ci: configure commitlint (#5014)

- Check if the PR contains a single commit, and fail otherwise. - Enable commitlint to check if commits adhere to the conventialcommits.org spec. - Update the the pull request template to point to the conventional commit spec. - Update the dependabot configuration to add the "build(...)" prefix to commits.
super-linter · Dec 19, 2023 · 9db632f · 9db632f
1 parent 2d303aa
commit 9db632f
Show file tree

Hide file tree

Showing 9 changed files with 2,099 additions and 6 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,47 +5,80 @@
 version: 2
 updates:
   - package-ecosystem: github-actions
+    commit-message:
+      prefix: "build(github-actions)"
     directory: "/"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
 
   # Maintain dependencies for js with npm
   - package-ecosystem: "npm"
+    commit-message:
+      prefix: "build(npm)"
     directory: "/dependencies"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
 
   # Maintain dependencies for ruby with bundler
   - package-ecosystem: "bundler"
+    commit-message:
+      prefix: "build(bundler)"
     directory: "/dependencies"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
 
   # Maintain dependencies for docker
   - package-ecosystem: "docker"
+    commit-message:
+      prefix: "build(docker)"
     directory: "/"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
 
   # Maintain dependencies for python with pip
   - package-ecosystem: "pip"
+    commit-message:
+      prefix: "build(python)"
     directory: "/dependencies/python/"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
 
   # Maintain dependencies for Java
   - package-ecosystem: "gradle"
+    commit-message:
+      prefix: "build(java)"
     directory: "/dependencies/checkstyle"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
+
   - package-ecosystem: "gradle"
+    commit-message:
+      prefix: "build(java)"
     directory: "/dependencies/google-java-format"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 10
+
+  # Maintain dev dependencies for docker
+  - package-ecosystem: "docker"
+    commit-message:
+      prefix: "build(dev-docker)"
+    directory: "/dev-dependencies"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+
+  # Maintain dev dependencies for js with npm
+  - package-ecosystem: "npm"
+    commit-message:
+      prefix: "build(dev-npm)"
+    directory: "/dev-dependencies"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
diff --git a/.github/linters/.hadolint.yaml b/.github/linters/.hadolint.yaml
@@ -10,3 +10,4 @@ ignored:
   - DL3003  # Ignore workdir so we don't add layers
   - SC2016  # ignore as its interpreted later
   - DL3044  # Ignore using env in env
+  - DL3008  # Ignore pinned versions check for APT
diff --git a/.github/linters/commitlint.config.js b/.github/linters/commitlint.config.js
@@ -0,0 +1,4 @@
+module.exports = {
+  extends: ['@commitlint/config-conventional'],
+  helpUrl: 'https://www.conventionalcommits.org/'
+}
diff --git a/.github/pull_request-template.md b/.github/pull_request-template.md
@@ -1,4 +1,3 @@
-<!-- Ensure that your PR title is brief and descriptive. -->
 <!-- Start: issue fix section -->
 <!-- Link to issue if there is one, otherwise remove the "issue fix" section -->
 <!-- markdownlint-disable -->
@@ -8,8 +7,6 @@ Fixes #
 <!-- markdownlint-restore -->
 <!-- End: issue fix section -->
 
-<!-- Describe what the changes are -->
-
 ## Proposed Changes
 
 1. ...
@@ -18,12 +15,16 @@ Fixes #
 
 ## Readiness Checklist
 
-### Author/Contributor
+In order to have this pull request merged, complete the following tasks.
+
+### Pull request author tasks
 
 - [ ] I included all the needed documentation for this change.
 - [ ] I provided the necessary tests.
+- [ ] I squashed all the commits into a single commit.
+- [ ] I followed the [Conventional Commit v1.0.0 spec](https://www.conventionalcommits.org/en/v1.0.0/).
 
