Streamlining contributions for OpenJS Foundation projects with new CLA infrastructure

The OpenJS Foundation team has been busy helping several projects migrate to new CLA tooling. OpenJS has adopted the EasyCLA bot, developed by the Linux Foundation, as its choice for IPR assurance on projects that elect to use a CLA. This work has been part of ongoing, overall infrastructure improvements to improve long-term maintainability for projects.

EasyCLA balances the need to provide a friction-free solution for developers as well as a robust, auditable solution for corporate open source program offices. With the new tool, companies will be able to authorize contributions across all our projects, not just on a project-by-project basis, and authorize entire teams or email domains at once. Projects such as jQuery, ESLint, Webdriver.io, and Webpack have already been transitioned to this new infrastructure, with the rest to follow soon.

OpenJS Foundation’s IPR policy allows projects to select either a DCO or CLA for contribution agreements. Projects that have elected the DCO, such as Node.js, are not affected by this change. Interested parties can read more about the tools and policies on our repo, https://github.com/openjs-foundation/EasyCLA.

FAQs

Does everyone have to re-sign the CLA with this bot, or does my old signature transfer?

Yes, everyone will need to re-sign the CLA with the EasyCLA tool for any future contributions. Fortunately many corporate contributors will find that their organization has already signed our CLA, and signing the CLA as an individual is quite straightforward. If you have previously signed the CLA with the JS Foundation bot, that signature still covers your past contributions. You can read the text of the Individual CLA prior to signing here. Companies can read the text of the Corporate CLA prior to signing here.

I am contributing to OpenJS Foundation projects on behalf of my company. What do I need to know?

An authorized signer for your company will need to execute our corporate CLA before you can contribute, if they have not already done so. Your company’s signatory will also name one or more persons to serve as CLA Managers – people authorized by the company to permit contributions on its behalf. You can start that process yourself when you open a pull request and select ‘Corporate Contribution’, or you can request staff assistance to help onboard your organization. 

Why is this happening now?

Simply put, the old CLA infrastructure that supported some JS Foundation projects has stopped working and is likely not coming back. We were already in the process of migrating projects, but this has accelerated the timeline. Unfortunately it is not an option to remain on the old CLA bot, as the mandatory CLA checks on open PRs will never return.

My PR was open before the transition to EasyCLA, and I still have an outstanding JS Foundation CLA check – what do I do?

A small number of PRs may be caught between the two CLA checking tools because they were already open during the switch. In this case, you will see a check for both EasyCLA and `license/cla` on the same PR, and furthermore, that `license/cla` is permanently yellow. In the very specific case where the EasyCLA check is passing and `license/cla` is the only failing check, maintainers may bypass the failing `license/cla` check. If you are sure you have signed EasyCLA but do not see the check passing, you can trigger a recheck by typing /easycla in a comment on the PR or by closing, then re-opening, the PR.