ci: bump has-signed-canonical-cla version #2162
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The option for accepting existing contributors was removed from the CLA checker in v2 with the following reasoning[1,2]: Remove the option for accepting existing contributors, as contributors can revoke their CLA agreement. The CLA must be checked with every commit. For Subiquity's case, this seems to mostly have been used as a workaround for Canonical employees signing commits with their Ubuntu member emails addresses[3], which the v1 CLA checker had trouble with. This doesn't look like it'll be an issue with v2 so we can safely proceed with removing this. [1] https://github.com/canonical/has-signed-canonical-cla/releases/tag/2.0.0 [2] canonical/has-signed-canonical-cla@82ea789 [3] 6b1700b
Chris-Peterson444
force-pushed
the
update-cla-check
branch
from
54afbac to
4ce839b
Compare
dbungert
approved these changes
Feb 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update the cla-check workflow with an updated version of the
has-signed-canonical-claaction.A side effect of this upgrade is that the option for accepting existing contributors was removed from the CLA checker in v2. The following reasoning was provided[1,2]:
This seems reasonable IMO and for Subiquity's case, this seems to mostly have been used as a workaround for Canonical employees signing commits with their Ubuntu member emails addresses[3], which the v1 CLA checker had trouble with. This doesn't look like it'll be an issue with v2 so I think we can safely proceed with removing this.
Additionally, let's temporarily pin the version to a specific later commit to workaround a regression in v2.0.0 which silently accepts usernames not associated with a github username[4].Edit: This has been resolved upstream andv2now contains the fix.[1] https://github.com/canonical/has-signed-canonical-cla/releases/tag/2.0.0
[2] canonical/has-signed-canonical-cla@82ea789
[3] 6b1700b
[4] canonical/has-signed-canonical-cla#73