-
Notifications
You must be signed in to change notification settings - Fork 63
55 lines (52 loc) · 1.92 KB
/
102_compliance.yml
File metadata and controls
55 lines (52 loc) · 1.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
name: compliance
on:
workflow_call:
inputs:
jobs_to_run:
description: "Which compliance checks should be run: 'all', 'only-required', 'skip-all'?"
type: string
default: "all"
jobs:
dependency-review:
name: dependency review
runs-on: ubuntu-latest
if: |
github.event_name == 'pull_request' &&
inputs.jobs_to_run == 'all'
permissions:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Review
uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
check-commit-message:
runs-on: ubuntu-latest
if: |
github.event_name == 'pull_request' &&
inputs.jobs_to_run != 'skip-all'
permissions: {}
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ github.event.pull_request.head.sha }} # Otherwise will checkout merge commit, which isn't conform
fetch-depth: ${{ github.event.pull_request.commits }} # Fetch all commits of the MR, but only those
- name: Check commit messages for conformity
run: |
echo "Commits between dev branch and current SHA:"
COMMITS=$(git log --pretty=%H)
echo "${COMMITS}"
EXIT=0
COMMIT_MSGS=$(git log --pretty=%s) # show subject only
for commit in ${COMMITS}; do
MSG=$(git log ${commit} -n1 --pretty=%s)
TYPE=$(echo ${MSG} | awk '{{ print $1 }}')
if ! [[ "${TYPE}" =~ ^(build|ci|docs|feat|fix|refactor|sec|test|update):$ ]]; then
EXIT=1
echo "Commit message of commit ${commit} doesn't conform to 'type: msg' format:"
echo "${MSG}"
echo "-------------------------"
fi
done
exit ${EXIT}