From 802603c2f0baff93928ab2693c82c3a208838557 Mon Sep 17 00:00:00 2001 From: Aconite33 Date: Wed, 1 Apr 2026 12:33:26 -0600 Subject: [PATCH] skip CLA check for bot accounts in CI workflow Add a bot detection step that checks if the PR author's login ends with [bot] (e.g. dependabot[bot], github-actions[bot], renovate[bot]). When detected, the CLA check is skipped with a success status, and the CLA assistant action is not invoked at all. This fixes CLA failures on automated dependency PRs where the allowlist in the CLA assistant action was not matching correctly. --- .github/workflows/cla.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index bb9c379173..7d94199f8c 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -50,9 +50,31 @@ jobs: -f context="CLAAssistant" \ -f description="CLA check skipped — author is an org member" + - name: Check if author is a bot + id: bot-check + if: github.event_name == 'pull_request_target' + run: | + AUTHOR="${{ github.event.pull_request.user.login }}" + if [[ "$AUTHOR" == *"[bot]" ]]; then + echo "is_bot=true" >> "$GITHUB_OUTPUT" + else + echo "is_bot=false" >> "$GITHUB_OUTPUT" + fi + + - name: Skip CLA for bots + if: steps.bot-check.outputs.is_bot == 'true' && github.event_name == 'pull_request_target' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh api --method POST "repos/${{ github.repository }}/statuses/${{ github.event.pull_request.head.sha }}" \ + -f state=success \ + -f context="CLAAssistant" \ + -f description="CLA check skipped — author is a bot" + - name: "CLA Assistant" if: | (steps.membership.outputs.is_member != 'true') && + (steps.bot-check.outputs.is_bot != 'true') && ((github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target') uses: contributor-assistant/github-action@v2.6.1 env: