32 lines
1.0 KiB
YAML
32 lines
1.0 KiB
YAML
name: "PR Metadata"
|
|
# if someone opens a PR, edits it, or reopens it we want to validate the title
|
|
# This is separate from the rest of the CI as the title may change without code changes
|
|
|
|
on:
|
|
# SECURITY: pull_request_target is used here to allow validation of PRs from forks.
|
|
# This is safe because:
|
|
# 1. No code from the PR is checked out
|
|
# 2. Permissions are restricted to pull-requests: read
|
|
# 3. Only a trusted third-party action is used to validate the PR title
|
|
# 4. No user-controlled code is executed
|
|
pull_request_target: # zizmor: ignore[dangerous-triggers]
|
|
types:
|
|
- opened
|
|
- edited
|
|
- reopened
|
|
- synchronize
|
|
|
|
permissions:
|
|
pull-requests: read
|
|
|
|
jobs:
|
|
pr-title:
|
|
name: Validate PR title follows https://conventionalcommits.org
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
pull-requests: read
|
|
steps:
|
|
- uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|