From 78bfa118de6d23f8a02e4f5b1bccb52adb826184 Mon Sep 17 00:00:00 2001 From: Stefan Natter Date: Wed, 26 Oct 2022 21:06:05 +0200 Subject: [PATCH 01/10] feat: added permissions (pull-requests: read) for action-semantic-pull-request --- .github/workflows/lint-pr-title-preview-ignoreLabels.yml | 3 +++ .github/workflows/lint-pr-title-preview-outputErrorMessage.yml | 3 +++ .../workflows/lint-pr-title-preview-validateSingleCommit.yml | 3 +++ .github/workflows/lint-pr-title-preview.yml | 3 +++ .github/workflows/lint-pr-title.yml | 3 +++ README.md | 3 +++ 6 files changed, 18 insertions(+) diff --git a/.github/workflows/lint-pr-title-preview-ignoreLabels.yml b/.github/workflows/lint-pr-title-preview-ignoreLabels.yml index 537f017a9..710b5e03b 100644 --- a/.github/workflows/lint-pr-title-preview-ignoreLabels.yml +++ b/.github/workflows/lint-pr-title-preview-ignoreLabels.yml @@ -8,6 +8,9 @@ on: - labeled - unlabeled +permissions: + pull-requests: read + jobs: main: runs-on: ubuntu-latest diff --git a/.github/workflows/lint-pr-title-preview-outputErrorMessage.yml b/.github/workflows/lint-pr-title-preview-outputErrorMessage.yml index 0a1b9bdd6..749163651 100644 --- a/.github/workflows/lint-pr-title-preview-outputErrorMessage.yml +++ b/.github/workflows/lint-pr-title-preview-outputErrorMessage.yml @@ -6,6 +6,9 @@ on: - edited - synchronize +permissions: + pull-requests: read + jobs: main: runs-on: ubuntu-latest diff --git a/.github/workflows/lint-pr-title-preview-validateSingleCommit.yml b/.github/workflows/lint-pr-title-preview-validateSingleCommit.yml index 80ec74eaa..efa4d0a44 100644 --- a/.github/workflows/lint-pr-title-preview-validateSingleCommit.yml +++ b/.github/workflows/lint-pr-title-preview-validateSingleCommit.yml @@ -6,6 +6,9 @@ on: - edited - synchronize +permissions: + pull-requests: read + jobs: main: runs-on: ubuntu-latest diff --git a/.github/workflows/lint-pr-title-preview.yml b/.github/workflows/lint-pr-title-preview.yml index c09563d2c..89cacb87b 100644 --- a/.github/workflows/lint-pr-title-preview.yml +++ b/.github/workflows/lint-pr-title-preview.yml @@ -6,6 +6,9 @@ on: - edited - synchronize +permissions: + pull-requests: read + jobs: main: runs-on: ubuntu-latest diff --git a/.github/workflows/lint-pr-title.yml b/.github/workflows/lint-pr-title.yml index 818ab00bf..0908ececb 100644 --- a/.github/workflows/lint-pr-title.yml +++ b/.github/workflows/lint-pr-title.yml @@ -6,6 +6,9 @@ on: - edited - synchronize +permissions: + pull-requests: read + jobs: main: runs-on: ubuntu-latest diff --git a/README.md b/README.md index 0b99b51ed..0bf1e2b0e 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,9 @@ on: - edited - synchronize +permissions: + pull-requests: read + jobs: main: name: Validate PR title From aac1bdbd7bed4946b2978cb1e28897f1ff5431b6 Mon Sep 17 00:00:00 2001 From: Stefan Natter Date: Wed, 26 Oct 2022 21:10:43 +0200 Subject: [PATCH 02/10] chore: added permissions setting to other workflows too --- .github/workflows/release.yml | 6 ++++++ .github/workflows/test.yml | 3 +++ .github/workflows/versioning.yml | 3 +++ 3 files changed, 12 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6b554c05c..4f4d9cf8f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,6 +4,12 @@ on: branches: - main +permissions: + contents: read + deployments: write + issues: write + pull-requests: write + jobs: main: runs-on: ubuntu-latest diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 52af69529..987da70d0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,6 +6,9 @@ on: - reopened - synchronize +permissions: + contents: read + jobs: main: runs-on: ubuntu-latest diff --git a/.github/workflows/versioning.yml b/.github/workflows/versioning.yml index 107d96459..8e57d2d88 100644 --- a/.github/workflows/versioning.yml +++ b/.github/workflows/versioning.yml @@ -4,6 +4,9 @@ on: release: types: [published, edited] +permissions: + deployments: write + jobs: actions-tagger: runs-on: ubuntu-latest From 605dc5013332c78bcb95caf54d46740aa966ab6b Mon Sep 17 00:00:00 2001 From: Stefan Natter Date: Wed, 26 Oct 2022 21:11:11 +0200 Subject: [PATCH 03/10] chore: updated actions used in workflows --- .github/workflows/lint-pr-title-preview-ignoreLabels.yml | 4 ++-- .../workflows/lint-pr-title-preview-outputErrorMessage.yml | 4 ++-- .../lint-pr-title-preview-validateSingleCommit.yml | 4 ++-- .github/workflows/lint-pr-title-preview.yml | 