ci: switch to more compliant pr title validator

.github/CONTRIBUTING.md

@@ -20,8 +20,8 @@ Use your best judgment, and feel free to propose changes to this document in a p
     - [Want to improve the documentation?](#want-to-improve-the-documentation)
   - [Submission Guidelines](#submission-guidelines)
     - [Submitting an Issue](#submitting-an-issue)
-    - [Pull Request Title: Conventional Commits](#pull-request-title-conventional-commits)
-    - [Submitting a Pull Request (PR)](#submitting-a-pull-request-pr)
+    - [Naming a Pull Request (PR)](#naming-a-pull-request-pr)
+    - [Submitting a Pull Request](#submitting-a-pull-request)
     - [Reviewing a Pull Request](#reviewing-a-pull-request)
   - [Your First Contribution](#your-first-contribution)
 
@@ -84,23 +84,27 @@ Unfortunately, we are not able to investigate/fix bugs without minimal reproduct
 
 You can file new issues by selecting from our new issue templates and filling out the issue template.
 
-### Pull Request Title: Conventional Commits
+### Naming a Pull Request (PR)
 
 The title of your Pull Request (PR) should follow the style of [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/). Not only does this present a standardized categorization of the kind of work done on a pull request, but it also instructs the release workflow to increment the correct level of the version according to the rules of [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 The format of the title of the pull request is this:
 
  `<type>[(optional scope)][!]: <description>`
 
-The `<type>` of the pull request is one of these:
+The `<type>` of the pull request is one of these, taken from [conventional commit types](https://github.com/commitizen/conventional-commit-types):
 
-- `feat:` adding new functionality
-- `fix:` fixing a bug
-- `test:` adding, improving, fixing tests
-- `ci:` modifications on how GitHub interacts with the archive: workflows and configuration files
-- `docs:` anything documentation related
-- `refactor:` refactoring code, including applying formatters
-- `chore:` a catch-all type for any other commits
+- `feat:` a new feature
+- `fix:` a bug fix
+- `docs:` documentation only changes
+- `style:` changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
+- `refactor:` a code change that neither fixes a bug nor adds a feature
+- `perf:` a code change that improves performance
+- `test:` adding missing tests or correcting existing tests
+- `build:` changes that affect the build system or external dependencies
+- `ci:` changes to our CI configuration files and scripts
+- `chore:` other changes that don't modify source or test files
+- `revert:` reverts a previous commit
 
 An exclamation mark `!` is added to the type if the change is not backwards compatible. This should only be added to `feat` or `fix`.
 
@@ -120,7 +124,7 @@ Examples:
 > [!TIP]
 > If your work consists of a single commit, creating a pull request will default to the name of that commit. If you use conventional commit style for that single commit, your pull request already has the correct name.
 
-### Submitting a Pull Request (PR)
+### Submitting a Pull Request
 
 Before you submit your pull request consider the following guidelines:
 

.github/workflows/build-push.yml

@@ -33,13 +33,13 @@ jobs:
         with:
           persist-credentials: false
       - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
-        if: ${{ github.event_name != 'merge_group' }}
+        if: github.event_name != 'merge_group'
       - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
       - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
         with:
           version: v0.12.1
       - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
-        if: ${{ github.event_name != 'merge_group' }}
+        if: github.event_name != 'merge_group'
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -104,17 +104,17 @@ jobs:
           provenance: true
           cache-from: type=gha
       - uses: anchore/sbom-action@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8
-        if: ${{ steps.build-and-push-base.outputs.digest != '' && github.event_name != 'merge_group' }}
+        if: steps.build-and-push-base.outputs.digest != '' && github.event_name != 'merge_group'
         with:
           image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push-base.outputs.digest }}
           dependency-snapshot: true
       - uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
-        if: ${{ github.event_name == 'pull_request' }}
+        if: github.event_name == 'pull_request'
         with:
           comment-summary-in-pr: on-failure
           fail-on-severity: critical
       - name: Sign the images with GitHub OIDC token
-        if: ${{ github.event_name != 'merge_group' }}
+        if: github.event_name != 'merge_group'
         # This step uses the GitHub OIDC identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
         env:

