Temurin-build: Investigate a PR hook to check if someone has signed the OCA and if not to prompt them

Created on 30 Mar 2017  ·  5Comments  ·  Source: adoptium/temurin-build

This is so that if we wanted to donate any working code to the OpenJDK project we could do so.

This could work much like the MS PR bot hooks in for this PR --> https://github.com/Azure/azure-iot-sdks/pull/478

We did some early work on a previous incarnation of the OpenJDK build farm (Betterrev) to pull a list of OCA signatories from the openjdk website (HTML screen scraper) and so I think we can use that to check the GitHub user's email address (if available in the API).

This should be applied to all of the openjdk-* repos

An effort should also be made to ensure that all existing code contributions before this PR hook gets put in place can be donated to the OpenJDK project at a later date by ensuring the the committers have signed the OCA.

I'm possibly missing some edge cases / clarifications here - extra comments welcome

help wanted invalid
Source
picture karianna

All 5 comments

The OCA signatories page doesn't contains email or github id for all of them - for example, for our entry it is just my name and organisation: (example from http://www.oracle.com/technetwork/community/oca-486395.html#g)

   Goldman Sachs - OpenJDK (Sunny Chan, Jessica Man)

Some of them actually have github account associated with it, in different format:

   Adolfo Dos Santos Jr - Jersey - GitHub adolfojunior
   Alessandro Gherardi - Jersey - GH agherardi

While some has java.net id: 

 Mohammad W. Abdo - JDK - java.net - mohammad

So I am not sure how much you can screen scrap (well I haven't seen the betterrev screen scrap code)

Perhaps a better way of doing it is that before accepting the Pull request we will require user to put a specific line that matches the entry (e.g. OCA: Goldman Sachs) and your script to match the name. If the OCA line is not there then send them an email.

sunnychanwork picture sunnychanwork on 7 Apr 2017
👍1

I agree with @sunnychanwork , there is going to be limited advantage from scraping the OCA list.
I suggest we simply conduct a manual check for each new contributor, and let the bot maintain our own list of github ids who are known OCA signatories to compare against.

If we are overwhelmed with lots of contributors then (that would be a nice problem to have and) we can figure out further automation, but I'm not expecting that to be an immediate problem.

tellison picture tellison on 7 Apr 2017
👍1

Has this requirement changed and still required? What about those that haven't signed (or cannot) the OCA, should those contributions not be permitted?

openjdk-build and openjdk-infrastructure are sort of stand apart from being directly tied to openjdk source changes as I understand. Should these fall under the same requirement?

jdekonin picture jdekonin on 19 Mar 2018

I'm Iceboxing this as (at the moment) we're not actually acting as a patch submission system for upstream

karianna picture karianna on 19 Mar 2018

Not needed as OCA's are signed for upstream patches.

karianna picture karianna on 10 Dec 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

adam-thorpe picture adam-thorpe  ·  7Comments
PierreZ picture PierreZ  ·  5Comments
pshipton picture pshipton  ·  4Comments
mstoodle picture mstoodle  ·  3Comments
a-roberts picture a-roberts  ·  6Comments