	outActorsMissingCLA := []*UserCommitSummary{}
+	whitelistedActors := []*UserCommitSummary{}
+
+	skipCLA := orgModel.SkipCla
+	if skipCLA == nil {
+		log.WithFields(f).Debug("skip_cla is not set, skipping whitelisted bots check")
+		return actorsMissingCLA, []*UserCommitSummary{}
+	}
+
+	var config string
+
+	// 1. Exact match
+	if val, ok := skipCLA[repo]; ok {
+		config = val
+		log.WithFields(f).Debugf("skip_cla config found for repo (exact hit): '%s'", config)
+	}
+
+	// 2. Regex match (if no exact hit)
+	if config == "" {
+		log.WithFields(f).Debug("No skip_cla config found for repo, checking regex patterns")
+		for k, v := range skipCLA {
+			if !strings.HasPrefix(k, "re:") {
+				continue
+			}
+			pattern := k[3:]
+			re, err := regexp.Compile(pattern)
+			if err != nil {
+				log.WithFields(f).Warnf("Invalid regex in skip_cla: '%s': %+v", pattern, err)
+				continue
+			}
+			if re.MatchString(repo) {
+				config = v
+				log.WithFields(f).Debugf("Found skip_cla config for repo via regex pattern: '%s'", config)
+				break
+			}
+		}
+	}
+
+	// 3. Wildcard fallback
+	if config == "" {
+		if val, ok := skipCLA["*"]; ok {
+			config = val
+			log.WithFields(f).Debugf("No skip_cla config found for repo, using wildcard config: '%s'", config)
+		}
+	}
+
+	// 4. No match
+	if config == "" {
+		log.WithFields(f).Debug("No skip_cla config found for repo, skipping whitelisted bots check")
+		return actorsMissingCLA, []*UserCommitSummary{}
+	}
+
+	for _, actor := range actorsMissingCLA {
+		if isActorSkipped(actor, config) {
+			id, login, username, email := "(null)", "(null)", "(null)", "(null)"
+			if actor.CommitAuthor != nil && actor.CommitAuthor.ID != nil {
+				id = fmt.Sprintf("%v", *actor.CommitAuthor.ID)
+			}
+			if actor.CommitAuthor != nil && actor.CommitAuthor.Login != nil {
+				login = *actor.CommitAuthor.Login
+			}
+			if actor.CommitAuthor != nil && actor.CommitAuthor.Name != nil {
+				username = *actor.CommitAuthor.Name
+			}
+			if actor.CommitAuthor != nil && actor.CommitAuthor.Email != nil {
+				email = *actor.CommitAuthor.Email
+			}
+			actorData := fmt.Sprintf("id='%v',login='%v',username='%v',email='%v'", id, login, username, email)
+			msg := fmt.Sprintf(
+				"Skipping CLA check for repo='%s', actor: %s due to skip_cla config: '%s'",
+				orgRepo, actorData, config,
+			)
+			log.WithFields(f).Info(msg)
+			eventData := events.BypassCLAEventData{
+				Repo:   orgRepo,
+				Config: config,
+				Actor:  actorData,
+			}
+			ev.LogEvent(&events.LogEventArgs{
+				EventType: events.BypassCLA,
+				EventData: &eventData,
+				UserID:    id,
+				UserName:  login,
+				ProjectID: projectID,
+			})
+			log.WithFields(f).Debugf("event logged")
+			actor.Authorized = true
+			whitelistedActors = append(whitelistedActors, actor)
+		} else {
+			outActorsMissingCLA = append(outActorsMissingCLA, actor)
+		}
+	}
+
+	return outActorsMissingCLA, whitelistedActors
+}

cla-backend-go/github_organizations/models.go

@@ -7,18 +7,19 @@ import "github.com/linuxfoundation/easycla/cla-backend-go/gen/v1/models"
 
