Optionally verify presence of required legal notices in PR descriptions #144
Description
Background
Many of our FSL-licensed repositories, like the Sentry CLI repo, have a legal notice like the following in the PR description template:
Legal Boilerplate
Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.
We need external contributors to include this notice in any PRs they open — Sentry employees and contractors don't need to include the notice, since their work is automatically Sentry's intellectual property based on employment/work contracts.
However, as opening PRs from agentic coding workflows become more common, some external contributors may never see the PR template, for example, if they open the PR with gh pr create --body.
The idea
Let's introduce a validation in this repository that we can use to verify that the legal boilerplate is intact in the PR description for any PRs from external contributors (i.e. people unaffiliated with the getsentry GitHub organization). The validation should be opt-in, for repositories where this notice is typically present. Or, alternatively, we could automatically check whether the PR template for the repo contains a "Legal Boilerplate" section, and if it does, we would require it to be present in the PR description.
If the boilerplate is missing, the action should fail, and a PR comment should be posted to direct the external contributor to add the boilerplate so we can accept their change.