FINERACT-2462: Add GitHub Action to validate one commit per author in PRs

[AshharAhmadKhan]

Summary

Adds a GitHub Action workflow that automatically validates PRs follow the "one commit per author" guideline as specified in the contributing guidelines.

Related Issues

Resolves FINERACT-2462

Description

This PR introduces an automated check to enforce the project's "one commit per author" policy, which was previously enforced only through manual code review.

What This Workflow Does

1. Triggers on PR open, synchronize, and reopen events
2. Fetches all commits in the PR using GitHub API
3. Analyzes commit authors by email address
4. Validates that each author has exactly one commit
5. Reports violations with:
   • Clear explanation of the issue
   • List of violating authors and their commits
   • Step-by-step fix instructions (interactive rebase & reset methods)
   • Link to contributing guidelines

Key Features

• ✅ Supports multi-author PRs: Allows collaborative work (multiple authors, one commit each)
• ✅ Actionable feedback: Provides exact commands to fix violations
• ✅ Auto-retry: Re-runs automatically when PR is updated
• ✅ Fast execution: Completes in <5 seconds (timeout: 5 minutes)
• ✅ Non-blocking: Runs alongside existing checks
• ✅ Helpful error messages: Includes both interactive rebase and reset methods

Validation Scenarios

Scenario	Result
1 author, 1 commit	✅ Pass
2 authors, 1 commit each	✅ Pass
3 authors, 1 commit each	✅ Pass
1 author, 3 commits	❌ Fail (with fix guidance)
2 authors, Author A has 2 commits	❌ Fail (identifies Author A)

Testing Performed

• ✅ YAML syntax validated using Python's yaml module
• ✅ Workflow structure matches existing Fineract workflows (verify-commits.yml, pr-title-check.yml)
• ✅ File encoding verified (UTF-8)
• ✅ Apache License header included
• ✅ All critical keywords and functions present
• ✅ This PR itself will test the workflow (expected to pass with 1 commit)

Implementation Details

• Language: GitHub Actions workflow (YAML + JavaScript via github-script)
• API Used: GitHub REST API (pulls.listCommits, issues.createComment)
• Permissions: contents: read, pull-requests: write
• Timeout: 5 minutes (typically completes in <5 seconds)
• Error Handling: Graceful failure with detailed error messages

Impact

• Zero breaking changes: Only adds validation, doesn't modify existing workflows
• Reduces reviewer burden: Automates a previously manual check
• Improves contributor experience: Clear, immediate feedback before human review
• Complements existing checks: Works alongside verify-commits.yml (GPG signature validation)

Future Enhancements

• Could be extended to validate commit message format
• Could check for conventional commit style
• Could integrate with commit-msg hooks documentation

Checklist

• Write the commit message as per our guidelines
• Acknowledge that we will not review PRs that are not passing the build ("green") - it is your responsibility to get a proposed PR to pass the build, not primarily the project's maintainers.
• Create/update unit or integration tests for verifying the changes made.
  • N/A - This is a GitHub Actions workflow that will self-test when this PR is opened
• Follow our coding conventions.
  • Followed YAML conventions and Apache License header requirements
• Add required Swagger annotation and update API documentation at fineract-provider/src/main/resources/static/legacy-docs/apiLive.htm with details of any API changes
  • N/A - No API changes, workflow addition only
• This PR must not be a "code dump". Large changes can be made in a branch, with assistance. Ask for help on the developer mailing list.
  • This is a focused, single-purpose addition (154 lines, one workflow file)

Notes

• This workflow complements the existing verify-commits.yml (which validates GPG signatures)
• Addresses the discussion in JIRA about handling collaborative PRs correctly
• The workflow will automatically test itself when this PR is opened
• Provides educational value by teaching contributors how to squash commits properly

[Aman-Mittal]

@AshharAhmadKhan This PR is duplicate of #5437

[AshharAhmadKhan]

Thank you @Aman-Mittal for pointing this out! I see that PR #5437 already addresses
this issue. I apologize for the duplicate - I should have checked open PRs before
starting work.

Closing this PR as duplicate. I'll check existing PRs more carefully in the future.

Great work on #5437!