NOTE: This page is primarily intended for new GitHub Organization owners seeking to setup CLA checking. All of our existing organizations should already have this check enabled.
External contributions to Google open source projects must be accompanied by a Contributor License Agreement (go/cla). For projects hosted on GitHub, the Open Source Programs Office provides a tool that will automate checking for CLAs on all new pull requests. This CLA check is required to be installed on all Google GitHub organizations.
Whenever a contributor opens a new pull request on your repository, we'll check to see if they have a CLA on file. If not, we'll leave a comment on the pull request with instructions on how to sign one. Once they've signed, we'll update the pull request to note that it is now okay to accept. Most of the time, all of this happens before you even get around to looking at the pull request, so that by the time you do, everything is already taken care of.
Make sure googlebot has access
The googlebot account should already be an owner on all of our GitHub orgs. If it is not an owner on your org, please invite it to be an owner. (See also go/github-org-owners#owners.)
For repos not hosted in one of our standard orgs, you can add
yourself by going to the Collaborators section of your repo settings page and
Enable Branch Protection (optional)
You are encouraged to turn on
cla/google as a required commit status. This will actively block a PR
from merging if there are any CLA issues. (If you do this, you should also setup
the labels so you can override if necessary.)
Install the Google-CLA App
Installing the App takes care of all the setup. It just works!
For Google managed orgs, it should be set to run org-wide.
IMPORTANT: Don't cross the streams! Make sure you don't have both the App and the (deprecated) SignCLA webhook active at the same time. It will cause minor chaos and confusion (and total protonic reversal!).
Checking individual repositories
Most of the time, Google open source projects are released in one of our official organizations. In certain cases, projects are approved for release in personal GitHub accounts (go/github-docs/where). However, even though they're in personal accounts, CLAs are still required for all contributions. SignCLA works the same on repositories hosted in personal accounts as it does for those hosted in organizations.
CLAs can also always be looked up manually at go/cla-signers.
As pull requests come in, you should see comments from googlebot pretty much instantly. SignCLA tries to be intelligent about monitoring the conversation on the pull request and re-checking for CLAs when needed. If you have any questions or problems, email emailremoved@.