Update actions/dependency-review-action action to v4.7.1 #677
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: F5 CLA | |
on: | |
issue_comment: | |
types: | |
- created | |
pull_request_target: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
concurrency: | |
group: ${{ github.ref_name }}-cla | |
permissions: | |
contents: read | |
jobs: | |
f5-cla: | |
name: F5 CLA | |
runs-on: ubuntu-24.04 | |
permissions: | |
actions: write | |
contents: read | |
pull-requests: write | |
statuses: write | |
steps: | |
- name: Run F5 Contributor License Agreement (CLA) assistant | |
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' | |
uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1 | |
with: | |
# Any pull request targeting the following branch will trigger a CLA check. | |
branch: "main" | |
# Path to the CLA document. | |
path-to-document: "https://github.com/f5/.github/blob/main/CLA/cla-markdown.md" | |
# Custom CLA messages. | |
custom-notsigned-prcomment: "🎉 Thank you for your contribution! It appears you have not yet signed the F5 Contributor License Agreement (CLA), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md) and reply on a new comment with the following text to agree:" | |
custom-pr-sign-comment: "I have hereby read the F5 CLA and agree to its terms" | |
custom-allsigned-prcomment: "✅ All required contributors have signed the F5 CLA for this PR. Thank you!" | |
# Remote repository storing CLA signatures. | |
remote-organization-name: "f5" | |
remote-repository-name: "f5-cla-data" | |
path-to-signatures: "signatures/beta/signatures.json" | |
# Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. | |
allowlist: bot* | |
# Do not lock PRs after a merge. | |
lock-pullrequest-aftermerge: false | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }} |