-### Reviewing Maintainer
+### Super-linter maintainer tasks
 
-- [ ] Label as `breaking` if this is a large, fundamental change.
+- [ ] Label as `breaking` if this change breaks compatibility with the previous released version.
 - [ ] Label as either: `automation`, `bug`, `documentation`, `enhancement`, `infrastructure`.
diff --git a/.github/workflows/lint-commit.yaml b/.github/workflows/lint-commit.yaml
@@ -0,0 +1,70 @@
+---
+name: Lint commit
+
+on:
+  push:
+  pull_request:
+  merge_group:
+
+jobs:
+  commitlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check if the pull request contains a single commit
+        if: github.event_name == 'pull_request'
+        run: |
+          commit_count=${{ github.event.pull_request.commits }}
+
+          if [ -z ${commit_count} ]; then
+            echo "[ERROR] commit_count is empty"
+            exit 1
+          fi
+
+          if [[ ${commit_count} -ne 1 ]]; then
+            echo "[ERROR] This pull request contains ${commit_count} commits. Squash these commits into a single commit."
+            exit 1
+          else
+            echo "This pull request contains ${commit_count} commit."
+          fi
+
+      - name: Set commit metadata
+        run: |
+          SET_INTERVAL_VALUES="true"
+          if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'merge_group' ]]; then
+            echo "Using default commit metadata"
+            SET_INTERVAL_VALUES="false"
+          elif [[ ${{ github.event_name }} == 'pull_request' ]]; then
+            FROM_INTERVAL_COMMITLINT=${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }}
+            TO_INTERVAL_COMMITLINT=${{ github.event.pull_request.head.sha }}
+          else
+            echo "[ERROR] Event not supported when setting commit metadata"
+            exit 1
+          fi
+
+          if [ "${SET_INTERVAL_VALUES}" == "true" ]; then
+            if [ -z "${FROM_INTERVAL_COMMITLINT}" ]; then
+              echo "[ERROR] FROM_INTERVAL_COMMITLINT is empty"
+              exit 1
+            fi
+
+            if [ -z "${TO_INTERVAL_COMMITLINT}" ]; then
+              echo "[ERROR] TO_INTERVAL_COMMITLINT is empty"
+              exit 1
+            fi
+
+            {
+              echo "FROM_INTERVAL_COMMITLINT=${FROM_INTERVAL_COMMITLINT}"
+              echo "TO_INTERVAL_COMMITLINT=${TO_INTERVAL_COMMITLINT}"
+            } >> "${GITHUB_ENV}"
+          else
+            echo "Skip updating GITHUB_ENV. SET_INTERVAL_VALUES: ${SET_INTERVAL_VALUES}"
+          fi
+
+      - name: Validate commits
+        run: |
+          make lint-commits
+...
diff --git a/Makefile b/Makefile
@@ -63,8 +63,18 @@ ifeq ($(BUILD_VERSION),)
 BUILD_VERSION := $(shell git rev-parse HEAD)
 endif
 
+ifeq ($(FROM_INTERVAL_COMMITLINT),)
+FROM_INTERVAL_COMMITLINT := "HEAD~1"
+endif
+
+ifeq ($(TO_INTERVAL_COMMITLINT),)
+TO_INTERVAL_COMMITLINT := "HEAD"
+endif
+
 GITHUB_TOKEN_PATH := "$(CURDIR)/.github-personal-access-token"
 
+COMMIT_LINTER_CONTAINER_URL := "conventional-changelog/commitlint:latest"
+
 .PHONY: inspec
 inspec: inspec-check ## Run InSpec tests
 	DOCKER_CONTAINER_STATE="$$(docker inspect --format "{{.State.Running}}" $(SUPER_LINTER_TEST_CONTAINER_NAME) 2>/dev/null || echo "")"; \
@@ -145,3 +155,19 @@ test-linters: ## Run the linters test suite
 		-e TYPESCRIPT_STANDARD_TSCONFIG_FILE=".github/linters/tsconfig.json" \
 		-v "$(CURDIR):/tmp/lint" \
 		$(SUPER_LINTER_TEST_CONTAINER_URL)
+
+.phony: build-commit-linter-container-image
+build-commit-linter-container-image: ## Build commit linter container image
+	DOCKER_BUILDKIT=1 docker buildx build --load \
+		-t ${COMMIT_LINTER_CONTAINER_URL} "${CURDIR}/dev-dependencies"
+
+.phony: lint-commits
+lint-commits: build-commit-linter-container-image ## Lint commits
+	docker run \
+		-v "$(CURDIR):/source-repository" \
+		${COMMIT_LINTER_CONTAINER_URL} \
+		--config .github/linters/commitlint.config.js \
+		--cwd /source-repository \
+		--from ${FROM_INTERVAL_COMMITLINT} \
+		--to ${TO_INTERVAL_COMMITLINT} \
+		--verbose
diff --git a/dev-dependencies/Dockerfile b/dev-dependencies/Dockerfile
@@ -0,0 +1,20 @@
+FROM node:21.4.0-bookworm
+
+SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
+
+RUN apt-get update \
+  && apt-get --assume-yes --no-install-recommends install \
+  jq \
+  && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+COPY package.json ./
+
+RUN jq '.dependencies | to_entries[] | select(.key | startswith("@commitlint/")) | .key + "@" + .value' package.json > commitlint-packages.txt \
+  && xargs npm install -g < commitlint-packages.txt \
+  && rm package.json commitlint-packages.txt \
+  && commitlint --version \
+  && git config --global --add safe.directory /source-repository
+
+ENTRYPOINT [ "commitlint" ]