fix: cve #8212
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CLA Assistant" | |
on: | |
issue_comment: | |
types: [created] | |
pull_request_target: | |
types: [opened, closed, synchronize] | |
permissions: | |
actions: write | |
contents: write | |
pull-requests: write | |
statuses: write | |
jobs: | |
ContributorLicenseAgreement: | |
runs-on: ubuntu-latest | |
steps: | |
- name: "CLA Assistant" | |
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' | |
# Alpha Release | |
uses: contributor-assistant/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# the below token should have repo scope and must be manually added by you in the repository's secret | |
PERSONAL_ACCESS_TOKEN: ${{ secrets.PAT_CLATOOL }} | |
with: | |
path-to-signatures: "signatures/version1/cla.json" | |
path-to-document: "https://github.com/splunk/cla-agreement/blob/main/CLA.md" # e.g. a CLA or a DCO document | |
# branch should not be protected | |
branch: "main" | |
allowlist: renovate[bot],semantic-release-bot | |
#below are the optional inputs - If the optional inputs are not given, then default values will be taken | |
remote-organization-name: splunk | |
remote-repository-name: cla-agreement | |
#create-file-commit-message: 'For example: Creating file for storing CLA Signatures' | |
#signed-commit-messag e: 'For example: $contributorName has signed the CLA in #$pullRequestNo' | |
#custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign' | |
#custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA' | |
#custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.' | |
CodeOfConduct: | |
runs-on: ubuntu-latest | |
steps: | |
- name: "COC Assistant" | |
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the Code of Conduct and I hereby accept the Terms') || github.event_name == 'pull_request_target' | |
# Alpha Release | |
uses: contributor-assistant/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# the below token should have repo scope and must be manually added by you in the repository's secret | |
PERSONAL_ACCESS_TOKEN: ${{ secrets.PAT_CLATOOL }} | |
with: | |
path-to-signatures: "signatures/version1/coc.json" | |
path-to-document: "https://github.com/splunk/cla-agreement/blob/main/CODE_OF_CONDUCT.md" # e.g. a COC or a DCO document | |
# branch should not be protected | |
branch: "main" | |
allowlist: renovate[bot],semantic-release-bot | |
#below are the optional inputs - If the optional inputs are not given, then default values will be taken | |
remote-organization-name: splunk | |
remote-repository-name: cla-agreement | |
custom-pr-sign-comment: "I have read the Code of Conduct and I hereby accept the Terms" | |
create-file-commit-message: "For example: Creating file for storing COC Signatures" | |
signed-commit-message: "$contributorName has signed the COC in #$pullRequestNo" | |
custom-notsigned-prcomment: "All contributors have NOT signed the COC Document" | |
custom-allsigned-prcomment: "****CLA Assistant Lite bot**** All contributors have signed the COC ✍️ ✅" |