name: "Signature Assistant"
on:
  issue_comment:
    types: [created]
  pull_request_target:
    types: [opened,closed,synchronize]

permissions:
  actions: write
  contents: read
  pull-requests: write
  statuses: write

jobs:
  CLA-Assistant:
    runs-on: ubuntu-latest
    steps:
      - name: "CLA Assistant"
        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
        uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # the below token should have repo scope and must be manually added by you in the repository's secrets
          PERSONAL_ACCESS_TOKEN: ${{ secrets.GHA_AGREEMENTS_PAT }}
        with:
          remote-organization-name: 'scratchfoundation'
          remote-repository-name: 'scratch-agreements'
          path-to-signatures: 'signatures/version1/cla.json'
          path-to-document: 'https://github.com/scratchfoundation/scratch-agreements/blob/main/CLA.md'
          branch: 'main'
          allowlist: semantic-release-bot,*[bot]