Skip to content

tweak to make commits signed by proper bot #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dovholuknf merged 1 commit into from
May 19, 2026
Merged

tweak to make commits signed by proper bot #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 0 additions & 8 deletions .github/workflows/add-cla-signature.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,14 +40,6 @@ jobs:

- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ steps.app-token.outputs.token }}
fetch-depth: 0

- name: Configure bot identity
run: |
git config user.email "nf-cla-bot[bot]@users.noreply.github.com"
git config user.name "nf-cla-bot[bot]"

- name: Append signature and push
env:
Expand Down
42 changes: 29 additions & 13 deletions scripts/add-cla-signature.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,22 +94,38 @@ mv "$TMP" "$LEDGER"

echo "Appended entry for $RESOLVED_LOGIN ($USER_ID) to $LEDGER"

cd "$REPO_ROOT"
if [[ "$DO_PUSH" -ne 1 ]]; then
echo "Skipped push (--no-push). Ledger modified locally; no commit made."
exit 0
fi

# Commit via the GitHub Contents API so the commit is authored by the App's
# bot identity and signed/verified by GitHub. A plain `git push` with the App
# token works, but the resulting commit is unsigned and uses whatever local
# git user.name/email was configured.

# Configure committer identity only if not already set (CI sets these).
if [[ -z "$(git config user.email || true)" ]]; then
git config user.email "nf-cla-bot@users.noreply.github.com"
git config user.name "nf-cla-bot"
CLA_REPO="${CLA_REPO:-netfoundry/cla}"
CLA_BRANCH="${CLA_BRANCH:-main}"
LEDGER_PATH="$CLA_VERSION/cla.json"

echo "Fetching current SHA for $LEDGER_PATH on $CLA_REPO@$CLA_BRANCH"
CURRENT_SHA=$(gh api "repos/$CLA_REPO/contents/$LEDGER_PATH?ref=$CLA_BRANCH" --jq '.sha')
if [[ -z "$CURRENT_SHA" || "$CURRENT_SHA" == "null" ]]; then
echo "ERROR: could not fetch current SHA for $LEDGER_PATH" >&2
exit 1
fi

git add "$CLA_VERSION/cla.json"
git commit -m "Manually record CLA signature for @$RESOLVED_LOGIN
NEW_CONTENT_B64=$(base64 -w0 < "$LEDGER" 2>/dev/null || base64 < "$LEDGER" | tr -d '\n')

COMMIT_MSG="Manually record CLA signature for @$RESOLVED_LOGIN

$REASON"

if [[ "$DO_PUSH" -eq 1 ]]; then
git push origin HEAD:main
echo "Pushed signature commit to main."
else
echo "Skipped push (--no-push). Commit is local."
fi
echo "Committing via Contents API (will be authored by the App bot and verified)"
gh api --method PUT "repos/$CLA_REPO/contents/$LEDGER_PATH" \
-f message="$COMMIT_MSG" \
-f content="$NEW_CONTENT_B64" \
-f sha="$CURRENT_SHA" \
-f branch="$CLA_BRANCH" >/dev/null

echo "Pushed signature commit to $CLA_REPO@$CLA_BRANCH."