awslabs
diff --git a/‎.github/pull_request_template.md‎
Lines changed: 28 additions & 0 deletions b/‎.github/pull_request_template.md‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎.github/workflows/pull-request-lint.yml‎
Lines changed: 185 additions & 0 deletions b/‎.github/workflows/pull-request-lint.yml‎
Lines changed: 185 additions & 0 deletions
diff --git a/‎cliff.toml‎
Lines changed: 2 additions & 1 deletion b/‎cliff.toml‎
Lines changed: 2 additions & 1 deletion
@@ -0,0 +1,28 @@
+# Summary
+
+> replace with your summary...
+
+## Changes
+
+> replace with a description of the changes
+
+## User experience
+
+> Please share what the user experience looks like before and after this change
+
+## Checklist
+
+If your change doesn't seem to apply, please leave them unchecked.
+
+* [ ] I have reviewed the [contributing guidelines](https://github.com/awslabs/aidlc-workflows/blob/main/CONTRIBUTING.md)
+* [ ] I have performed a self-review of this change
+* [ ] Changes have been tested
+* [ ] Changes are documented
+
+## Test Plan
+
+> replace with instructions or a checklist for reviewers to verify
+
+## Acknowledgment
+
+By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the [project license](https://github.com/awslabs/aidlc-workflows/blob/main/LICENSE).
@@ -0,0 +1,185 @@
+name: Pull Request Validation
+
+on:
+  pull_request_target:
+    branches: [ "main" ]
+    types:
+      - edited
+      - labeled
+      - opened
+      - ready_for_review
+      - reopened
+      - synchronize
+      - unlabeled
+  merge_group:
+    types:
+      - checks_requested
+
+permissions:
+  actions: none
+  attestations: none
+  checks: none
+  contents: none
+  deployments: none
+  discussions: none
+  id-token: none
+  issues: none
+  models: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  DO_NOT_MERGE_LABEL: ${{ vars.DO_NOT_MERGE_LABEL || 'do-not-merge' }}
+  HALT_MERGES: ${{ vars.HALT_MERGES || '0' }}
+
+jobs:
+  get-pr-info:
+    permissions:
+      contents: read
+      pull-requests: read
+      # id-token: write
+    runs-on: ubuntu-latest
+    outputs:
+      pr_number: ${{ steps.get-pr.outputs.pr-number }}
+      pr_labels: ${{ steps.get-pr.outputs.pr-labels }}
+    env:
+      GH_TOKEN: ${{ github.token }}
+      PR_LABELS_JSON: ${{ toJson(github.event.pull_request.labels.*.name) }}
+    steps:
+      - name: Get PR info
+        id: get-pr
+        run: |
+          if [ "${{ github.event_name }}" == "merge_group" ]; then
+            PR_NUMBER=$(echo "${{ github.ref }}" | grep -oP '(?<=/pr-)\d+' || echo "")
+            PR_LABELS=$(gh api repos/${{ github.repository }}/pulls/$PR_NUMBER | jq -c '[.labels[].name] // []')
+            echo "::group::Getting Information"
+            gh api repos/${{ github.repository }}/pulls/$PR_NUMBER
+            echo $PR_LABELS
+            echo "::endgroup::"
+          elif [ "${{ github.event_name }}" == "pull_request" -o "${{ github.event_name }}" == "pull_request_target" ]; then
+            PR_NUMBER="${{ github.event.pull_request.number }}"
+            PR_LABELS=$(echo "$PR_LABELS_JSON" | jq -c '.')
