python-package-template/.github/workflows/pull-request.yaml at ba02a3ef28617d634e1049118d7da9f7d984178f · jenstroeger/python-package-template · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# This workflow lints the PR's title and commits. It uses the commitizen
# package (https://github.com/commitizen-tools/commitizen) and its `cz`
# tool to check the title of the PR and all commit messages of the branch
# which triggers this Action.

name: Pull Request
on:
  pull_request:
    branches:
    - main
    - staging
    types:
    - opened
    - reopened
    - edited
    - synchronize
permissions:
  contents: read

jobs:
  conventional-commits:
    name: Check PR title and commit messages
    runs-on: ubuntu-latest
    steps:

    - name: Check out repository
      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
      with:
        fetch-depth: 0

    - name: Set up Python
      uses: actions/setup-python@b55428b1882923874294fa556849718a1d7f2ca5 # v4.2.0
      with:
        python-version: '3.10'

    # Install Commitizen without using the package's Makefile: that's much faster than
    # creating a venv and installing heaps of dependencies that aren't required for this job.
    - name: Set up Commitizen
      run: |
        pip install --upgrade pip wheel
        pip install 'commitizen ==2.32.1'

    - name: Check PR title
      run: echo "$PR_TITLE" | cz check
      env:
        PR_TITLE: ${{ github.event.pull_request.title }}

    - name: Add and fetch remote branch
      run: |
        git remote add other $PR_HEAD_REPO_CLONE_URL
        git fetch other
      env:
        PR_HEAD_REPO_CLONE_URL: ${{ github.event.pull_request.head.repo.clone_url }}

    - name: Check PR commit messages
      run: cz check --rev-range origin/$PR_BASE_REF..other/$PR_HEAD_REF
      env:
        PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
        PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}

    - name: Check PR commit signatures
      shell: bash
      run: |
        for sha in `git log --format=format:%H $PR_BASE_REF..$PR_HEAD_REF`
        do
          echo "Checking signature for commit $sha"
          git verify-commit $sha
        done
      env:
        PR_BASE_REF: ${{ github.event.pull_request.base.sha }}
        PR_HEAD_REF: ${{ github.event.pull_request.head.sha }}

  build:
    needs: conventional-commits
    uses: ./.github/workflows/build.yaml
    permissions:
      contents: read
    # If the build workflow needs to access secrets, they need to be passed using `secrets: inherit`.
    # See https://docs.github.com/en/actions/using-workflows/reusing-workflows to learn more.
    # See  https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
    # for the security recommendations.