kunthawat/moreminimore-redesign
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Activity

fix(ci): query check runs instead of commit statuses for CLA labels (#289)

Browse Source 
* fix(ci): query check runs instead of commit statuses for CLA labels

The CLA Assistant action (contributor-assistant/github-action) reports
results as check runs, not commit statuses. The labeling step was
querying listCommitStatusesForRef which always returned an empty array,
so CLA labels were never applied to PRs.

Switch to checks.listForRef and match on the CLAssistant check run name
and conclusion. Add checks: read permission.

* fix(ci): split CLA labeling into separate job to avoid race condition

The label step was in the same job as the CLA check, so the CLAssistant
check run was still in_progress when queried — labels were never applied.
Move labeling to a separate job with needs: CLAssistant so the check run
is completed before we read its conclusion.

Also add issues: write permission for creating repo-level labels.
This commit is contained in:
Matt Kane
2026-04-06 07:29:55 +01:00
committed by GitHub
parent 5beb0ddc33
commit f5d0e8dd17
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.github/workflows/cla.yml vendored
View File

@@ -8,7 +8,9 @@ on:
permissions: permissions:
actions: write actions: write
checks: read
contents: write contents: write
issues: write
pull-requests: write pull-requests: write
statuses: write statuses: write
@@ -28,8 +30,12 @@ jobs:
allowlist: dependabot[bot] allowlist: dependabot[bot]
lock-pullrequest-aftermerge: false lock-pullrequest-aftermerge: false
- name: Label CLA status label:
needs: CLAssistant
if: always() && (github.event_name == 'pull_request_target' || github.event.issue.pull_request) if: always() && (github.event_name == 'pull_request_target' || github.event.issue.pull_request)
runs-on: ubuntu-latest
steps:
- name: Label CLA status
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with: with:
script: | script: |
@@ -42,14 +48,14 @@ jobs:
// Get the PR to read head SHA // Get the PR to read head SHA
const { data: pr } = await github.rest.pulls.get({ owner, repo, pull_number: prNumber }); const { data: pr } = await github.rest.pulls.get({ owner, repo, pull_number: prNumber });
// Read the CLA commit status // Read the CLA check run (the CLA Assistant uses check runs, not commit statuses)
const { data: statuses } = await github.rest.repos.listCommitStatusesForRef({ const { data: checkRuns } = await github.rest.checks.listForRef({
owner, repo, ref: pr.head.sha, owner, repo, ref: pr.head.sha,
}); });
const claStatus = statuses.find(s => s.context === 'license/cla'); const claCheck = checkRuns.check_runs.find(cr => cr.name === 'CLAssistant');
if (!claStatus) return; if (!claCheck || claCheck.status !== 'completed') return;
const signed = claStatus.state === 'success'; const signed = claCheck.conclusion === 'success';
const addLabel = signed ? 'cla: signed' : 'cla: needed'; const addLabel = signed ? 'cla: signed' : 'cla: needed';
const removeLabel = signed ? 'cla: needed' : 'cla: signed'; const removeLabel = signed ? 'cla: needed' : 'cla: signed';