Speaker
Description
Managing projects with external collaborators sometimes comes with the burden of ensuring inbound contributions respect legal obligations. Where a low-level 'Developer Certificate of Origin (DCO)' approach only introduces certain checks, a 'Contributor License Agreements (CLAs)', on the other hand, relies on documenting signed CLAs and thus dedicated book-keeping.
In this poster, we showcase our initial approach to a 'CLA Bot' that checks merge requests on compliance with either a DCO or CLA. While this is work in progress, our goal is to provide a similar functionality already available on Github also for community instances of Gitlab. We show the interaction between the bot and users, its limitations, and list steps taken for the automation via CI pipelines. Here, the somewhat simpler approach to pipelines in Gitlab vs Github necessitates working with webhooks that act on events within Gitlab.
Our setup does not rely on a central server (in fact any additional server) and can be used by individual projects without having to share data. By using webhooks and CI pipelines, our approach can be used for similar automation tasks, offering the potential to interact with users.