 // GithubOrganization is data model for github organizations
 type GithubOrganization struct {
-	DateCreated                string `json:"date_created,omitempty"`
-	DateModified               string `json:"date_modified,omitempty"`
-	OrganizationInstallationID int64  `json:"organization_installation_id,omitempty"`
-	OrganizationName           string `json:"organization_name,omitempty"`
-	OrganizationNameLower      string `json:"organization_name_lower,omitempty"`
-	OrganizationSFID           string `json:"organization_sfid,omitempty"`
-	ProjectSFID                string `json:"project_sfid"`
-	Enabled                    bool   `json:"enabled"`
-	AutoEnabled                bool   `json:"auto_enabled"`
-	BranchProtectionEnabled    bool   `json:"branch_protection_enabled"`
-	AutoEnabledClaGroupID      string `json:"auto_enabled_cla_group_id,omitempty"`
-	Version                    string `json:"version,omitempty"`
+	DateCreated                string            `json:"date_created,omitempty"`
+	DateModified               string            `json:"date_modified,omitempty"`
+	OrganizationInstallationID int64             `json:"organization_installation_id,omitempty"`
+	OrganizationName           string            `json:"organization_name,omitempty"`
+	OrganizationNameLower      string            `json:"organization_name_lower,omitempty"`
+	OrganizationSFID           string            `json:"organization_sfid,omitempty"`
+	ProjectSFID                string            `json:"project_sfid"`
+	Enabled                    bool              `json:"enabled"`
+	AutoEnabled                bool              `json:"auto_enabled"`
+	BranchProtectionEnabled    bool              `json:"branch_protection_enabled"`
+	AutoEnabledClaGroupID      string            `json:"auto_enabled_cla_group_id,omitempty"`
+	Version                    string            `json:"version,omitempty"`
+	SkipCLA                    map[string]string `json:"skip_cla,omitempty"`
 }
 
 // ToModel converts to models.GithubOrganization
@@ -35,6 +36,7 @@ func ToModel(in *GithubOrganization) *models.GithubOrganization {
 		AutoEnabledClaGroupID:      in.AutoEnabledClaGroupID,
 		BranchProtectionEnabled:    in.BranchProtectionEnabled,
 		ProjectSFID:                in.ProjectSFID,
+		SkipCla:                    in.SkipCLA,
 	}
 }
 

cla-backend-go/signatures/service.go

@@ -1114,6 +1114,8 @@ func (s service) updateChangeRequest(ctx context.Context, ghOrg *models.GithubOr
 	}
 
 	log.WithFields(f).Debugf("commit authors status => signed: %+v and missing: %+v", signed, unsigned)
+	unsigned, signed = github.SkipWhitelistedBots(s.eventsService, ghOrg, gitHubRepoName, projectID, unsigned)
+	log.WithFields(f).Debugf("commit authors status after whitelisting bots => signed: %+v and missing: %+v", signed, unsigned)
 
 	// update pull request
 	updateErr := github.UpdatePullRequest(ctx, ghOrg.OrganizationInstallationID, int(pullRequestID), gitHubOrgName, gitHubRepoName, githubRepository.ID, *latestSHA, signed, unsigned, s.claBaseAPIURL, s.claLandingPage, s.claLogoURL)
@@ -1132,7 +1134,7 @@ func (s service) updateChangeRequest(ctx context.Context, ghOrg *models.GithubOr
 // true, true, nil if user has an ECLA (authorized, with company affiliation, no error)
 func (s service) HasUserSigned(ctx context.Context, user *models.User, projectID string) (*bool, *bool, error) {
 	f := logrus.Fields{
-		"functionName": "v1.signatures.service.updateChangeRequest",
+		"functionName": "v1.signatures.service.HasUserSigned",
 		"projectID":    projectID,
 		"user":         user,
 	}

cla-backend-go/swagger/common/github-organization.yaml

@@ -69,6 +69,15 @@ properties:
             x-nullable: true
             example: "https://github.com/organizations/deal-test-org-2/settings/installations/1235464"
             format: uri
+  skipCla:
+    type: object
+    additionalProperties:
+      type: string
+    description: |
+      Map of repository name or pattern (e.g. 'repo1', '*', 're:pattern') to a string in the form '<username_pattern>;<email_pattern>' for skipping CLA checks for certain bots. Patterns can be exact, wildcard '*', or regexp prefixed with 're:'.
+    example:
+      "*": "copilot-swe-agent[bot];*"
+      "repo1": "re:vee?rendra;*"
 
   repositories:
     type: object

cla-backend-go/v2/sign/helpers.go

@@ -41,6 +41,15 @@ func (s service) updateChangeRequest(ctx context.Context, installationID, reposi
 		return errors.New(msg)
 	}
 
+	var ghOrg *models.GithubOrganization
+	if githubRepository.Owner.Login != nil {
+		var ghOrgErr error
+		ghOrg, ghOrgErr = s.githubOrgService.GetGitHubOrganizationByName(ctx, *githubRepository.Owner.Login)
+		if ghOrgErr != nil {
+			log.WithFields(f).WithError(ghOrgErr).Warnf("unable to lookup GitHub organization by name: %s - unable to update GitHub status", *githubRepository.Owner.Login)
+		}
+	}
+
 	gitHubOrgName := utils.StringValue(githubRepository.Owner.Login)
 	gitHubRepoName := utils.StringValue(githubRepository.Name)
 
@@ -138,6 +147,10 @@ func (s service) updateChangeRequest(ctx context.Context, installationID, reposi
 	}
 
 	log.WithFields(f).Debugf("commit authors status => signed: %+v and missing: %+v", signed, unsigned)
+	if ghOrg != nil {
+		unsigned, signed = github.SkipWhitelistedBots(s.eventsService, ghOrg, gitHubRepoName, projectID, unsigned)
+		log.WithFields(f).Debugf("commit authors status after whitelisting bots => signed: %+v and missing: %+v", signed, unsigned)
+	}
 
 	// update pull request
 	updateErr := github.UpdatePullRequest(ctx, installationID, int(pullRequestID), gitHubOrgName, gitHubRepoName, githubRepository.ID, *latestSHA, signed, unsigned, s.ClaV1ApiURL, s.claLandingPage, s.claLogoURL)
@@ -156,7 +169,7 @@ func (s service) updateChangeRequest(ctx context.Context, installationID, reposi
 // true, true, nil if user has an ECLA (authorized, with company affiliation, no error)
 func (s service) hasUserSigned(ctx context.Context, user *models.User, projectID string) (*bool, *bool, error) {
 	f := logrus.Fields{
-		"functionName": "v1.signatures.service.updateChangeRequest",
+		"functionName": "v1.signatures.service.hasUserSigned",
 		"projectID":    projectID,
 		"user":         user,
 	}

cla-backend-go/v2/sign/service.go

@@ -2847,6 +2847,10 @@ func (s *service) GetUserActiveSignature(ctx context.Context, userID string) (*m
 		utils.XREQUESTID: ctx.Value(utils.XREQUESTID),
 		"userID":         userID,
 	}
+	// LG:
+	// _ = s.updateChangeRequest(ctx, 35275118, 614349032, 215, "01af041c-fa69-4052-a23c-fb8c1d3bef24")
+	// return nil, nil
+	// LG:
 	activeSignatureMetadata, err := s.storeRepository.GetActiveSignatureMetaData(ctx, userID)
 	if err != nil {
 		log.WithFields(f).WithError(err).Warnf("unable to get active signature meta data for user: %s", userID)

cla-backend/cla/models/github_models.py

@@ -936,9 +936,11 @@ def property_matches(self, pattern, value):
         try:
             if pattern == '*':
                 return True
+            if value is None or value == '':
+                return False
             if pattern.startswith('re:'):
                 regex = pattern[3:]
-                return value is not None and re.search(regex, value) is not None
+                return re.search(regex, value) is not None
             return value == pattern
         except Exception as exc:
             cla.log.warning("Error in property_matches: pattern=%s, value=%s, exc=%s", pattern, value, exc)
@@ -951,6 +953,7 @@ def is_actor_skipped(self, actor, config):
         """
         try:
             if ';' not in config:
+                cla.log.warning("Invalid skip_cla config format: %s, expected '<username_pattern>;<email_pattern>'", config)
                 return False
             username_pattern, email_pattern = config.split(';', 1)
             username = getattr(actor, "author_login", None)
@@ -1051,7 +1054,7 @@ def skip_whitelisted_bots(self, org_model, org_repo, actors_missing_cla) -> Tupl
                             config,
                         )
                         cla.log.info(msg)
-                        ev = Event.create_event(
+                        Event.create_event(
                             event_type=EventType.BypassCLA,
                             event_data=msg,
                             event_summary=msg,