janusgraph-dev@lists.lfaidata.foundation | @janusgraph-bot CLA enforcement update

Home Messages Hashtags Subgroups Calendar

Date Date 1 - 3 of 3

@janusgraph-bot CLA enforcement update

Misha Brukman <mbru...@...> #1258 Hi all, I've updated the @janusgraph-bot code to mark PRs by unknown contributors (i.e., did not sign the offline paper CLA) with a new label [cla: external] as these cases will be managed by The Linux Foundation CLA tool going forward, and we are not accepting any new offline-signed CLA documents. The new code is already running, and you can see that @janusgraph-bot has updated a number of PRs to remove the [cla: no] tag and add the [cla: external] tag. Over time, we will remove users from the current CLA YAML config as folks re-sign the CLA using the LF CLA tool, and then we'll remove the offline CLA altogether and stop @janusgraph-bot from processing PRs entirely (and we will not have any [cla: *] tags applied to PRs). Unfortunately, while I expected to have zero [cla: no] tags at this time, I've just discovered a bug in how it's handling dependbot (which is unfortunately a very prolific contributor). Sorry about that. The specific issue is the PRs have author != committer, where author is @dependabot (no CLA) while the committer is GitHub's @web-flow (which we whitelisted as a contributor). I will fix the bug in the code later in Dec or early Jan; it can be fixed much faster by merging https://github.com/JanusGraph/legal/pull/147 which removes web-flow from the list of authorized contributors, thus making it external (because I set a flag on the binary to treat all unknown contributors as external). Best, Misha
More
Misha Brukman <mbru...@...> #1259 FYI, I fixed the bug I mentioned earlier and deployed a new version of @janusgraph-bot (which is powered by the "cmd/crbot" tool in this repo, in case you're interested). Thus, merging the PR I mentioned earlier is no longer urgent. As a result, you should no longer see any [cla: no] labels on any current or future PRs reported by @janusgraph-bot, since we're only allowing new ICLA/CCLA signatures via the electronic EasyCLA process. Note that @janusgraph-bot has already updated all current PRs authored by @dependabot-preview correctly; I will re-run it on past PRs later to update them accordingly as well. Going forward, you should only see one of the following labels on PRs: [cla: yes] if @janusgraph-bot can validate them as having signed the offline ICLA/CCLA via the old process, or [cla: external] if at least one of the authors or committers for any of the commits on the PR is not found (and all unknown users are treated as "external" going forward; thus, EasyCLA is the authoritative source for this. If you see any issues with the CLA label updates, or you see any new [cla: no] labels on a future PR from @janusgraph-bot, please cc: me on the PR to let me know. Starting in early 2020, I will be working on migrating all current offline CLA signers to the new electronic system, and turn off CLA enforcement via @janusgraph-bot once that is done. Best, Misha toggle quoted message Show quoted text On Wed, Dec 11, 2019 at 11:55 PM Misha Brukman <mbru...@...> wrote: Hi all, I've updated the @janusgraph-bot code to mark PRs by unknown contributors (i.e., did not sign the offline paper CLA) with a new label [cla: external] as these cases will be managed by The Linux Foundation CLA tool going forward, and we are not accepting any new offline-signed CLA documents. The new code is already running, and you can see that @janusgraph-bot has updated a number of PRs to remove the [cla: no] tag and add the [cla: external] tag. Over time, we will remove users from the current CLA YAML config as folks re-sign the CLA using the LF CLA tool, and then we'll remove the offline CLA altogether and stop @janusgraph-bot from processing PRs entirely (and we will not have any [cla: *] tags applied to PRs). Unfortunately, while I expected to have zero [cla: no] tags at this time, I've just discovered a bug in how it's handling dependbot (which is unfortunately a very prolific contributor). Sorry about that. The specific issue is the PRs have author != committer, where author is @dependabot (no CLA) while the committer is GitHub's @web-flow (which we whitelisted as a contributor). I will fix the bug in the code later in Dec or early Jan; it can be fixed much faster by merging https://github.com/JanusGraph/legal/pull/147 which removes web-flow from the list of authorized contributors, thus making it external (because I set a flag on the binary to treat all unknown contributors as external). Best, Misha
More
Oleksandr Porunov <alexand...@...> #1261 Thank you Misha for this work! It is much cleaner now and new folks are not confused by `[cla: no]` label. Great work, thanks again Best regards, Oleksandr toggle quoted message Show quoted text On Saturday, December 14, 2019 at 8:55:35 AM UTC-8, Misha Brukman wrote: FYI, I fixed the bug I mentioned earlier and deployed a new version of @janusgraph-bot (which is powered by the "cmd/crbot" tool in this repo, in case you're interested). Thus, merging the PR I mentioned earlier is no longer urgent. As a result, you should no longer see any [cla: no] labels on any current or future PRs reported by @janusgraph-bot, since we're only allowing new ICLA/CCLA signatures via the electronic EasyCLA process. Note that @janusgraph-bot has already updated all current PRs authored by @dependabot-preview correctly; I will re-run it on past PRs later to update them accordingly as well. Going forward, you should only see one of the following labels on PRs: [cla: yes] if @janusgraph-bot can validate them as having signed the offline ICLA/CCLA via the old process, or [cla: external] if at least one of the authors or committers for any of the commits on the PR is not found (and all unknown users are treated as "external" going forward; thus, EasyCLA is the authoritative source for this. If you see any issues with the CLA label updates, or you see any new [cla: no] labels on a future PR from @janusgraph-bot, please cc: me on the PR to let me know. Starting in early 2020, I will be working on migrating all current offline CLA signers to the new electronic system, and turn off CLA enforcement via @janusgraph-bot once that is done. Best, Misha On Wed, Dec 11, 2019 at 11:55 PM Misha Brukman <mb...@...> wrote: Hi all, I've updated the @janusgraph-bot code to mark PRs by unknown contributors (i.e., did not sign the offline paper CLA) with a new label [cla: external] as these cases will be managed by The Linux Foundation CLA tool going forward, and we are not accepting any new offline-signed CLA documents. The new code is already running, and you can see that @janusgraph-bot has updated a number of PRs to remove the [cla: no] tag and add the [cla: external] tag. Over time, we will remove users from the current CLA YAML config as folks re-sign the CLA using the LF CLA tool, and then we'll remove the offline CLA altogether and stop @janusgraph-bot from processing PRs entirely (and we will not have any [cla: *] tags applied to PRs). Unfortunately, while I expected to have zero [cla: no] tags at this time, I've just discovered a bug in how it's handling dependbot (which is unfortunately a very prolific contributor). Sorry about that. The specific issue is the PRs have author != committer, where author is @dependabot (no CLA) while the committer is GitHub's @web-flow (which we whitelisted as a contributor). I will fix the bug in the code later in Dec or early Jan; it can be fixed much faster by merging https://github.com/JanusGraph/legal/pull/147 which removes web-flow from the list of authorized contributors, thus making it external (because I set a flag on the binary to treat all unknown contributors as external). Best, Misha
More

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Calendar Terms