Signatures for open source.

How to adopt Sigil

1. 01

   Drop a CLA.md in your repo root

   Frontmatter sets the agreement's display name and version. The body is the legal text contributors agree to. Example:

   ---
   name: Realm
   version: 1.0
   ---
   
   By submitting a contribution to this project, you agree that:
   
   1. **Ownership.** The contribution is your original work, or you have the
      right to submit it under this agreement.
   
   2. **License grant.** You grant the maintainers and all downstream recipients
      a perpetual, worldwide, non-exclusive, royalty-free, irrevocable license
      to use, modify, and distribute your contribution.
   
   3. **You keep your copyright.** You retain all rights to your contribution
      and may use it however you wish elsewhere.
   

2. 02

   Install the gatekeeper Action

   Create .github/workflows/sigil.yml. The gate validates signature PRs (signature validity, CLA integrity, contributor consent), posts a status comment, and fails the job if anything is wrong.

   name: Sigil
   on: [pull_request_target]
   permissions:
     pull-requests: write  # post status comment
     contents: read        # read CLA.md and signature files
   jobs:
     gate:
       runs-on: ubuntu-latest
       steps:
         - uses: yourrealm/sigil@main
   

3. 03

   Share your signing URL

   Point contributors at withsigil.eu/cla/github/<owner>/<repo>. They sign in with GitHub and Sigil opens a pull request against your repo that adds .signatures/cla/<handle>.md.