diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml new file mode 100644 index 00000000..a7f6c628 --- /dev/null +++ b/.github/workflows/cla.yml @@ -0,0 +1,29 @@ +name: CLA Assistant +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] + +permissions: + actions: write + contents: write + pull-requests: write + statuses: write + +jobs: + cla: + runs-on: ubuntu-latest + steps: + - uses: contributor-assistant/github-action@v2.6.1 + if: | + github.event_name == 'pull_request_target' || + github.event.comment.body == 'recheck' || + github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + path-to-document: docs/CLA.md + path-to-signatures: signatures/cla.json + branch: cla-signatures + allowlist: dependabot[bot] diff --git a/.github/workflows/dco.yml b/.github/workflows/dco.yml deleted file mode 100644 index 7ed7ba5a..00000000 --- a/.github/workflows/dco.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: dco -on: [pull_request] - -jobs: - check: - runs-on: ubuntu-latest - permissions: - contents: read # minimum needed - - steps: - - uses: actions/checkout@v4 - with: { fetch-depth: 0 } # make sure base SHA exists - - - name: Verify Signed‑off‑by lines - shell: bash - run: | - base="${{ github.event.pull_request.base.sha }}" - head="${{ github.event.pull_request.head.sha }}" - - unsigned=$(git log --format='%h %s' "$base..$head" | while read sha _; do - git show -s --format='%B' "$sha" | grep -qi '^Signed-off-by:' || echo "$sha" - done) - - if [ -n "$unsigned" ]; then - echo "::error ::❌ DCO check failed." - echo "" - echo "Commits missing the 'Signed-off-by:' footer:" - echo "$unsigned" - echo "" - echo "🛠 **Quick fix (make ONE signed commit):**" - echo " git fetch origin" - echo " git reset --soft origin/${GITHUB_BASE_REF}" - echo " git commit -s -m \"\"" - echo " git push --force-with-lease" - echo "" - echo "🔧 **Fix individual commits:**" - echo " git rebase -i origin/${GITHUB_BASE_REF} --exec \"git commit --amend -s --no-edit\"" - echo " git push --force-with-lease" - echo "" - echo "💡 Or edit the commit message in GitHub UI and add:" - echo " Signed-off-by: Your Name " - exit 1 - fi diff --git a/README.md b/README.md index 289fdf95..cfcabb24 100644 --- a/README.md +++ b/README.md @@ -294,7 +294,7 @@ Any model available with [Responses API](https://platform.openai.com/docs/api-re This project is under active development and the code will likely change pretty significantly. We'll update this message once that's complete! -More broadly We welcome contributions – whether you are opening your very first pull request or you’re a seasoned maintainer. At the same time we care about reliability and long‑term maintainability, so the bar for merging code is intentionally **high**. The guidelines below spell out what “high‑quality” means in practice and should make the whole process transparent and friendly. +More broadly we welcome contributions – whether you are opening your very first pull request or you’re a seasoned maintainer. At the same time we care about reliability and long‑term maintainability, so the bar for merging code is intentionally **high**. The guidelines below spell out what “high‑quality” means in practice and should make the whole process transparent and friendly. ### Development workflow @@ -302,7 +302,19 @@ More broadly We welcome contributions – whether you are opening your very firs - Keep your changes focused. Multiple unrelated fixes should be opened as separate PRs. - Use `npm run test:watch` during development for super‑fast feedback. - We use **Vitest** for unit tests, **ESLint** + **Prettier** for style, and **TypeScript** for type‑checking. -- Make sure all your commits are signed off with `git commit -s ...`, see [Developer Certificate of Origin (DCO)](#developer-certificate-of-origin-dco) for more details. +- Before pushing, run the full test/type/lint suite: + + ```bash + npm test && npm run lint && npm run typecheck + ``` + +- If you have **not** yet signed the Contributor License Agreement (CLA), add a PR comment containing the exact text + + ```text + I have read the CLA Document and I hereby sign the CLA + ``` + + The CLA‑Assistant bot will turn the PR status green once all authors have signed. ```bash # Watch mode (tests rerun on change) @@ -318,20 +330,15 @@ npm run format:fix ### Writing high‑impact code changes -1. **Start with an issue.** - Open a new one or comment on an existing discussion so we can agree on the solution before code is written. -2. **Add or update tests.** - Every new feature or bug‑fix should come with test coverage that fails before your change and passes afterwards. 100 % coverage is not required, but aim for meaningful assertions. -3. **Document behaviour.