intel · terriko · Feb 22, 2022 · Feb 10, 2022
diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
@@ -118,6 +118,7 @@ getenv
 gettext
 Giridhar
 github
+gitlint
 glibc
 gnomeshell
 gnupg

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -12,9 +12,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        tool: ['isort', 'black', 'pyupgrade', 'flake8', 'format_checkers', 'bandit']
+        tool: ['isort', 'black', 'pyupgrade', 'flake8', 'format_checkers', 'bandit', 'gitlint']
     steps:
       - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
       - uses: actions/setup-python@v2
         with:
           cache: 'pip'
@@ -29,6 +31,12 @@ jobs:
         run: |
           python -m pip install --upgrade wheel
           python -m pip install .
-      - name: Run ${{ matrix.tool }}
+      - name: Run ${{ matrix.tool }} using pre-commit
+        if: ${{ matrix.tool != 'gitlint' }}
         run: |
           pre-commit run ${{ matrix.tool }} --all-files
+      - name: Run gitlint
+        if: ${{ github.event_name == 'pull_request' && matrix.tool == 'gitlint' }}
+        run: |
+          python -m pip install --upgrade gitlint
+          gitlint --commits ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}
diff --git a/.gitlint b/.gitlint
@@ -0,0 +1,3 @@
+[general]
+ignore=body-is-missing
+contrib=contrib-title-conventional-commits
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -33,3 +33,8 @@ repos:
       name: format_checkers
       entry: python cve_bin_tool/format_checkers.py
       files: "^cve_bin_tool/checkers/__init__.py"
+
+-   repo: https://github.com/jorisroovers/gitlint
+    rev:  v0.17.0
+    hooks:
+    - id: gitlint
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -162,6 +162,7 @@ CVE Binary Tool uses a few tools to improve code quality and readability:
 - `flake8` provides additional code "linting" for more complex errors like unused imports.
 - `pyupgrade` helps us be forward compatible with new versions of python.
 - `bandit` is more of a static analysis tool than a linter and helps us find potential security flaws in the code.
+- `gitlint` helps ensure that the commit messages follow [Conventional Commits](https://conventionalcommits.org).
 
 We provide a `dev-requirements.txt` file which includes all the precise versions of tools as they'll be used in GitHub Actions.  You an install them all using pip:
 
@@ -176,7 +177,7 @@ to run isort/Black locally before you commit, you can install
 the hook as follows from the main `cve-bin-tool` directory:
 
 ```bash
-pre-commit install
+pre-commit install --hook-type pre-commit --hook-type commit-msg
 ```
 
 Once this is installed, all of those commands will run automatically when you run `git commit` and it won't let you commit until any issues are resolved.  (You can also run them manually using `pre-commit` with no arguments.) This will only run on files staged for commit (e.g. things where you've already run `git add`).  If you want to run on arbitrary files, see below:

diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -3,3 +3,4 @@ isort==5.10.1
 pre-commit==2.16.0
 flake8==4.0.1
 bandit==1.7.1
+gitlint==0.17.0