robstoll
commented
6 years ago Bump, someone of probot must have some input on this one no?
Open robstoll opened 6 years ago
robstoll
commented
6 years ago Bump, someone of probot must have some input on this one no?
tunnckoCore
commented
5 years ago To me it sounds like a good idea. Legally, don't know and I'm interested to hear that too.
Probably @kemitchell can say some words :)
thojansen
commented
5 years ago We have some similar discussions ongoing at https://github.com/cla-assistant/cla-assistant/issues/430.
Feature Request
Is your feature request related to a problem? Please describe. So far there are only CLA-Bots available which store sensitive data somewhere. I have no idea if this data is encrypted etc. and I don't want to force contributors to give away their email address to a company.
There is already the DCO bot which is similar but not the same. I don't want to have a signed-off for every commit and a CLA usually defines more than just DCO.
Describe the solution you'd like I was thinking about a solution which does not require to give away the email address. Instead a simple file (could be a markdown) is maintained within the repo which consists of: | user | commit-hash | pull-request-url |
Each Pull-Request requires kind of a signed-off. Something like: I have read the [CLA v.1.2](relativeLinkToClaInRepo.md) and fully agree to it.
The bot would check if such a comment was given in one of the messages of the author of the pull request and disallow a merge otherwise and inform the user that such a consent is required. Typically one would modify the pull request template accordingly so that it already contains the lines at the end of the pull request description.
Moreover, the bot would automatically add an additional commit which modifies the cla-file accordingly (add user, commit-hash and pull request url) when an author of the repo wants to merge the pull request.
Teachability, Documentation, Adoption, Migration Strategy I have not started implementing something since I am new to GitHub-Apps and first wanted to know if something similar is already planned. Moreover, I don't know if the idea is actually feasible (in case you have lawyers at your company which are bored, maybe they could have a look a the idea and let me know if this process is ok) and possible with the github api -- e.g. create a commit before doing a merge.