Allow GitHub bots to pass EasyCLA using username alone (no fixed e-mail) #4701
Description
📚 Background
AI and other service bots (e.g., copilot-swe-agent[bot]) generate commits whose author e-mails are dynamic (<digits>[email protected]).
EasyCLA currently requires both GitHub username & e-mail to match, so these commits fail with MISSING ID ON COMMIT, blocking PRs. Two LF projects (OpenJS & CNCF) are already affected; more bots are expected soon.
🎯 Goal
Let maintainers explicitly mark selected bot usernames as “e-mail-optional” per repo/org, so commits from those bots are authorized using the username only (or use wildcard for email).
📝 High-Level Requirements
- Data model – add
skip_email_checkflag scoped to GitHub Org/Repo + Username (bots should be authorized only for specific GH org or repo and should not be allowed to contribute to other GH orgs/repos) - Authorization logic – if flag is true, bypass e-mail check (or use wildcard for email), authorize, and log decision as
BOT-BY-USERNAME. - Docs & comms – update EasyCLA docs site; announce in Slack
- Security review – ensure only Support/Engineering team can enable bypass and cannot apply it to arbitrary human accounts.
✅ Acceptance Criteria
- Maintainer flags
copilot-swe-agent[bot]→ subsequent commits from that bot pass EasyCLA for the chosen repo/org. - Unflagged accounts still require matching e-mail.
- Flagged scope is limited to the selected repo/org.
- Metric visible in log records (each bypass event).
- Documentation update published and shared with stakeholders.
⚠️ Risks & Mitigations
Risk: Maintainer mistakenly flags a human account.
Slack conversation: https://linuxfoundation.slack.com/archives/C0697E1QHNG/p1750276185125049
Samples:
- PR: [query-engine] Add support for OTTL string, int, and float literals open-telemetry/otel-arrow#612
- Commit: https://github.com/open-telemetry/otel-arrow/commit/cbb8ca8fecf5ee0f75230a797d76873c40439faa.patch
- Commit info: https://github.com/open-telemetry/otel-arrow/commit/d02640fce6385d68bf52273d8a3515f1d77b8f62.patch