Skip to content
GitHub App that checks contributors have signed Adobe's CLA (or are Adobe/Magento employees)
JavaScript Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
checker
lookup
setgithubcheck
signwebhook
test
.codecov.yml
.eslintignore
.eslintrc.js
.gitignore
.nycrc.json
.travis.yml
CODE_OF_CONDUCT.md
LICENSE 💼 adding license Jan 3, 2019
README.md
config-sample.json
deploy.sh
package-lock.json
package.json
utils.js

README.md

Adobe CLA Bot Build Status

This is a GitHub App that checks that pull request issuers to [github.com/adobe] have signed the Adobe CLA.

You can install the app by visiting the GitHub App page for it.

Overview

This repo is implemented as a GitHub App together with a set of Adobe Runtime actions. The app has its Webhook URL configured to point to the checker action (more on that below).

This repo contains three actions, which are functions that run on a serverless (function as a service, or FaaS) platform:

  • ./checker contains an action that runs on every [github.com/adobe] pull request open, close and synchronize. Checker's job is to check if the user submitting the pull request has signed the CLA or if the user is an Adobe or Magento employee (by checking [github.com/adobe] or magento organization membership).
  • ./setgithubcheck contains an action that interacts with the GitHub REST API's Checks API to set checkmarks on pull requests. It is invoked by other actions to communicate pass/fail to pull request authors.
  • ./lookup contains an action that accepts agreement_ids as agreements parameter, interacts with Adobe Sign formData APIs, it parses the formData of all the agreements to lookup the GitHub usernames in the agreements and returns a consolidated list of GitHub usernames.
  • ./signwebhook contains an action that receives event payloads from Adobe Sign when users sign our CLA agreement. This enables a push-based flow and foregoes the user having to take additional steps after they sign our CLA. This action will look up the details of the signed agreement, extract the user's GitHub username, and then search through our orgs for any open pull requests from the user, and finally invoke the ./setgithubcheck action to set a nice green checkmark on their PRs.

Requirements

For all actions, make sure to copy config-sample.json from the root into the relevant folders, rename it to config.json and populate it with the correct information.

Running Tests

Make sure you've npm installed, then simply npm test. This will run the lint and unit tests. You can also invoke each of these individually with npm run lint and npm run test:unit.

There are also integration tests against github.com, though you need several special environment variables representing github.com personal access tokens to run them. It is expected only maintainers of this repo have access to them, and they are also stored in travis-ci as encrypted environment variables. These tests can be run via npm run test:integration.

Runtime Actions

These instructions assume you already have openwhisk and a runtime namespace setup. See this workshop if you haven't.

Deploy

Deployment is automated via the deploy.sh script.

We maintain two environments, and thus two apps: the production environment and a staging environment. We also have a staging GitHub app for use with running integration tests.

Each action's name when deployed on Adobe Runtime is cla- + the action name (subdirectory), i.e. cla-lookup, cla-checker, cla-setgithubcheck and cla-signwebhook. When deploying to the staging environment, these action names are additionally suffixed with -stage.

Creating New Actions

It is best to create a new directory by copying one of the existing action directories and editing the deploy.sh script to create rather than update using the wsk CLI tools.

Updating Existing Actions

If you need to update a runtime action, use our handy deploy script:

./deploy.sh lookup
./deploy.sh setgithubcheck
./deploy.sh checker
./deploy.sh signwebhook

The above will deploy these actions to our staging environment for use by our staging GitHub app. You can deploy to production via:

./deploy.sh lookup production
./deploy.sh setgithubcheck production
./deploy.sh checker production
./deploy.sh signwebhook production

NOTE: The signwebhook action only runs in production.

Creating a GitHub App

This bot is implemented as a GitHub App. It can be installed on individual repositories or organizations, and sends GitHub webhook events from repos/orgs it is installed on to the ./checker action. To set the GitHub App up:

  1. In your Organization Settings, under Developer Settings, click on GitHub Apps.
  2. Click New GitHub App.
  3. Fill out a name and description for your App.
  4. Fill out the Webhook URL to match the URL of your checker action. If you have not deployed the checker action yet, follow the above instructions on Creating New Actions. If you have already deployed this action, see below for information on how to retrieve the URL of the action.
  5. Under the Permissions section, give the App Read and Write access to Checks, Read-only access to Repository Metadata, Read-only access to Pull Requests and Read and Write access to Commit Statuses.
  6. Leave the User Permissions as-is.
  7. Under Subscribe to Events, check Pull Requests.

Once created, you will have the chance to generate and store a Private Key. Keep this and add it to your config.json file! You will also want to make note of the GitHub App ID - again, this goes into your config.json. Finally, you will want to Install the app in to your organizations or repositories of choice. You can do so from the same Settings page of the App.

Debug

Check GitHub App Deliveries

You can go check GitHub webhook delivery payloads and responses on the CLA Bot's App Advanced Settings.

Check Logs on Adobe Runtime

Get list of action invocations, or activations, that executed in our namespace:

wsk activation list

Copy the most-recent-activation number related to your particular action and retrieve its logs:

wsk activation get ACTIVATION-LIST-NUMBER

Getting URL of Actions

Protip, run the following command to get the URL of the action to use for setting up the GitHub App correctly:

wsk action get cla-checker --url
You can’t perform that action at this time.