If you are trying to sign the CLA so your PR's can be merged, please read the CLA docs
If you are a Kubernetes GitHub organization or repo owner, and would like to setup the Linux Foundation CNCF CLA check for your repositories, please read on.
- Go to the settings for your organization or webhook, and choose Webhooks from the menu, then
"Add webhook"
- Payload URL: https://identity.linuxfoundation.org/lfcla/github/postreceive?group=284&comment=no&target=https://identity.linuxfoundation.org/projects/cncf
group=284
specifies the ID of the CNCF project authorized committers group in our CLA system.comment=no
specifies that our system should not post help comments into the pull request (since the Kubernetes mungebot does this).target=https://identity.linuxfoundation.org/projects/cncf
specifies what will be used for the "Details" link in Github for this status check.
- Content Type: 'application/json'
- Secret: Please contact @idvoretskyi, and @caniszczyk.
- Events: Let me select individual events
- Push: unchecked
- Pull request: checked
- Issue comment: checked
- Active: checked
- Payload URL: https://identity.linuxfoundation.org/lfcla/github/postreceive?group=284&comment=no&target=https://identity.linuxfoundation.org/projects/cncf
- Add the @thelinuxfoundation GitHub user as an Owner to your organization or repo to ensure the CLA status can be applied on PR's
- After you send an invite, contact the Linux Foundation; and cc Chris Aniszczyk, Ihor Dvoretskyi, Eric Searcy (to ensure that the invite gets accepted).
- Finally, open up a test PR to check that:
- webhooks are delivered correctly, which can be monitored in the “settings” for your org
- the PR gets the cla/linuxfoundation status
It is recommended that the Linux Foundation CLA check be added as a strict requirement for any change to be accepted to the master branch.
To do this manually:
- Go to the Settings for the repository, and choose Branches from the menu.
- Under Protected Branches, choose "master".
- Check "Protect this branch".
- Check "Require status checks to pass before merging", "Require branches to be up to date before merging", and the "cla/linuxfoundation" status check.
Given the Kubernetes projects anticipates having "human reviewed" CLA acceptance, you may not do the last step, but it is still recommended to enable branch protection to require all changes to be done through pull requests, instead of direct pushing that will never kick off a CLA check.
The label automation is done using the CLA plugin in prow. In order to turn on the CLA labels on your repo, add it as appropriate within the plugins.yaml, and add the cla plugin to it.
You also need to add @k8s-ci-robot as one of the owners in
the same org/repo, to ensure that it can add labels cncf-cla: yes
and cncf-cla: no
based
on the status published by the Linux Foundation webhook.
The label automation may not be essential for your repository, if you’re not using merge automation. For repos with maintainers doing manual merges, github protected branches may suffice.