ci: fix catching the docs commit

[moabu]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #8860

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request focus on improving the reliability and accuracy of the documentation review process for the Janssen Project repository. The key changes include:

1. Updating the regular expression used to check commit messages in the "Check commit message" step of the GitHub Actions workflow. This change ensures that the script only matches commit messages that start with "docs" instead of just containing the string "docs" anywhere in the message. This is a positive security improvement as it helps prevent false positives and ensures that the documentation review process is more accurate.

2. Introducing a fallback check in the workflow that looks for a specific checklist item in the Pull Request body, indicating that the author has confirmed there is no impact on the documentation. This provides an additional layer of assurance that documentation changes have been properly considered.

3. Enforcing a specific commit message format (starting with "docs:") and verifying that only the docs/ directory has been modified. These practices help maintain code quality, traceability, and prevent unintended changes to the application code, which could potentially introduce security vulnerabilities.

4. Running a Markdown linter on the files in the docs/ directory to ensure the documentation follows the project's Markdown style guidelines. This helps maintain consistent and readable documentation, which can improve the overall security posture by making it easier for developers and security professionals to understand and review the documentation.

Overall, the changes in this pull request demonstrate a strong focus on maintaining the quality and security of the project's documentation, which is an important aspect of application security.

Files Changed:

1. .github/workflows/documenation_check.yml: This file contains a GitHub Actions workflow that checks for documentation changes in a Pull Request. The key change is in the "Check commit message" step, where the regular expression used to search for the commit message has been updated to be more specific, helping to ensure the accuracy of the documentation review process.

2. .github/workflows/docs.yml: This GitHub workflow file is responsible for managing documentation-related changes in the Janssen Project repository. The changes include trigger conditions, auto-merge functionality for in-house doc PRs, commit message validation, changed files verification, and Markdown linting. These practices help maintain the quality and security of the project's documentation.

Powered by DryRun Security