conda · kenodegard · Apr 22, 2026
@@ -131,16 +131,47 @@ jobs:
             ${{ steps.templates-error.outputs.summary }}
           GITHUB_TOKEN: ${{ secrets.SANDBOX_TEMPLATE_TOKEN }}
 
+  check-cla:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Check CLA
+        uses: ./check-cla
+        with:
+          label: cla-test
+          repository: conda-sandbox/cla
+          contributor-id: ${{ github.event.pull_request.number }}
+          # NOTE: using a real username here will will trigger GH notifications to that user, we wish
+          # to avoid that, GH restricts certain keywords, 'login' is one of those restricted keywords
+          # and hence is not a real username, https://github.com/login is the login page, not a user
+          contributor-login: login
+          commit-status-context: CLA test
+          token: ${{ secrets.SANDBOX_CLA_TOKEN }}
+          pr-token: ${{ secrets.SANDBOX_CLA_PR_TOKEN }}
+          fork-token: ${{ secrets.SANDBOX_FORK_TOKEN }}
+          # GitHub flavored markdown reinvents how paragraphs work, adjoined lines of text are not
+          # concatenated so instead we rely on YAML multi-line + extra newlines
+          comment-blurb: >-
+            > [!WARNING]
+
+            > This is a test of the CLA system. Review for correctness but otherwise ignore this comment.
+
+
   # required check
   analyze:
-    needs: [pytest, read-file, template-files]
+    needs: [pytest, read-file, template-files, check-cla]
     if: '!cancelled()'
     runs-on: ubuntu-latest
     steps:
       - name: Determine Success
         uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
         id: alls-green
         with:
+          # permit jobs to be skipped when triggered by a non-pull request event
+          allowed-skips: ${{ toJSON(needs) }}
           jobs: ${{ toJSON(needs) }}
 
       - name: Checkout our source

@@ -3,53 +3,37 @@
 A custom GitHub action to be used in the conda GitHub organization for checking the
 conda contributor license agreement.
 
-## GitHub Action Usage
-
-In your GitHub repository include the action in your workflows:
+## Action Inputs
+
+| Name | Description | Default |
+| ---- | ----------- | ------- |
+| `label` | Label to apply to contributor's PR once the CLA is signed. | `cla-signed` |
+| `repository` | Repository in which to create PR adding CLA signature. | `conda/cla` |
+| `path` | Path to the CLA signees file within the provided `repository`. | `.cla-signers` |
+| `magic-command` | Magic word to trigger the action via a comment. | `@conda-bot check` |
+| `author` | Git-format author to use for the CLA commits. | @conda-bot |
+| `token` | GitHub token to comment on PRs, change PR labels, and modify the commit status in the current repository.<br>Fine-grained PAT: `pull_request: write; statuses: write` | `${{ github.token }}` |
+| `pr-token` | GitHub token to create pull request in the `repository`.<br>Fine-grained PAT: `pull_request: write` | `${{ inputs.token }}` |
+| `fork-token` | GitHub token to create and push to a `repository` fork.<br>Fine-grained PAT: `administration: write; contents: write` | `${{ inputs.pr-token }}` |
+| `contributor-id` | Contributor ID to check for CLA signature. | `${{ github.event.pull_request.user.id || github.event.issue.user.id }}` |
+| `contributor-login` | Contributor login to check for CLA signature. | `${{ github.event.pull_request.user.login || github.event.issue.user.login }}` |
+| `commit-status-context` | Commit status label/identifier. | `CLA check` |
+| `comment-blurb` | Additional comment to add to PRs for contributors who have not signed the CLA. | |
+
+## Sample Workflows
 
 ```yaml
 name: Check CLA
 
 on:
-  issue_comment:
-    types: [created]
   pull_request_target:
 
 jobs:
   check:
-    if: >-
-      (
-        github.event.comment.body == '@conda-bot check'
-        && github.event.issue.pull_request
-        || github.event_name == 'pull_request_target'
-      )
     steps:
       - uses: conda/actions/check-cla
         with:
-          # [required]
-          # A token with ability to comment, label, and modify the commit status
-          # (`pull_request: write` and `statuses: write` for fine-grained PAT; `repo` for classic PAT)
-          # (default: secrets.GITHUB_TOKEN)
-          token:
-          # [required]
-          # Label to apply to contributor's PR once CLA is signed
-          label:
-
-          # Upstream repository in which to create PR
-          # (default: conda/infrastructure)
-          cla_repo:
-          # Path to the CLA signees file within the provided `cla_repo`
-          # (default: .clabot)
-          cla_path:
-
-          # Fork of cla_repo in which to create branch
-          # (default: conda-bot/infrastructure)
-          cla_fork:
-          # [required]
-          # Token for opening signee PR in the provided `cla_repo`
-          # (`pull_request: write` for fine-grained PAT; `repo` and `workflow` for classic PAT)
-          cla_token:
-          # Git-format author/committer to use for pull request commits
-          # (default: Conda Bot <18747875+conda-bot@users.noreply.github.com>)
-          cla_author:
+          token: ...
+          pr-token: ...
+          fork-token: ...
 ```