4 ++-- .github/workflows/lint-pr-title.yml | 4 ++-- .github/workflows/release.yml | 4 ++-- .github/workflows/test.yml | 6 +++--- 7 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/lint-pr-title-preview-ignoreLabels.yml b/.github/workflows/lint-pr-title-preview-ignoreLabels.yml index 710b5e03b..1ba809c75 100644 --- a/.github/workflows/lint-pr-title-preview-ignoreLabels.yml +++ b/.github/workflows/lint-pr-title-preview-ignoreLabels.yml @@ -15,8 +15,8 @@ jobs: main: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 with: node-version: 16 - run: yarn install diff --git a/.github/workflows/lint-pr-title-preview-outputErrorMessage.yml b/.github/workflows/lint-pr-title-preview-outputErrorMessage.yml index 749163651..bae904585 100644 --- a/.github/workflows/lint-pr-title-preview-outputErrorMessage.yml +++ b/.github/workflows/lint-pr-title-preview-outputErrorMessage.yml @@ -13,8 +13,8 @@ jobs: main: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 with: node-version: 16 - run: yarn install diff --git a/.github/workflows/lint-pr-title-preview-validateSingleCommit.yml b/.github/workflows/lint-pr-title-preview-validateSingleCommit.yml index efa4d0a44..0f548abab 100644 --- a/.github/workflows/lint-pr-title-preview-validateSingleCommit.yml +++ b/.github/workflows/lint-pr-title-preview-validateSingleCommit.yml @@ -13,8 +13,8 @@ jobs: main: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 with: node-version: 16 - run: yarn install diff --git a/.github/workflows/lint-pr-title-preview.yml b/.github/workflows/lint-pr-title-preview.yml index 89cacb87b..3263dcc5a 100644 --- a/.github/workflows/lint-pr-title-preview.yml +++ b/.github/workflows/lint-pr-title-preview.yml @@ -13,8 +13,8 @@ jobs: main: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 with: node-version: 16 - run: yarn install diff --git a/.github/workflows/lint-pr-title.yml b/.github/workflows/lint-pr-title.yml index 0908ececb..c8e5647cf 100644 --- a/.github/workflows/lint-pr-title.yml +++ b/.github/workflows/lint-pr-title.yml @@ -13,8 +13,8 @@ jobs: main: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 with: node-version: 16 - uses: ./ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4f4d9cf8f..0a33a9108 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,8 +14,8 @@ jobs: main: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - - uses: actions/setup-node@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 with: node-version: 16 - run: yarn install diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 987da70d0..d7988f365 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,8 +13,8 @@ jobs: main: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 with: node-version: 16 - run: yarn install @@ -23,7 +23,7 @@ jobs: dist: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Check if `dist/` has been modified. From 8f18c3559b4e4169b9e2f4622a0e979b238e026b Mon Sep 17 00:00:00 2001 From: Stefan Natter Date: Wed, 26 Oct 2022 21:41:58 +0200 Subject: [PATCH 04/10] feat: added permissions to example in README --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 0bf1e2b0e..3b9831a4b 100644 --- a/README.md +++ b/README.md @@ -140,6 +140,9 @@ on: - edited - synchronize +permissions: + pull-requests: read + jobs: main: name: Validate PR title From 3cdd34ecd90f175512a869a8acb37d1248feae7c Mon Sep 17 00:00:00 2001 From: Stefan Natter Date: Thu, 27 Oct 2022 13:56:13 +0200 Subject: [PATCH 05/10] test: changed permissions.contents to none in test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d7988f365..71ad96dae 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,7 +7,7 @@ on: - synchronize permissions: - contents: read + contents: none jobs: main: From b7612ccdccc3592a5a5c5dade501de751a4c88a6 Mon Sep 17 00:00:00 2001 From: Stefan Natter Date: Sat, 29 Apr 2023 07:47:28 +0200 Subject: [PATCH 06/10] chore: updated test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 71ad96dae..d7988f365 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,7 +7,7 @@ on: - synchronize permissions: - contents: none + contents: read jobs: main: From d1c5b6221e1764995cff40578d4a54e8cc88e98c Mon Sep 17 00:00:00 2001 From: Stefan Natter Date: Wed, 3 May 2023 20:55:30 +0200 Subject: [PATCH 07/10] chore: added WIP permission docs --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index 3b9831a4b..1ff11c454 100644 --- a/README.md +++ b/README.md @@ -114,6 +114,21 @@ feat(ui): Add `Button` component wip: true ``` +### Required Permissions for [WIP] feature + +If you want to use the `[WIP]` feature, you need to grant the +`pull-requests: write` permission to the GitHub Action. This is because the +action will update the status of the PR. + +```yml +name: "Lint PR" + +# ... + +permissions: + pull-requests: write +``` + ## Event triggers There are two events that can be used as triggers for this action, each with different characteristics: From 1ebd749c2a2e3c7413f0d3e19df1d9d4e6790fa6 Mon Sep 17 00:00:00 2001 From: Stefan Natter Date: Mon, 15 May 2023 19:14:21 +0200 Subject: [PATCH 08/10] docs: removed outdated comment --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 1ff11c454..2281818bc 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,6 @@ feat(ui): Add `Button` component # this option and therefore this action allows you to opt-in to using the # special "[WIP]" prefix to indicate this state. This will avoid the # validation of the PR title and the pull request checks remain pending. - # Note that a second check will be reported if this is enabled. wip: true ``` From f030897c39c6656af87f5200b0739d52d7582f75 Mon Sep 17 00:00:00 2001 From: Stefan Natter Date: Mon, 15 May 2023 19:17:15 +0200 Subject: [PATCH 09/10] docs: updated WIP configuration documentation --- README.md | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 2281818bc..9d153e70f 100644 --- a/README.md +++ b/README.md @@ -105,17 +105,17 @@ feat(ui): Add `Button` component # See: https://github.com/conventional-changelog/conventional-changelog/tree/master/packages/conventional-commits-parser#headerpattern headerPattern: '^(\w*)(?:\(([\w$.\-*/ ]*)\))?: (.*)$' headerPatternCorrespondence: type, scope, subject - # For work-in-progress PRs you can typically use draft pull requests - # from GitHub. However, private repositories on the free plan don't have - # this option and therefore this action allows you to opt-in to using the - # special "[WIP]" prefix to indicate this state. This will avoid the - # validation of the PR title and the pull request checks remain pending. - wip: true ``` -### Required Permissions for [WIP] feature +### Work In Progress `[WIP]` Configuration + +For work-in-progress PRs you can typically use draft pull requests from GitHub. +However, private repositories on the free plan don't have this option and +therefore this action allows you to opt-in to using the special "[WIP]" prefix +to indicate this state. This will avoid the validation of the PR title and the +pull request checks remain pending. -If you want to use the `[WIP]` feature, you need to grant the +Attention: If you want to use the `[WIP]` feature, you need to grant the `pull-requests: write` permission to the GitHub Action. This is because the action will update the status of the PR. @@ -126,6 +126,18 @@ name: "Lint PR" permissions: pull-requests: write + +jobs: + main: + name: Validate PR title + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + # ... other configuration options + wip: true ``` ## Event triggers From 7c7ce76e68f52cfb416c8a47c572585b8ceeaf9e Mon Sep 17 00:00:00 2001 From: Jan Amann Date: Tue, 16 May 2023 10:21:03 +0200 Subject: [PATCH 10/10] Minor README improvements --- README.md | 58 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 9d153e70f..e01561baa 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,18 @@ # action-semantic-pull-request -This is a GitHub Action that ensures your PR title matches the [Conventional Commits spec](https://www.conventionalcommits.org/). The typical use case is to use this in combination with a tool like [semantic-release](https://github.com/semantic-release/semantic-release) to automate releases. +This is a GitHub Action that ensures that your pull request titles match the [Conventional Commits spec](https://www.conventionalcommits.org/). Typically, this is used in combination with a tool like [semantic-release](https://github.com/semantic-release/semantic-release) to automate releases. Used by: [Apache](https://github.com/apache/pulsar) · [Vercel](https://github.com/vercel/ncc) · [Microsoft](https://github.com/microsoft/SynapseML) · [Firebase](https://github.com/firebase/flutterfire) · [AWS](https://github.com/aws-ia/terraform-aws-eks-blueprints) · [Electron](https://github.com/electron/forge) – and [many more](https://github.com/amannn/action-semantic-pull-request/network/dependents). ## Examples -**Valid PR titles:** +**Valid pull request titles:** - fix: Correct typo - feat: Add support for Node.js 18 - refactor!: Drop support for Node.js 12 - feat(ui): Add `Button` component -> Note that since PR titles only have a single line, you have to use `!