feat(repo): add CLA mechanism for external contributors

Introduce a Contributor License Agreement (CLA) so external contributions
can be licensed under AGPL-3.0 and any other terms (incl. closed-source),
keeping the AGPL-3.0 codebase usable in closed-source projects.

- CLA.md: authoritative English CLA (ICLA + employer authorization, v1.0)
- CLA.zh.md: non-binding Chinese reference translation
- CONTRIBUTING.md: bilingual contributing guide, points to CLA
- .github/workflows/cla.yml: self-hosted cla-assistant-action that records
  signatures into cla-signatures/version-1.json; exempts maintainers & bots
  via allowlist; skips when CLA_BOT_TOKEN is unset
- .github/PULL_REQUEST_TEMPLATE.md: guides contributors to sign
- README.{md,en.md,ja.md}: add License & contributing footer
- app/terms: note CLA requirement in the IP section

Enforcement requires repo-level setup (PAT secret + branch protection)
documented in cla.yml; not covered by this commit.
This commit is contained in:
yuanzonghao
2026-06-17 12:23:46 +08:00
parent 98d8e83c92
commit 2b0b9c6f8d
9 changed files with 524 additions and 0 deletions
+63
View File
@@ -0,0 +1,63 @@
name: "CLA Assistant"
# Requires the following GitHub repository secret to be configured:
# CLA_BOT_TOKEN — a fine-grained Personal Access Token with
# `Contents: Read and write` (and `Pull requests: Read`) scope on this
# repository. The GITHUB_TOKEN cannot commit to a protected branch, so a PAT
# is needed to record signatures into cla-signatures/version-1.json.
#
# To actually enforce the CLA, add `cla/cla-assistant.yml:CLAAssistant` (the
# status check produced by this job) as a required status check in the branch
# protection rules for `main` and `staging`.
on:
issue_comment:
types: [created]
pull_request_target:
types: [opened, closed, synchronize]
jobs:
CLAAssistant:
runs-on: ubuntu-latest
steps:
- name: "CLA Assistant"
# SKIPPED when no secrets are configured, so forks/renames of this
# repo don't fail CI out of the box.
if: >
${{ secrets.CLA_BOT_TOKEN != '' }} &&
(
(github.event.comment.body == 'recheckcla' ||
github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') ||
github.event_name == 'pull_request_target'
)
uses: contributor-assistant/cla-assistant-action@v2.6.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_BOT_TOKEN }}
with:
# Signatures are stored in-repo (self-hosted mode); version-N lets us
# roll the CLA text forward by bumping the path and re-collecting.
path-to-signatures: "cla-signatures/version-1.json"
branch: "main"
# Link to the authoritative English CLA. Chinese reference:
# https://github.com/zonghaoyuan/infiplot/blob/staging/CLA.zh.md
path-to-cla-document: "https://github.com/zonghaoyuan/infiplot/blob/staging/CLA.md"
allowlist: "github-actions[bot],dependabot[bot],zonghaoyuan,*bot,web-flow"
block-sharing-crucial-repositories: true
create-file-commit-message: "docs(cla): record signature for @"
custom-notsigned-prcomment: >
感谢你的 PR!在合并之前,请先签署我们的《贡献者许可协议》(CLA)。阅读
[CLA.md](https://github.com/zonghaoyuan/infiplot/blob/staging/CLA.md)
[中文参考译文](https://github.com/zonghaoyuan/infiplot/blob/staging/CLA.zh.md))后,
在本 PR 中回复以下内容即视为签署:
```
I have read the CLA Document and I hereby sign the CLA
```
你只需签署一次,之后对 InfiPlot 的所有贡献都受同一协议约束。
custom-pr-sign-comment: "The pull request signer accepted the CLA."
custom-allsigned-prcomment: "🎉 All contributors have signed the CLA."