** - If your change affects user‑facing behaviour, update the README, inline help (`codex --help`), or relevant example projects. -4. **Keep commits atomic.** - Each commit should compile and the tests should pass. This makes reviews and potential rollbacks easier. +1. **Start with an issue.** Open a new one or comment on an existing discussion so we can agree on the solution before code is written. +2. **Add or update tests.** Every new feature or bug‑fix should come with test coverage that fails before your change and passes afterwards. 100 % coverage is not required, but aim for meaningful assertions. +3. **Document behaviour.** If your change affects user‑facing behaviour, update the README, inline help (`codex --help`), or relevant example projects. +4. **Keep commits atomic.** Each commit should compile and the tests should pass. This makes reviews and potential rollbacks easier. ### Opening a pull request - Fill in the PR template (or include similar information) – **What? Why? How?** -- Run **all** checks locally (`npm test && npm run lint && npm run typecheck`). - CI failures that could have been caught locally slow down the process. +- Run **all** checks locally (`npm test && npm run lint && npm run typecheck`). CI failures that could have been caught locally slow down the process. - Make sure your branch is up‑to‑date with `main` and that you have resolved merge conflicts. - Mark the PR as **Ready for review** only when you believe it is in a merge‑able state. @@ -353,21 +360,20 @@ If you run into problems setting up the project, would like feedback on an idea, Together we can make Codex CLI an incredible tool. **Happy hacking!** :rocket: -### Developer Certificate of Origin (DCO) +### Contributor License Agreement (CLA) -All commits **must** include a `Signed‑off‑by:` footer. -This one‑line self‑certification tells us you wrote the code and can contribute it under the repo’s license. +All contributors **must** accept the CLA. The process is lightweight: -#### How to sign (recommended flow) +1. Open your pull request. +2. Paste the following comment (or reply `recheck` if you’ve signed before): -```bash -# squash your work into ONE signed commit -git reset --soft origin/main # stage all changes -git commit -s -m "Your concise message" -git push --force-with-lease # updates the PR -``` + ```text + I have read the CLA Document and I hereby sign the CLA + ``` -> We enforce **squash‑and‑merge only**, so a single signed commit is enough for the whole PR. +3. The CLA‑Assistant bot records your signature in the repo and marks the status check as passed. + +No special Git commands, email attachments, or commit footers required. #### Quick fixes diff --git a/docs/CLA.md b/docs/CLA.md new file mode 100644 index 00000000..f0455988 --- /dev/null +++ b/docs/CLA.md @@ -0,0 +1,44 @@ +# Individual Contributor License Agreement (v1.0, OpenAI) + +_Based on the Apache Software Foundation Individual CLA v 2.2._ + +By commenting **“I have read the CLA Document and I hereby sign the CLA”** +on a Pull Request, **you (“Contributor”) agree to the following terms** for any +past and future “Contributions” submitted to the **OpenAI Codex CLI project +(the “Project”)**. + +--- + +## 1. Definitions +- **“Contribution”** – any original work of authorship submitted to the Project + (code, documentation, designs, etc.). +- **“You” / “Your”** – the individual (or legal entity) posting the acceptance + comment. + +## 2. Copyright License +You grant **OpenAI, Inc.** and all recipients of software distributed by the +Project a perpetual, worldwide, non‑exclusive, royalty‑free, irrevocable +license to reproduce, prepare derivative works of, publicly display, publicly +perform, sublicense, and distribute Your Contributions and derivative works. + +## 3. Patent License +You grant **OpenAI, Inc.** and all recipients of the Project a perpetual, +worldwide, non‑exclusive, royalty‑free, irrevocable (except as below) patent +license to make, have made, use, sell, offer to sell, import, and otherwise +transfer Your Contributions alone or in combination with the Project. + +If any entity brings patent litigation alleging that the Project or a +Contribution infringes a patent, the patent licenses granted by You to that +entity under this CLA terminate. + +## 4. Representations +1. You are legally entitled to grant the licenses above. +2. Each Contribution is either Your original creation or You have authority to + submit it under this CLA. +3. Your Contributions are provided **“AS IS”** without warranties of any kind. +4. You will notify the Project if any statement above becomes inaccurate. + +## 5. Miscellany +This Agreement is governed by the laws of the **State of California**, USA, +excluding its conflict‑of‑laws rules. If any provision is held unenforceable, +the remaining provisions remain in force.