Skip to content

chore(deps): bump @openstreetmap/id-tagging-schema from 6.18.0 to 7.0.1 #305

chore(deps): bump @openstreetmap/id-tagging-schema from 6.18.0 to 7.0.1

chore(deps): bump @openstreetmap/id-tagging-schema from 6.18.0 to 7.0.1 #305

Workflow file for this run

name: CLA Assistant
on:
issue_comment:
types: [created]
pull_request_target:
types: [opened, closed, synchronize]
# Least-privilege default: read-only at the top level. The cla job escalates to
# the writes it needs. pull_request_target runs in the base repo's context, so
# the signature file can be written back from there.
permissions:
contents: read
jobs:
cla:
name: check / record signature
runs-on: ubuntu-latest
timeout-minutes: 10
# Scoped to this job only (not the whole workflow) so the elevated token is
# never exposed to any future job added here.
permissions:
actions: write
contents: write
pull-requests: write
statuses: write
steps:
- name: CLA Assistant
if: >
(github.event.comment.body == 'recheck' ||
github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') ||
github.event_name == 'pull_request_target'
# OpenMapX fork of the (archived) contributor-assistant/github-action,
# bumped to the Node 24 runtime. See OpenMapX/cla-assistant-action.
uses: OpenMapX/cla-assistant-action@3e864d0e9c7ec7a7fc4eb36e78ff857b1db7978c # v2.6.1-node24
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# A classic PAT (repo scope) or fine-grained token with Contents:write
# on the signatures repo. Store it as the CLA_SIGNATURES_TOKEN secret.
PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_SIGNATURES_TOKEN }}
with:
path-to-document: https://github.com/OpenMapX/openmapx/blob/main/CLA.md
# Where accepted signatures are recorded. Defaults to this repo; set
# remote-organization-name / remote-repository-name to use a private
# repo instead.
path-to-signatures: signatures/cla/v1.json
branch: cla-signatures
create-file-commit-message: "chore(cla): create signature file"
signed-commit-message: "chore(cla): $contributorName signed the CLA in #$pullRequestNo"
custom-pr-sign-comment: I have read the CLA Document and I hereby sign the CLA
custom-allsigned-prcomment: All contributors have signed the CLA. ✅
# Bots and the maintainer never need to sign. web-flow is GitHub's
# committer identity for GPG-signed/web commits (e.g. dependabot's
# signed commits), which the action checks alongside the author.
allowlist: Medformatik,dependabot[bot],renovate[bot],web-flow,*[bot]