From 16d95248acaf1dc08599d3479d0b7d656205ed9b Mon Sep 17 00:00:00 2001
From: Peter Wagner <peter.wagner@shopify.com>
Date: Wed, 26 Jul 2023 16:34:26 -0400
Subject: [PATCH 1/2] autoformat

---
 .github/workflows/cla.yaml            |  4 ++--
 .github/workflows/scorecard-self.yaml |  2 +-
 README.md                             | 17 +++++++++--------
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml
index 861e4cd..eb84197 100644
--- a/.github/workflows/cla.yaml
+++ b/.github/workflows/cla.yaml
@@ -20,10 +20,10 @@ jobs:
   cla:
     runs-on: ubuntu-latest
     if: |
-      (github.event.issue.pull_request 
+      (github.event.issue.pull_request
         && !github.event.issue.pull_request.merged_at
         && contains(github.event.comment.body, 'signed')
-      ) 
+      )
       || (github.event.pull_request && !github.event.pull_request.merged)
     permissions:
       pull-requests: write
diff --git a/.github/workflows/scorecard-self.yaml b/.github/workflows/scorecard-self.yaml
index 249ecc0..1051d90 100644
--- a/.github/workflows/scorecard-self.yaml
+++ b/.github/workflows/scorecard-self.yaml
@@ -2,7 +2,7 @@ name: Scorecard (self)
 on:
   branch_protection_rule:
   schedule:
-    - cron: '30 1 * * 6'
+    - cron: "30 1 * * 6"
   workflow_dispatch:
 
 permissions: {}
diff --git a/README.md b/README.md
index 1399fcb..845771a 100644
--- a/README.md
+++ b/README.md
@@ -15,12 +15,12 @@ Create/modify the `.github/dependabot.yaml` file in your repository. Make sure t
 ```yaml
 version: 2
 updates:
-- package-ecosystem: github-actions
-  directory: /
-  schedule:
-    interval: weekly
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
 ```
-  
+
 </details>
 
 ## Available workflows
@@ -34,18 +34,18 @@ Consider adding a badge like `https://api.securityscorecards.dev/projects/github
 
 <details>
 <summary>Example Workflow</summary>
-  
+
 ```yaml
 name: Scorecard
 on:
   branch_protection_rule:
   schedule:
-    - cron: '30 1 * * 6'
+    - cron: "30 1 * * 6"
 
 permissions: {}
 
 jobs:
-  build:
+  analysis:
     permissions:
       contents: read
       id-token: write
@@ -53,4 +53,5 @@ jobs:
     secrets:
       token: ${{secrets.GITHUB_TOKEN}}
 ```
+
 </details>

From e0212bd80976e400f2bf06319001130d888ac407 Mon Sep 17 00:00:00 2001
From: Peter Wagner <peter.wagner@shopify.com>
Date: Wed, 26 Jul 2023 16:38:32 -0400
Subject: [PATCH 2/2] README: cla workflow

---
 README.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/README.md b/README.md
index 845771a..fc53f6a 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,37 @@ updates:
 
 ## Available workflows
 
+### cla.yaml
+
+Ensure any code contributors have signed the [Shopify CLA](https://cla.shopify.com).
+
+<details>
+<summary>Example Workflow</summary>
+
+```yaml
+name: Contributor License Agreement (CLA)
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+  issue_comment:
+    types: [created]
+
+permissions: {}
+
+jobs:
+  cla:
+    uses: Shopify/github-workflows/.github/workflows/cla.yaml@c142f2dd84228c90bd716e4b5eafc68bd812f467 # v0.0.3
+    permissions:
+      pull-requests: write
+    secrets:
+      token: ${{secrets.GITHUB_TOKEN}}
+      cla-token: ${{secrets.CLA_TOKEN}}
+```
+
+</details>
+
+
 ### scorecard.yaml
 
 Publish an [OpenSSF Scorecard](https://securityscorecards.dev/) for a project.