CLAHub provides a low-friction way to have a Contributor License Agreement for your open source project that's hosted on GitHub. Contributors digitally sign your CLA by signing in with GitHub. Then, it automatically marks up your pull requests based on whether the contributors have all signed your CLA.
Right now it's running at https://www.clahub.com
I don't intend for this to lead to a proliferation of CLAs. But when they're appropriate, I hope it can reduce the friction of contribution.
This project is a work-in-progress. Any and all feedback is welcome!
It currently works, but could use UI and functionality improvement. Find such discussion in GitHub issues.
What's a CLA?
Contributor Agreements are a way to prove intellectual property (IP) provenance of contributions to an open-source project. They generally say that:
The code I’m contributing is mine, and I have the right to license it.
I’m granting you a license to distribute said code under the terms of this agreement (typically “as you see fit” or “under an OSI-approved license” or whatever).
Here's some more background on CLAs:
Want to choose a CLA? Harmony Agreements is a web tool that helps you quickly select a CLA:
I am not a lawyer, and none of the CLAhub documentation, functionality, or other communication constitutes legal advice. Consult your lawyer about contributor agreements for your project.
Register a new app at GitHub to get an OAuth key and secret:
Set up a .env file with your GITHUB_KEY and GITHUB_SECRET. You can also specify an HTTP port for local foreman:
GITHUB_KEY=abc123 GITHUB_SECRET=234897239872394832478 GITHUB_LIMITED_KEY=xyz789 GITHUB_LIMITED_SECRET=2390482390482 PORT=3000
Register for two new GitHub applications, one will be used for project owner signups and one for contributors signups.
You will need to configure the authorization callback URL for each:
- Full access: http://127.0.0.1:3000/auth/github/callback
- Limited-access signature-only callback: https://127.0.0.1:3000/auth/github_limited/callback
This file is .gitignored so it's private.
We use the
dotenv gem to provide these variables to the test environment as
Getting set up
Install gems and initialize databases:
bundle rake db:create db:migrate db:test:prepare
Run the tests to make sure things are working:
Running the app
Run with Foreman if you like:
Or as normal (.env is loaded by
rails server rails console
Use SimpleCov to build code coverage:
To take advantage of this:
- Install a LiveReload browser extension
guardon the command line.
Development and Webhooks
As part of the app, we sign up to receive GitHub webhooks (HTTP requests to
/repo_hook) to be notified when stuff happens to repos we care about. (In
particular, we want to know about new pushes so we can assess whether their
contributors have agreed to the relevant CLA.)
Then, you should run the Rails server with the
HOST environment variable
HOST=http://my.fancy.dynamic.host.name rails server, or set it in
foreman. This is read in
Note that the dynamic hostname you use is saved in the GitHub webhook registrations. If your dynamic hostname changes, you will need to update the webhooks in GitHub so that it knows where to send the requests.
See DEPLOY.md for information on deploying.
See LICENSE for the project license.
The "Clipboard and pencil" graphic used in the homepage logo is licensed from iStockPhoto.com:
The graphic is licensed for a single-seat install and is in use at https://www.clahub.com. It is not licensed for multi-seat use, so any other installations should purchase a separate license or use a different image.