advanced-commit-linter
Advanced tools
Advanced Commit Linter is a GitHub Action that lint commit messages of PR. It checks for issue trackers and upstream references. Results are displayed as a status check and Pull Request comment.
TBA
To set up Advanced Commit Linter, we need three files:
workflow-run trigger, downloads artifact, and runs advanced-commit-linter GitHub Actionadvanced-commit-linter.yml configurationNote: Setup is complicated due to GitHub permissions on
GITHUB_TOKEN. When used in workflow executed from fork it hasread-onlypermissions. By using theworkflow-runtrigger we are able to safely overcome this limitation and it allows us to comment on Pull Requests.
policy:
cherry-pick:
upstream:
- github: systemd/systemd
- github: systemd/systemd-stable
exception:
note:
- rhel-only
tracker:
- keyword:
- 'Resolves: #'
- 'Related: #'
type: bugzilla
issue-format:
- '[0-9]+$'
url: 'https://bugzilla.redhat.com/show_bug.cgi?id='
exception:
note:
- github-only
- keyword:
- 'Resolves: '
- 'Related: '
type: jira
issue-format:
- 'JIRA-1234'
url: 'https://issues.redhat.com/browse/'
exception:
note:
- github-only
name: Gather Pull Request Metadata
on:
pull_request:
types: [ opened, reopened, synchronize ]
branches: [ main ]
permissions:
contents: read
jobs:
gather-metadata:
runs-on: ubuntu-latest
steps:
- name: Repository checkout
uses: actions/checkout@v3
- id: Metadata
name: Gather Pull Request Metadata
uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1
- name: Upload artifact with gathered metadata
uses: actions/upload-artifact@v3
with:
name: pr-metadata
path: ${{ steps.Metadata.outputs.metadata-file }}
name: Commit Linter
on:
workflow_run:
workflows: [ Gather Pull Request Metadata ]
types:
- completed
permissions:
contents: read
jobs:
download-metadata:
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
outputs:
pr-metadata: ${{ steps.Artifact.outputs.pr-metadata-json }}
steps:
- id: Artifact
name: Download Artifact
uses: redhat-plumbers-in-action/download-artifact@v1
with:
name: pr-metadata
commit-linter:
needs: [ download-metadata ]
runs-on: ubuntu-latest
outputs:
validated-pr-metadata: ${{ steps.commit-linter.outputs.validated-pr-metadata }}
permissions:
# required for creation of checks
checks: write
# required for PR comments
pull-requests: write
steps:
- id: commit-linter
name: Lint Commits
uses: redhat-plumbers-in-action/advanced-commit-linter@v1
with:
pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }}
token: ${{ secrets.GITHUB_TOKEN }}
Action currently accepts the following options:
# ...
- uses: redhat-plumbers-in-action/advanced-commit-linter@v1
with:
pr-metadata: <pr-metadata.json>
config-path: <path to config file>
token: <GitHub token or PAT>
# ...
Stringified JSON Pull Request metadata provided by GitHub Action redhat-plumbers-in-action/gather-pull-request-metadata.
Pull Request metadata has the following format: metadata format
undefinedrequiredPath to configuration file. Configuration file format is described in: Policy section.
.github/advanced-commit-linter.ymloptionalGitHub token or PAT is used for creating comments on Pull Request and setting checks.
# required permission
permissions:
checks: write
pull-requests: write
undefinedrequiredsecrets.GITHUB_TOKENAction is configured using special policy file: .github/advanced-commit-linter.yml. The structure needs to be as follows:
policy:
cherry-pick:
upstream:
- github: systemd/systemd
- github: systemd/systemd-stable
exception:
note:
- rhel-only
tracker:
- keyword:
- 'Resolves: #'
- 'Related: #'
type: bugzilla
issue-format:
- '[0-9]+$'
url: 'https://bugzilla.redhat.com/show_bug.cgi?id='
exception:
note:
- github-only
- keyword:
- 'Resolves: '
- 'Related: '
type: jira
issue-format:
- 'JIRA-1234'
url: 'https://issues.redhat.com/browse/'
exception:
note:
- github-only
cherry-pick keywordThe section that specifies upstreams for which you frequently cherry-pick.
optionalcherry-pick.upstream keywordAn array of upstreams. Currently, the only supported upstream location is GitHub.
Supported keys:
github - GitHub repository in format <org>/<repo>requiredcherry-pick.exception keywordProperty that describes possible exceptions for referencing upstream commits in commit messages. Currently supported exceptions:
note - for example downstream-only or rhel-onlytracker keywordThe section specifies the form and type of required trackers.
tracker[].keyword keywordKeyword that prefixes tracker identificator.
requiredFixes:tracker[].type keywordType of tracker. Data can be used by postprocessing scripts/GitHub Actions.
Currently supproted types of trackers are: bugzilla, jira and unknown.
requiredtracker[].issue-format keywordRegex that describes identificator of given tracker.
required[0-9]+$tracker[].url keywordUrl to better display detected trackers in Pull Request comment as a link. Tracker ID will be appended at the end of url.
optionalhttps://issues.redhat.com/browse/tracker[].exception keywordProperty that describes possible exceptions for referencing trackers in commit messages. Currently supported exceptions:
note - for example github-only or tests-onlyTBA
FAQs
Lint commit messages based on policy
The npm package advanced-commit-linter receives a total of 0 weekly downloads. As such, advanced-commit-linter popularity was classified as not popular.
We found that advanced-commit-linter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.