From 32e5631573cf20587a5ec8003c25237183ad4124 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20B=C3=BClow=20Knudsen?=
 <12843299+JonasBK@users.noreply.github.com>
Date: Mon, 16 Jun 2025 17:02:51 +0200
Subject: [PATCH 1/2] Update cla.yml

---
 .github/workflows/cla.yml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
index 262e055..497c386 100644
--- a/.github/workflows/cla.yml
+++ b/.github/workflows/cla.yml
@@ -17,23 +17,24 @@
 name: "CLA Assistant"
 on:
   issue_comment:
-    types: [created]
-  pull_request_target:
-    types: [opened, closed, synchronize]
+    types: [created, edited]
 
 jobs:
   CLAssistant:
     runs-on: ubuntu-latest
     steps:
+      # Trigger the CLA assistant check when someone comments the specified text.
+      # The intent is to comment `@cla-pls` on PRs from external contributors to initiate the CLA check.
+      # The other strings that trigger the action are used in normal operation of the `contributor-assistant` action.
       - name: "CLA Assistant"
-        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        if: github.event.issue.pull_request && (github.event.comment.body == '@cla-pls' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA' || github.event.comment.body == 'recheck')
         uses: contributor-assistant/github-action@v2.2.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PERSONAL_ACCESS_TOKEN: ${{ secrets.REPO_SCOPE }}
         with:
           path-to-signatures: "signatures.json"
-          path-to-document: "https://github.com/BloodHoundAD/CLA/blob/main/ICLA.md"
+          path-to-document: "https://github.com/SpecterOps/CLA/blob/main/ICLA.md"
           branch: "main"
-          remote-organization-name: BloodHoundAD
+          remote-organization-name: SpecterOps
           remote-repository-name: CLA

From 88843fe941637a8cd9d445b9fe50076498071b11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20B=C3=BClow=20Knudsen?=
 <12843299+JonasBK@users.noreply.github.com>
Date: Wed, 18 Jun 2025 09:03:09 +0200
Subject: [PATCH 2/2] Update cla.yml

---
 .github/workflows/cla.yml | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
index 497c386..79eb66e 100644
--- a/.github/workflows/cla.yml
+++ b/.github/workflows/cla.yml
@@ -18,16 +18,38 @@ name: "CLA Assistant"
 on:
   issue_comment:
     types: [created, edited]
+  pull_request_target:
+    types: [opened,closed,synchronize]
 
 jobs:
   CLAssistant:
     runs-on: ubuntu-latest
     steps:
-      # Trigger the CLA assistant check when someone comments the specified text.
-      # The intent is to comment `@cla-pls` on PRs from external contributors to initiate the CLA check.
-      # The other strings that trigger the action are used in normal operation of the `contributor-assistant` action.
+      - name: "Organization Members"
+        id: org-members
+        run: |
+          ALL_MEMBERS=""
+          URL="${{ github.api_url }}/orgs/${{ github.repository_owner }}/members?per_page=100"
+
+          while [ -n "$URL" ]; do
+            MEMBERS=$(curl -s -D headers.txt -H "Authorization: Bearer ${{ secrets.READ_MEMBERS_SCOPE }}" "$URL" | jq -r '[.[] | .login] | join(",")')
+            URL=$(grep -i '^Link:' headers.txt | sed -n 's/.*<\(.*\)>; rel="next".*/\1/p' || true)
+            rm -f headers.txt
+
+            if [ -n "$MEMBERS" ]; then
+              if [ -z "$ALL_MEMBERS" ]; then
+                ALL_MEMBERS="$MEMBERS"
+              else
+                ALL_MEMBERS="$ALL_MEMBERS,$MEMBERS"
+              fi
+            fi
+          done
+
+          echo "::add-mask::$ALL_MEMBERS"
+          echo "org_members=$ALL_MEMBERS" >> $GITHUB_OUTPUT
+        
       - name: "CLA Assistant"
-        if: github.event.issue.pull_request && (github.event.comment.body == '@cla-pls' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA' || github.event.comment.body == 'recheck')
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
         uses: contributor-assistant/github-action@v2.2.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -38,3 +60,4 @@ jobs:
           branch: "main"
           remote-organization-name: SpecterOps
           remote-repository-name: CLA
+          allowlist: ${{ steps.org-members.outputs.org_members }}