Name: salesforce-cla
Owner: Sonatype Community
Description: Salesforce Contributor License Agreement Bot for Validating GitHub Pull Requests
Created: 2018-02-16 20:01:22.0
Updated: 2018-04-19 19:50:30.0
Pushed: 2018-04-20 16:47:15.0
Size: 2325
Language: Scala
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This is a set of tools for dealing with Contributor License Agreements for Open Source Salesforce projects.
The tools provided are:
This application is built with:
When someone sends a Pull Request to a project on GitHub, a Webhook sends details to this app. The authors of the commits in the PR are checked to see if they are collaborators on the repo. If not, the app checks if they have signed CLAs. If there are missing CLAs then the status of the PR is set to failed. Otherwise it is set to success. Also if there are missing CLAs then a comment is posted on the PR asking the contributors to sign the CLA. Once a contributor signs a CLA, all of the open PRs are revalidated.
Install Java 8
Install Postgres
Install ngrok
Start ngrok: ngrok http 9000
Create local Postgres databases:
$ psql
# CREATE ROLE salesforcecla LOGIN password 'password';
# CREATE DATABASE salesforcecla ENCODING 'UTF8' OWNER salesforcecla;
# CREATE DATABASE "salesforcecla-test" ENCODING 'UTF8' OWNER salesforcecla;
Setup a new oAuth App
https://github.com/organizations/{your-organization}/settings/applications/new
Something descriptive
https://YOUR_NGROK_ID.ngrok.io/_github_oauth_callback
https://YOUR_NGROK_ID.ngrok.io/
GITHUB_CLIENT_ID
and GITHUB_CLIENT_SECRET
env vars accordinglySetup a new GitHub App with the following settings:
https://YOUR_NGROK_ID.ngrok.io/webhook-integration
Read-only
Read & Write
Read & Write
Read & Write
Read-only
Read-only
It is not required, but if you set the GitHub Integration Secret Token, then set the GITHUB_INTEGRATION_SECRET_TOKEN
env var accordingly.
Generate and save a new Private key for the new Integration, then set the GITHUB_INTEGRATION_PRIVATE_KEY
env var accordingly, like:
export GITHUB_INTEGRATION_PRIVATE_KEY=$(cat ~/somewhere/your-integration.2017-02-07.private-key.pem)
Your new GitHub App will have a numeric id, set the GITHUB_INTEGRATION_ID
env var accordingly.
Your new GitHub App will have a slug / URL friendly name, set the GITHUB_INTEGRATION_SLUG
env var accordingly.
Set the GITHUB_BOT_NAME
env var to the value of what you'd like your public facing bot to appear as
rt GITHUB_BOT_NAME=salesforce-cla
Start the web app:
$ ./sbt ~run
Authenticate to GitHub with your test user
Open the audit page: https://SOMETHING.ngrok.com/audit
You should see a list of organizations which have the GitHub App installed and which you are an admin of
In GitHub edit the README
file the testing repo and submit a pull request
This will make a webhook request to your local application and validate the CLA status of the submitter
You can see event deliveries in the Developer Settings for your GitHub App
If you make a PR with a testing user that is not part of the org, you should see the PR validation failure and be able to sign the CLA
You will need two GitHub testing users. For each, create a personal access token with the following permissions: admin:org, admin:org_hook, admin:public_key, admin:repo_hook, delete_repo, repo, user
For user one, create a new testing organization (because this can't be done via the API). Add the second user as a member of this org.
For user one, install the GitHub App into the user's account and into the testing org.
Set the GITHUB_TEST_TOKEN1
, GITHUB_TEST_ORG
, and GITHUB_TEST_TOKEN2
env vars.
Run all of the tests continuously:
$ ./sbt ~test
1 Run just the GitHubSpec
tests continuously:
$ ./sbt ~testOnly utils.GitHubSpec