Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to ask for CLA signature in merge requests on GitLab?

Tags:

git

gitlab

I would like to publish a project under GPL license, but would like to request CLA (Contributor License Agreements) signing before accepting merge requests.

GitHub has a few solutions which automate this (ClaHub, cla-assistant), however I can't find anything similar for GitLab. There is a long standing issue to add support for it natively, but it's been opened 2 years ago.

I know Git sign-off can be used for DCO, but I am wondering if it could somehow be (ab)used for signing CLA agreements?

In short, how do I make the process of signing CLAs as painless as possible for both contributors and myself, while still making the agreements (somewhat) legally binding?

EDIT: To the person who cast a vote for closing: I checked the guidelines again and it seems to me that the question falls squarely in software tools commonly used by programmers; and is a practical, answerable problem that is unique to software development. It also doesn't fall into exceptions listed, at least the way I understand them. That said, I would appreciate a comment about the reasons for the vote, so that I can formulate the question better or find a more suitable StackExchange site if needed.

like image 240
johndodo Avatar asked Jan 10 '19 15:01

johndodo


People also ask

Who is assignee in merge request?

In comparison to an Assignee, who is directly responsible for creating or merging a merge request, a Reviewer is a team member who may only be involved in one aspect of the merge request, such as a peer review.

How do I create a merge request in GitLab?

A GitLab administrator must configure incoming email . A GitLab administrator must configure Reply by email . To create a merge request by sending an email: On the top bar, select Menu > Projects and find your project. On the left menu, select Merge requests .

How can I improve my code quality in GitLab?

If you want keep code quality high, it is important that you use a code review process. In GitLab, the best way to do this is by using Merge Requests. We created merge requests so that only a person with the required permission (developer or higher) can merge code into the target branch.

How do I assign users to a merge request?

On the top bar, select Menu > Projects and find your project. On the left sidebar, select Merge requests and find your merge request. On the right sidebar, expand the right sidebar and locate the Assignees section. Select Edit . Search for the user you want to assign, and select the user.

How do I create a merge request approval?

To start using Approvals, visit the settings of your project and set the required amount of approvers to a value of your choosing, higher than 1. Here you are also able to set the default approvers, and whether you want to reset the approvals on each push to the merge request. We created the Merge Request Approvals on request of our customers.


1 Answers

There is no official native support for CLA in GitLab for now.
The issue you are referencing is linked to issue 48118 ("Stakeholder approval for merge requests"), but itself is linked to two GitLab Enterprise issues -issues 1979 "Multiple blocking merge request approval rules" and issue 965 "Upgrading approvals with approval chain")

So for now, relying on a third-party service site remains the "less painful" solution.
That means, using the services highlighted in the original issue: CLAClub or cla-assistant.io.

The last one (cla-assistant) will, for a public registered repo (registered to cla-assistant) will:

  • Comments on each opened pull request to ask the contributor to sign the CLA
  • Allows contributors to sign a CLA from within a pull request
  • Authenticates the signee with his or her GitHub account
  • Updates the status of a pull request when the contributor agrees to the CLA
  • Automatically asks users to re-sign the CLA for each new pull request in the event the associated Gist & CLA has changed

Note: you can install and run your own instance of cla-assistant in order to store in your own private dedicated database the CLAs for your project.

But: since those services are tied to GitHub accounts, and there is no equivalent for GitLab, DCO should not be dismissed, especially in light of the Nov. 2017 GitLab blog post "GitLab Transitions Contributor Licensing to Developer Certificate of Origin to Better Support Open Source Projects; Empower Contributors "

GitLab’s move away from a CLA is meant to modernize its code hosting and collaborative development infrastructure for all open source projects.

Additionally, requiring a CLA became problematic for developers who didn’t want to enter into legal terms; they weren’t reviewing the CLA contract and they effectively gave up their rights to own and contribute to open source code.

And "We're switching to a DCO for source code contributions". When it comes to GitLab projects, a DCO like this one remains the chosen solution.
See the analysis comparing CLA and DCO.

like image 86
VonC Avatar answered Oct 03 '22 13:10

VonC