` to indicate breaking changes. +> Note that since pull request titles only have a single line, you have to use `!` to indicate breaking changes. See [Conventional Commits](https://www.conventionalcommits.org/) for more examples. @@ -43,6 +43,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ``` +See the [event triggers documentation](#event-triggers) below to learn more about what `pull_request_target` means. + ## Configuration The action works without configuration, however you can provide options for customization. @@ -107,23 +109,23 @@ feat(ui): Add `Button` component headerPatternCorrespondence: type, scope, subject ``` -### Work In Progress `[WIP]` Configuration +### Work-in-progress pull requests + +For work-in-progress PRs you can typically use [draft pull requests from GitHub](https://github.blog/2019-02-14-introducing-draft-pull-requests/). However, private repositories on the free plan don't have this option and therefore this action allows you to opt-in to using the special "[WIP]" prefix to indicate this state. + +**Example:** + +``` +[WIP] feat: Add support for Node.js 18 +``` -For work-in-progress PRs you can typically use draft pull requests from GitHub. -However, private repositories on the free plan don't have this option and -therefore this action allows you to opt-in to using the special "[WIP]" prefix -to indicate this state. This will avoid the validation of the PR title and the -pull request checks remain pending. +This will prevent the PR title from being validated, and pull request checks will remain pending. -Attention: If you want to use the `[WIP]` feature, you need to grant the -`pull-requests: write` permission to the GitHub Action. This is because the -action will update the status of the PR. +**Attention**: If you want to use the this feature, you need to grant the `pull-requests: write` permission to the GitHub Action. This is because the action will update the status of the PR to remain in a pending state while `[WIP]` is present in the PR title. ```yml name: "Lint PR" -# ... - permissions: pull-requests: write @@ -136,10 +138,24 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - # ... other configuration options wip: true ``` +### Legacy configuration for validating single commits + +When using "Squash and merge" on a PR with only one commit, GitHub will suggest using that commit message instead of the PR title for the merge commit. As it's easy to commit this by mistake this action supports two configuration options to provide additional validation for this case. + +```yml + # If the PR only contains a single commit, the action will validate that + # it matches the configured pattern. + validateSingleCommit: true + # Related to `validateSingleCommit` you can opt-in to validate that the PR + # title matches a single commit to avoid confusion. + validateSingleCommitMatchesPrTitle: true +``` + +However, [GitHub has introduced an option to streamline this behaviour](https://github.blog/changelog/2022-05-11-default-to-pr-titles-for-squash-merge-commit-messages/), so using that instead should be preferred. + ## Event triggers There are two events that can be used as triggers for this action, each with different characteristics: @@ -206,15 +222,3 @@ jobs: -## Legacy configuration - -When using "Squash and merge" on a PR with only one commit, GitHub will suggest using that commit message instead of the PR title for the merge commit and it's easy to commit this by mistake. To help out in this situation this action supports two configuration options. However, [GitHub has introduced an option to streamline this behaviour](https://github.blog/changelog/2022-05-11-default-to-pr-titles-for-squash-merge-commit-messages/), so using that instead should be preferred. - -```yml - # If the PR only contains a single commit, the action will validate that - # it matches the configured pattern. - validateSingleCommit: true - # Related to `validateSingleCommit` you can opt-in to validate that the PR - # title matches a single commit to avoid confusion. - validateSingleCommitMatchesPrTitle: true -```