+          fi
+          echo "::group::Debug Output Values"
+          echo "PR_NUMBER: $PR_NUMBER"
+          echo "PR_LABELS: $PR_LABELS"
+          echo "::endgroup::"
+          echo "pr-number=$PR_NUMBER" >> $GITHUB_OUTPUT
+          echo "pr-labels=$PR_LABELS" >> $GITHUB_OUTPUT
+
+  check-merge-status:
+    name: Check Merge Status
+    runs-on: ubuntu-latest
+    needs: get-pr-info
+    permissions:
+      pull-requests: read
+    if: always()
+    steps:
+      - run: |
+          PR_NUMBER="${{ needs.get-pr-info.outputs.pr_number }}"
+          # Default to 0 (allow all) if not set
+          if [ -z "$HALT_MERGES" ]; then
+            HALT_MERGES=0
+          fi
+          echo "::debug::HALT_MERGES value: $HALT_MERGES"
+          echo "::debug::This PR number: $PR_NUMBER"
+          echo "::group::Open Release Pull Requests"
+          OPEN_RELEASES=$(gh pr list --state "open" --repo "${{ github.repository }}" --json "number,headRefName" | \
+              jq '[.[] | select(.headRefName | startswith("release/"))]')
+          echo $OPEN_RELEASES
+          echo "::endgroup::"
+          echo $OPEN_RELEASES | jq --exit-status '[.[] | select(.number != '$PR_NUMBER')] | length == 0' && \
+              echo "No other open release pull requests"  || \
+              (echo "::warning::⚠️ Merges are rejected while there are open release pull requests" && exit 1)
+          if [ "$HALT_MERGES" = "0" ]; then
+            echo "✅ All merges are allowed (HALT_MERGES=0)"
+            exit 0
+          elif [ "$HALT_MERGES" = "$PR_NUMBER" ]; then
+            echo "✅ This PR #$PR_NUMBER is explicitly allowed"
+            exit 0
+          else
+            echo "::debug::🛑 Merges are blocked. HALT_MERGES is set to $HALT_MERGES"
+            if [ "$HALT_MERGES" -lt 0 ]; then
+              echo "::error::🛑 All merges are blocked"
+            else
+              echo "::warning::⚠️ Only PR #$HALT_MERGES is allowed to merge"
+            fi
+            exit 1
+          fi
+
+  fail-by-label:
+    name: Fail by Label
+    runs-on: ubuntu-latest
+    needs: get-pr-info
+    if: always()
+    steps:
+      - run: |
+          echo "::group::Debug Output Values"
+          echo "PR_LABELS: ${{ needs.get-pr-info.outputs.pr_labels }}"
+          echo "::endgroup::"
+      - name: When PR has the "${{ env.DO_NOT_MERGE_LABEL }}" label
+        id: pr-has-label
+        if: contains(needs.get-pr-info.outputs.pr_labels, env.DO_NOT_MERGE_LABEL)
+        run: |
+          echo "::error::❌ The label \"${{ env.DO_NOT_MERGE_LABEL }}\" is used to prevent merging."
+          exit 1
+      - name: When PR does not have the "${{ env.DO_NOT_MERGE_LABEL }}" label
+        id: pr-missing-label
+        if: ! contains(needs.get-pr-info.outputs.pr_labels, env.DO_NOT_MERGE_LABEL)
+        run: |
+          echo "✅ The label \"${{ env.DO_NOT_MERGE_LABEL }}\" is absent"
+          exit 0
+          
+  validate:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+    if: (github.event_name == 'pull_request' || github.event_name == 'pull_request_target')
+    steps:
+      - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 #v6.1.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          types: |-
+            fix
+            feat
+            build
+            chore
+            ci
+            docs
+            style
+            refactor
+            perf
+            test
+          requireScope: false
+
+  contributorStatement:
+    name: Require Contributor Statement
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+    env:
+      PR_BODY: ${{ github.event.pull_request.body }}
+      EXPECTED: By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the [project license](https://github.com/${{ github.repository }}/blob/main/LICENSE).
+      HELP: Contributor statement missing from PR description. Please include the following text in the PR description
+    if: (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') && !(github.event.pull_request.user.login == 'aidlc-workflows' || github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'github-actions' || github.event.pull_request.user.login == 'github-actions[bot]')
+    steps:
+      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd #v8.0.0
+        with:
+          script: |-
+            const actual = process.env.PR_BODY.replace(/\r?\n/g, "\n");
+            const expected = process.env.EXPECTED.replace(/\r?\n/g, "\n");
+            if (!actual.includes(expected)) {
+                console.log("%j", actual);
+                console.log("%j", expected);
+                core.setFailed(`${process.env.HELP}: ${expected}`);
+            }
@@ -35,11 +35,12 @@ commit_parsers = [
   { message = "^docs: update changelog", skip = true },
   { message = "^feat", group = "Features" },
   { message = "^fix", group = "Bug Fixes" },
-  { message = "^doc", group = "Documentation" },
+  { message = "^docs", group = "Documentation" },
   { message = "^perf", group = "Performance" },
   { message = "^refactor", group = "Refactoring" },
   { message = "^style", group = "Style" },
   { message = "^test", group = "Tests" },
+  { message = "^build", group = "CI/CD" },
   { message = "^ci", group = "CI/CD" },
   { message = "^chore", group = "Miscellaneous" },
 ]