-
Notifications
You must be signed in to change notification settings - Fork 1
Contributor License Agreement
Hello! The Contributor License Agreement for Legalese has been shamelessly cribbed from CLAHub. We require all contributors to sign this Agreement for us when you want to submit a pull request.
Our version is hosted here: Legalese's CLAHub
CLAHub is a tool for easy integration of CLAs into opensource projects on Github. Whenever a contributor submits a pull request for our project, CLAHub performs a check on the user's signatory status. If the user has not signed our CLA, it inserts an alert at the confirmation page of the pull request to remind the user to sign the CLA at the link provided, or else the pull request will not be submitted.
The owner has included very helpful instructions to deploy our own copy of CLAHub independent of his version hosted at the above URL.
The vast majority of CLAHub is written in Ruby and is hosted on Heroku. This is how I created our own copy:
Clone the CLAHub repository here.
Install the Heroku Toolbelt and follow their "Getting started" instructions. Also, note that Ruby projects hosted on Heroku have certain requirements.
Now cd to your local clone's directory in Terminal and then choose a name for your copy: it could be my-clahub, for example. If you leave it blank, Heroku will choose a random name for you. In that case, the command would be heroku create.
heroku create my-clahub
heroku config:add SECRET_TOKEN=some-random-key-with-plenty-of-entropy-here
heroku addons:add heroku-postgresql
Note that the SECRET_TOKEN MUST be at least 30 characters. One way to generate it:
heroku config:add SECRET_TOKEN=$( head /dev/random | base64 | head -n 1 )
Push the code up:
git push heroku master
Migrate the database:
heroku run rake db:migrate
heroku run rake db:seed
Github has an OAuth function. This allows external apps to request authorisation to private details in a user account without requesting its password. CLAHub requests authorisation via OAuth to determine whether a certain user has signed a certain CLA associated with the project he is contributing to.
Register for two new Github applications. One will be used for project owner signups and one for contributors signups.
You will need to configure the authorization callback URL for each. Note: the "limited" application will be used for the contributor signups. It will only be used for authorization and hence won't require any permissions to the contributor's account.
* Full access: https://my-clahub.herokuapp.com/auth/github/callback
* Limited-access signature-only callback: https://my-clahub.herokuapp.com/auth/github_limited/callback
From the applications' page, copy the client keys and secrets, and add it to the Heroku environment:
heroku config:add GITHUB_KEY=aaa111bbb GITHUB_SECRET=ccc222ddd
heroku config:add GITHUB_LIMITED_KEY=aaa111bbb GITHUB_LIMITED_SECRET=ccc222ddd
If you have problems, try running heroku logs.
If you want to enforce a canonical hostname, e.g. hosting at www.my-clahub.com and redirect my-clahub.herokuapp.com to that address:
heroku domains:add www.my-clahub.com
heroku config:add CANONICAL_URL=www.my-clahub.com
At your DNS provider, add a CNAME from www.my-clahub.com to my-clahub.herokuapp.com.
You also need to set your hostname as a HOST environment variable:
heroku config:set HOST=https://my-cla.herokuapp.com
or edit config/initializers/host.rb and add your host name (either the domain name supplied by Heroku or your custom domain) to the production key. For example:
'production' => 'http://my-clahub.herokuapp.com'
In the production environment, SSL is enforced. If you really do not want SSL:
heroku config:add DISABLE_SSL_ENFORCEMENT=true
Google Universal Analytics is enabled if you set environment variables UA_KEY
and UA_DOMAIN. The JavaScript is added from app/views/layouts/application.html.erb.
NOTE: @jobchong is still hosting this on his Heroku account. Once we consolidate, all third-party applications like this ideally should be held under a single corporate Legalese user.