paulmataruso/chartdb
1
0
Fork 0
mirror of https://github.com/chartdb/chartdb.git synced 2025-10-22 23:01:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
chartdb/.github/workflows/cla.yaml
Aaron Dewes ad8e34483f fix(cla): Harden action (#867) 
The CLA action does not need contents: write permission. Limit it to read for security.
2025-08-26 13:41:29 +03:00

34 lines
1.0 KiB
YAML
Raw Permalink Blame History

name: "CLA Assistant"
on:
issue_comment:
types: [created]
pull_request_target:
types: [opened,closed,synchronize]
permissions:
actions: write
contents: read
pull-requests: write
statuses: write
jobs:
CLAAssistant:
runs-on: ubuntu-latest
steps:
- name: "CLA Assistant"
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
# Beta Release
uses: contributor-assistant/github-action@v2.6.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PERSONAL_ACCESS_TOKEN: ${{ secrets.CHARTDB_CLA_SIGNATURES_PAT }}
with:
remote-organization-name: 'chartdb'
remote-repository-name: 'cla-signatures'
path-to-signatures: 'signatures/version1/cla.json'
path-to-document: 'https://github.com/chartdb/chartdb/blob/main/CLA.md'
# branch should not be protected
branch: 'main'
allowlist:
Reference in New Issue View Git Blame Copy Permalink