From 41211b38794f82c47f4fcb40c1b0f494a458791d Mon Sep 17 00:00:00 2001
From: Michael McKeen <m.mckeen@f5.com>
Date: Tue, 12 Mar 2024 10:06:03 -0400
Subject: [PATCH 1/3] ci: add gh action workflow for F5 CLA automation

---
 .github/workflows/f5-cla.yml | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 .github/workflows/f5-cla.yml

diff --git a/.github/workflows/f5-cla.yml b/.github/workflows/f5-cla.yml
new file mode 100644
index 000000000..2add4154d
--- /dev/null
+++ b/.github/workflows/f5-cla.yml
@@ -0,0 +1,35 @@
+name: "F5 CLA Workflow"
+on:
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened, closed, synchronize]
+
+permissions:
+  actions: write
+  contents: write
+  pull-requests: write
+  statuses: write
+
+jobs:
+  f5-cla:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "F5 CLA Assistant"
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target'
+        uses: contributor-assistant/github-action@v2.3.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }}
+        with:
+          path-to-signatures: 'signatures/beta/signatures.json'
+          path-to-document: 'https://github.com/f5/.github/blob/main/CLA/cla-markdown.md'
+          # Any pull request targeting the following branch will trigger a CLA check
+          branch: 'main'
+          custom-pr-sign-comment: 'I have hereby read the F5 CLA and agree to its terms'
+          custom-notsigned-prcomment: '🎉 Thank you for your contribution. It appears you have not yet signed the F5 Contributor License Agreement, which is required for your changes to be incorporated into an F5 project. Please kindly read the [F5 CLA](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md) and comment the following to agree:'
+          custom-allsigned-prcomment: 'All required contributors have signed the F5 CLA for this PR  ✅'
+          remote-organization-name: 'f5'
+          remote-repository-name: 'f5-cla-data'
+          # Comma seperated list of usernames for maintainers or any other individuals who should not be prompted for a CLA.
+          allowlist: Dean-Coakley, pleshakov, lucacome, bot*

From fe3a159eec0ebfe416b40d9d4af7dc3e0daf8992 Mon Sep 17 00:00:00 2001
From: Michael McKeen <m.mckeen@f5.com>
Date: Tue, 9 Apr 2024 12:54:47 -0400
Subject: [PATCH 2/3] chore: explicitly mention F5 CLA requirements in
 CONTRIBUTING.md

---
 CONTRIBUTING.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 162ee156a..0c2c82c20 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -50,6 +50,11 @@ issue template.
 ### Open a Pull Request
 
 - Fork the repo, create a branch, submit a PR when your changes are tested and ready for review
+- Acknowledge the F5 Contributor License Agreement (CLA) if prompted
+  - F5 Open Source Policy ***requires*** all external contributors agree to the terms outlined in the
+    [F5 CLA](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md) before their changes can be incorporated into
+    an open source project.
+  - If you have not yet signed an F5 CLA when opening a pull request, our tooling will help walk you through the process.
 - Fill in [our pull request template](.github/PULL_REQUEST_TEMPLATE.md)
 
 > **Note**

From 4d408bcfc9d9e6c6538844f9b02b1b7de313932b Mon Sep 17 00:00:00 2001
From: Michael McKeen <m.mckeen@f5.com>
Date: Thu, 11 Apr 2024 17:19:40 -0400
Subject: [PATCH 3/3] chore(f5-cla): updated pilot config with safer defaults

---
 .github/workflows/f5-cla.yml | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/f5-cla.yml b/.github/workflows/f5-cla.yml
index 2add4154d..ee3505d84 100644
--- a/.github/workflows/f5-cla.yml
+++ b/.github/workflows/f5-cla.yml
@@ -1,4 +1,4 @@
-name: "F5 CLA Workflow"
+name: F5 CLA
 on:
   issue_comment:
     types: [created]
@@ -7,29 +7,33 @@ on:
 
 permissions:
   actions: write
-  contents: write
   pull-requests: write
   statuses: write
 
 jobs:
   f5-cla:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
-      - name: "F5 CLA Assistant"
+      - name: Run F5 CLA assistant
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target'
-        uses: contributor-assistant/github-action@v2.3.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }}
+        uses: contributor-assistant/github-action@dbc1c64d82d3aad5072007a41fff2828ae6d23ec # v2.3.2
         with:
-          path-to-signatures: 'signatures/beta/signatures.json'
-          path-to-document: 'https://github.com/f5/.github/blob/main/CLA/cla-markdown.md'
           # Any pull request targeting the following branch will trigger a CLA check
           branch: 'main'
+          # Path to the CLA document
+          path-to-document: 'https://github.com/f5/.github/blob/main/CLA/cla-markdown.md'
+          # Custom CLA messages
+          custom-notsigned-prcomment: '🎉 Thank you for your contribution. It appears you have not yet signed the F5 Contributor License Agreement (CLA), which is required for your changes to be incorporated into an F5 project. Please kindly read the [F5 CLA](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md) and comment the following to agree:'
           custom-pr-sign-comment: 'I have hereby read the F5 CLA and agree to its terms'
-          custom-notsigned-prcomment: '🎉 Thank you for your contribution. It appears you have not yet signed the F5 Contributor License Agreement, which is required for your changes to be incorporated into an F5 project. Please kindly read the [F5 CLA](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md) and comment the following to agree:'
-          custom-allsigned-prcomment: 'All required contributors have signed the F5 CLA for this PR  ✅'
+          custom-allsigned-prcomment: '✅ All required contributors have signed the F5 CLA for this PR. Thank you!'
+          # Remote repository storing CLA signatures
           remote-organization-name: 'f5'
           remote-repository-name: 'f5-cla-data'
+          path-to-signatures: 'signatures/beta/signatures.json'
           # Comma seperated list of usernames for maintainers or any other individuals who should not be prompted for a CLA.
           allowlist: Dean-Coakley, pleshakov, lucacome, bot*
+          # Do not lock PRs after a merge
+          lock-pullrequest-aftermerge: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }}