GitHub CLA Webhook
WARNING: As of March 2016, CLA checking is already enabled on most of our GitHub orgs. Adding the webhook to your repository as well will result in duplicate comments from the googlebot account on pull requests.
This document describes how to configure a GitHub repository to integrate with SignCLA, such that new pull requests are automatically checked for CLAs. Learn more about CLAs at go/cla.
Whenever a contributor opens a new pull request on your repository, we’ll check to see if they have a Google CLA on file. If not, we’ll leave a comment on the pull request with instructions on how to sign one. Once they’ve signed, we’ll update the pull request to note that it is now okay to accept. In the common case, all of this happens before you even get around to looking at the pull request, so that by the time you do, everything is already taken care of.
Make sure googlebot has access
The googlebot account which SignCLA uses should already be an owner on all of our GitHub orgs. If it is not, or if you are not sure, email emailremoved@.
For repos not hosted in one of our standard orgs, you can add googlebot yourself by going to the Collaborators section of your repo settings page.
Add issue labels if you want them
If your repository has the labels cla: yes and cla: no defined, SignCLA will also add or remove them from pull requests as appropriate. These labels are helpful, for example, for searching for pull requests with a particular CLA status. For example, here are the open pull requests on angular/angular that have signed a CLA: https://github.com/angular/angular/labels/cla:%20yes.
If these labels are not already defined for your repository, they won’t be added.
NOTE: It may be good practice to add these labels as some internal tools such as go/copybara rely on their presence, in particular when importing the OSS code into the google codebase. Example
Configure the GitHub webhook
Go to the settings page for your repository, click “Webhooks & Services”, then click “Add webhook”. Fill out the form with the following information:
- Payload URL: URL removed
- Content type: application/json
- Secret: obtain this at http://linkremoved/
- Which events would you like to trigger this webhook?
- Select “Let me select individual events” and then select only “Issue comment” and “Pull Request”.
- Active: this should be checked
Configuring all repositories in a GitHub organization
If you are an owner of a GitHub organization, you can configure the CLA check for all repositories in the organization rather than one at a time. Follow the same instructions above, but configure the webhook in the organization settings page (for example, at https://github.com/organizations/google/settings/hooks for the “google” org). When obtaining the webhook secret, just enter the URL for the organization, rather than a repository.
Repositories in personal accounts
By default, all Google open source code released on GitHub must be housed in one of our official organizations. In some specific cases, individual projects have been approved for release in personal GitHub accounts. However, even though they’re in personal accounts, CLAs are still required for all contributors. The GitHub webhook for SignCLA works the same on repositories hosted in personal accounts as it does for those hosted in organizations. CLAs can also always be looked up manually at go/cla-signers.
If Googlebot reports that a valid signed CLA is missing, the most common cause is that the commit email address does not match the one used to sign the CLA. Instructions for fixing this can be found at: go/cla#wrong-email.
As pull requests come in, you should see comments from googlebot pretty much instantly. SignCLA tries to be intelligent about monitoring the conversation on the pull request and re-checking for CLAs when needed. If you have any questions or problems, email emailremoved@.
Except as otherwise noted, the content of this page is licensed under CC-BY-4.0 license. Third-party product names and logos may be the trademarks of their respective owners.