Open source CLAbot

[dankohn]

I would prefer for the entire CLAbot codebase to be open source so that others could make use of it, fix bugs, contribute features, etc.

@emsearcy Could you please scope out what would be involved in separating the CLAbot from the LF's Drupal infrastructure so that CNCF (and others who wanted to use it) are not reliant on any closed source infrastructure.

I presume we would still want the production database of signatories to be private, but we could have a demo server with fake data for testing.

Thanks.

Cc @caniszczyk @mkdolan

[spiffxp]

I don't have links handy, but anecdotally the CLAbot being opaque to kubernetes has been a little annoying lately. The bot occasionally misbehaves, and issues related to it get routed to kubernetes-sig-testing, or the kubernetes/test-infra repo. Neither of these places have anything to do with running or troubleshooting the bot.

What's the appropriate escalation path? And where are we on open sourcing the cla bot?

[dankohn]

Hi, we're well aware that the existing CLAbot is not ideal and the Linux Foundation (CNCF's parent) has been investing significant resources over the last 6 months to build an open source replacement for it. In fact, we're pretty close to rolling it out.

However, precisely because the current CLAbot works "well enough", we're likely going to make gRPC our first guinea pigs rather than risk disrupting the Kubernetes work flow. Once it's working, we would then transition Kubernetes as well. In the meantime, we do have a fully-staffed helpdesk at helpdesk@rt.linuxfoundation.org who can respond to any specific problems. But we agree that a more transparent system would be preferable and we hope to get there this fall.

Cc @alanapost, @caniszczyk

[BenTheElder]

Is there any ETA on this? As @spiffxp said we sometimes see the bot flake and we'd love to be able to do more.
Also: is there any way to explicitly request that the CLAbot recheck a PR if it does seem hung? For most of our checks we can put a /retest comment to kick the tires, but when the CLAbot seems hung I'm not sure what to do besides point people to the helpdesk.

[dankohn]

@alanapost can the new CLAbot support a /retest (or /recheckcla) command?

@BenTheElder although the current CLAbot is far from ideal, I think we were planning to roll out the new CLAbot to gRPC first to let them deal with any beta bugs.

[multi-io]

Hi. I’m trying to sign up to the CNCF CLA to be able to submit code, and I’m failing to do so. This is the PR where the corresponding check fails:

kubernetes-sigs/external-dns#376

The commits were made using my corporate mail address. I signed up at LinuxFoundation using my private Github account and associated private mail address (not the same as the corporate mail address), then changed my mail address to be identical to the corporate one. From there I signed my employer’s company up as an organization at the Linux foundation, with me (and some other employees) as a manager. The CA check still fails.

Out of desperation I then changed the mail address back to the private one and create a second, entirely new LF account with a different username and my corporate mail address as its mail address, and successfully invited and joined that user into the group. The CA check still fails.

How do I find out what’s missing? Please help.

[multi-io]

I re-made all my commits using my personal mail address, which is my primary Github address, which I used to sign up at LF/CNCF. The CLA check still fails.

This must be one of the crappiest services I’ve ever encountered.

I guess I’m giving up now. I can’t submit any PRs or contribute any code to any K8s project, apparently. 😭

[cblecker]

@multi-io Did you e-mail the Linux Foundation helpdesk?

[multi-io]

@cblecker I did, they replied quickly, we discussed some options. It works now, without either me or them having done anything, it appears. :-P Still investigating.

[emsearcy]

@multi-io I'm glad you are able to contribute your changes, and we appreciate your involvement in the project.

I'll send an update on your ticket, but I'll cross-post here for the benefit of others who may have similar issues. Investigating, it appears you and the other CCLA managers still needed to click the "Contribute as employee" link on https://identity.linuxfoundation.org/projects/cncf (which is a distinct step from creating/managing CCLAs). It started working for you not via the CCLA, but via an ICLA, as the system shows you later chose "Contribute as individual", and a subsequent comment on the PR marked your Github user "authorized".

The "Contribute as employee" check also walks the user through associating a Github account to their Linux Foundation ID if they haven't done so yet, will will be an important step for the other CCLA managers you invited, who don't have Github IDs attached yet.

[multi-io]

Thank you @emsearcy and Johnson. Upon clicking the link you mentioned, I arrived at the "you are now authorized..." screen. I'll tell my colleagues about it. Your quick support is much appreciated, and my apologies for my misguided earlier flame. Peace :-)

Olaf

[justinsb]

Any news on the open sourcing? Personally, what I need is "just" an API that doesn't need authentication that can check whether an email has signed the CLA - do we have that already? Is it safe to provide that?

[dankohn]

Cc @ShubhraKar who is the LF's new VP Product and managing the new CLAbot. Shubhra, I would suggest doing a call with Justin to understand his requirements.

[ShubhraKar]

Absolutely @dankohn would love to. @justinsb we are planning to open source the new CLA tool in mid December. I can show you a demo as well as discuss your requirements. Do you have time this week?