diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index ed6068e0..c976acef 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -20,8 +20,8 @@ Use your best judgment, and feel free to propose changes to this document in a p - [Want to improve the documentation?](#want-to-improve-the-documentation) - [Submission Guidelines](#submission-guidelines) - [Submitting an Issue](#submitting-an-issue) - - [Pull Request Title: Conventional Commits](#pull-request-title-conventional-commits) - - [Submitting a Pull Request (PR)](#submitting-a-pull-request-pr) + - [Naming a Pull Request (PR)](#naming-a-pull-request-pr) + - [Submitting a Pull Request](#submitting-a-pull-request) - [Reviewing a Pull Request](#reviewing-a-pull-request) - [Your First Contribution](#your-first-contribution) @@ -84,7 +84,7 @@ Unfortunately, we are not able to investigate/fix bugs without minimal reproduct You can file new issues by selecting from our new issue templates and filling out the issue template. -### Pull Request Title: Conventional Commits +### Naming a Pull Request (PR) The title of your Pull Request (PR) should follow the style of [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/). Not only does this present a standardized categorization of the kind of work done on a pull request, but it also instructs the release workflow to increment the correct level of the version according to the rules of [Semantic Versioning](https://semver.org/spec/v2.0.0.html). @@ -92,15 +92,19 @@ The format of the title of the pull request is this: `[(optional scope)][!]: ` -The `` of the pull request is one of these: +The `` of the pull request is one of these, taken from [conventional commit types](https://github.com/commitizen/conventional-commit-types): -- `feat:` adding new functionality -- `fix:` fixing a bug -- `test:` adding, improving, fixing tests -- `ci:` modifications on how GitHub interacts with the archive: workflows and configuration files -- `docs:` anything documentation related -- `refactor:` refactoring code, including applying formatters -- `chore:` a catch-all type for any other commits +- `feat:` a new feature +- `fix:` a bug fix +- `docs:` documentation only changes +- `style:` changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc) +- `refactor:` a code change that neither fixes a bug nor adds a feature +- `perf:` a code change that improves performance +- `test:` adding missing tests or correcting existing tests +- `build:` changes that affect the build system or external dependencies +- `ci:` changes to our CI configuration files and scripts +- `chore:` other changes that don't modify source or test files +- `revert:` reverts a previous commit An exclamation mark `!` is added to the type if the change is not backwards compatible. This should only be added to `feat` or `fix`. @@ -120,7 +124,7 @@ Examples: > [!TIP] > If your work consists of a single commit, creating a pull request will default to the name of that commit. If you use conventional commit style for that single commit, your pull request already has the correct name. -### Submitting a Pull Request (PR) +### Submitting a Pull Request Before you submit your pull request consider the following guidelines: diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 35f92ad3..fbfe65a4 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -33,13 +33,13 @@ jobs: with: persist-credentials: false - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 - if: ${{ github.event_name != 'merge_group' }} + if: github.event_name != 'merge_group' - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 with: version: v0.12.1 - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - if: ${{ github.event_name != 'merge_group' }} + if: github.event_name != 'merge_group' with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -104,17 +104,17 @@ jobs: provenance: true cache-from: type=gha - uses: anchore/sbom-action@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8 - if: ${{ steps.build-and-push-base.outputs.digest != '' && github.event_name != 'merge_group' }} + if: steps.build-and-push-base.outputs.digest != '' && github.event_name != 'merge_group' with: image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push-base.outputs.digest }} dependency-snapshot: true - uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 - if: ${{ github.event_name == 'pull_request' }} + if: github.event_name == 'pull_request' with: comment-summary-in-pr: on-failure fail-on-severity: critical - name: Sign the images with GitHub OIDC token - if: ${{ github.event_name != 'merge_group' }} + if: github.event_name != 'merge_group' # This step uses the GitHub OIDC identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. env: diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 04cde3b8..56944a48 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -31,11 +31,11 @@ jobs: VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 - if: ${{ success() || failure() }} + if: success() || failure() with: sarif_file: megalinter-reports/megalinter-report.sarif - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ success() || failure() }} + if: success() || failure() with: name: Linter Report path: | diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 153060bd..77818021 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -27,7 +27,6 @@ jobs: results_format: sarif repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: sarif_file: results.sarif diff --git a/.github/workflows/pr-conventional-title.yml b/.github/workflows/pr-conventional-title.yml index bc86c43e..8aea011f 100644 --- a/.github/workflows/pr-conventional-title.yml +++ b/.github/workflows/pr-conventional-title.yml @@ -8,16 +8,39 @@ on: - edited - synchronize -permissions: - pull-requests: read +permissions: {} jobs: validate-pr-title: runs-on: ubuntu-latest + permissions: + pull-requests: write steps: - - uses: Namchee/conventional-pr@b31518c34a4243c21484e3187abbbee4a44d0ec4 # v0.15.4 + - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 + id: pr-title with: - access_token: ${{ secrets.GITHUB_TOKEN }} - body: false - issue: false - close: false + subjectPattern: ^(?![A-Z]).+$ + subjectPatternError: | + The subject "{subject}" found in the pull request title "{title}" + didn't match the configured pattern. Please ensure that the subject + doesn't start with an uppercase character. + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 + if: always() && steps.pr-title.outputs.error_message != null + with: + header: pr-title-lint-error + message: | + Hey there and thank you for opening this pull request! 👋🏼 + + We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted. + + :warning: Details + + ${{ steps.pr-title.outputs.error_message }} + + - if: steps.pr-title.outputs.error_message == null + uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 + with: + header: pr-title-lint-error + delete: true diff --git a/.github/workflows/social-interaction.yml b/.github/workflows/social-interaction.yml index 76525188..2e601e58 100644 --- a/.github/workflows/social-interaction.yml +++ b/.github/workflows/social-interaction.yml @@ -14,7 +14,7 @@ jobs: permissions: issues: write pull-requests: write - if: ${{ github.actor != 'dependabot[bot]' }} + if: github.actor != 'dependabot[bot]' steps: - uses: actions/first-interaction@34f15e814fe48ac9312ccf29db4e74fa767cbab7 # v1.3.0 continue-on-error: true diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 2d82f665..0aa66780 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -20,6 +20,6 @@ jobs: image: ghcr.io/${{ github.repository }}:latest dockerfile: .devcontainer/Dockerfile - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 - if: ${{ steps.scan.outputs.sarif != '' }} + if: steps.scan.outputs.sarif != '' with: sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/.mega-linter.yml b/.mega-linter.yml index d10c1916..0e208843 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -12,9 +12,6 @@ DISABLE_LINTERS: - REPOSITORY_SEMGREP - JSON_JSONLINT - SPELL_CSPELL -DISABLE_ERRORS_LINTERS: - - MARKDOWN_MARKDOWN_LINK_CHECK - - SPELL_LYCHEE SARIF_REPORTER: true PRINT_ALPACA: false SHOW_SKIPPED_LINTERS: false diff --git a/README.md b/README.md index 55e4a1c8..061dd149 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ The resulting containers can be used in a `.devcontainer.json` file or in a `.de ## Community This project uses a [code of conduct](.github/CODE_OF_CONDUCT.md) to define expected conduct in our community. Instances of -abusive, harassing, or otherwise unacceptable behavior may be reported to the repository administrators by using the [`Report content`](https://docs.github.com/en/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam) functionality of GitHub. +abusive, harassing, or otherwise unacceptable behavior may be reported to the repository administrators by using the [Report content](https://docs.github.com/en/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam) functionality of GitHub. ## Changelog @@ -94,7 +94,7 @@ This project uses [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.htm ### Build & Test -The container can be built and tested locally by importing this repository in VS Code with the [`Remote Containers`](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) plug-in installed. As a prerequisite Docker needs to be installed on the host system. Alternatively a GitHub Codespace can be started. +The container can be built and tested locally by importing this repository in VS Code with the [Remote Containers](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) plug-in installed. As a prerequisite Docker needs to be installed on the host system. Alternatively a GitHub Codespace can be started. A test task is available to run the included `bats` tests. Choose `Tasks: Run Test Task` from the command pallette (Ctrl + Shift + P).