.github/workflows/linting-formatting.yml

@@ -31,11 +31,11 @@ jobs:
           VALIDATE_ALL_CODEBASE: true
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
-        if: ${{ success() || failure() }}
+        if: success() || failure()
         with:
           sarif_file: megalinter-reports/megalinter-report.sarif
       - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
-        if: ${{ success() || failure() }}
+        if: success() || failure()
         with:
           name: Linter Report
           path: |

.github/workflows/ossf-scorecard.yml

@@ -27,7 +27,6 @@ jobs:
           results_format: sarif
           repo_token: ${{ secrets.SCORECARD_TOKEN }}
           publish_results: true
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+      - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
         with:
           sarif_file: results.sarif

.github/workflows/pr-conventional-title.yml

@@ -8,16 +8,39 @@ on:
       - edited
       - synchronize
 
-permissions:
-  pull-requests: read
+permissions: {}
 
 jobs:
   validate-pr-title:
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     steps:
-      - uses: Namchee/conventional-pr@b31518c34a4243c21484e3187abbbee4a44d0ec4 # v0.15.4
+      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
+        id: pr-title
         with:
-          access_token: ${{ secrets.GITHUB_TOKEN }}
-          body: false
-          issue: false
-          close: false
+          subjectPattern: ^(?![A-Z]).+$
+          subjectPatternError: |
+            The subject "{subject}" found in the pull request title "{title}"
+            didn't match the configured pattern. Please ensure that the subject
+            doesn't start with an uppercase character.
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
+        if: always() && steps.pr-title.outputs.error_message != null
+        with:
+          header: pr-title-lint-error
+          message: |
+            Hey there and thank you for opening this pull request! 👋🏼
+
+            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
+
+            :warning: Details
+
+            ${{ steps.pr-title.outputs.error_message }}
+
+      - if: steps.pr-title.outputs.error_message == null
+        uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
+        with:
+          header: pr-title-lint-error
+          delete: true

.github/workflows/social-interaction.yml

@@ -14,7 +14,7 @@ jobs:
     permissions:
       issues: write
       pull-requests: write
-    if: ${{ github.actor != 'dependabot[bot]' }}
+    if: github.actor != 'dependabot[bot]'
     steps:
       - uses: actions/first-interaction@34f15e814fe48ac9312ccf29db4e74fa767cbab7 # v1.3.0
         continue-on-error: true

.github/workflows/vulnerability-scan.yml

@@ -20,6 +20,6 @@ jobs:
           image: ghcr.io/${{ github.repository }}:latest
           dockerfile: .devcontainer/Dockerfile
       - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
-        if: ${{ steps.scan.outputs.sarif != '' }}
+        if: steps.scan.outputs.sarif != ''
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}

.mega-linter.yml

@@ -12,9 +12,6 @@ DISABLE_LINTERS:
   - REPOSITORY_SEMGREP
   - JSON_JSONLINT
   - SPELL_CSPELL
-DISABLE_ERRORS_LINTERS:
-  - MARKDOWN_MARKDOWN_LINK_CHECK
-  - SPELL_LYCHEE
 SARIF_REPORTER: true
 PRINT_ALPACA: false
 SHOW_SKIPPED_LINTERS: false

README.md

@@ -82,7 +82,7 @@ The resulting containers can be used in a `.devcontainer.json` file or in a `.de
 ## Community
 
 This project uses a [code of conduct](.github/CODE_OF_CONDUCT.md) to define expected conduct in our community. Instances of
-abusive, harassing, or otherwise unacceptable behavior may be reported to the repository administrators by using the [`Report content`](https://docs.github.com/en/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam) functionality of GitHub.
+abusive, harassing, or otherwise unacceptable behavior may be reported to the repository administrators by using the [Report content](https://docs.github.com/en/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam) functionality of GitHub.
 
 ## Changelog
 
@@ -94,7 +94,7 @@ This project uses [Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.htm
 
 ### Build & Test
 
-The container can be built and tested locally by importing this repository in VS Code with the [`Remote Containers`](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) plug-in installed. As a prerequisite Docker needs to be installed on the host system. Alternatively a GitHub Codespace can be started.
+The container can be built and tested locally by importing this repository in VS Code with the [Remote Containers](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) plug-in installed. As a prerequisite Docker needs to be installed on the host system. Alternatively a GitHub Codespace can be started.
 
 A test task is available to run the included `bats` tests. Choose `Tasks: Run Test Task` from the command pallette (<kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>P</kbd>).