ci(lint): enforce Conventional Commits and branch-name conventions#209
Conversation
- Add commitlint.config.js with the 11 types from BRANCHING.md - Add .github/workflows/commitlint.yml — validates PR title + every commit in the PR; skips PRs labeled wip or do-not-merge - Add .github/workflows/branch-name.yml — validates branch follows <type>/<kebab-description>, with exemptions for release/v*, hotfix-backport/*, dependabot/*, and renovate/* - Add .github/ISSUE_TEMPLATE/config.yml — disable blank issues, link to Discussions, docs, and private Security advisories - Replace .github/pull_request_template.md default chooser with a real template (Summary, Type-of-change, Test plan, Checklist). The 3 specialized templates (bug_fix/new_feature/refactor) remain accessible via ?template= URL params. - Add @commitlint/cli and @commitlint/config-conventional to devDependencies and a lint:commits script for local use. Step 3 of the open-source repo maintenance baseline initiative. Enforces the conventions established by BRANCHING.md (#208). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 6
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/pull_request_template.md:
- Around line 27-29: Remove the `hotfix` checklist item from the PR template so
it doesn't encourage using an invalid commit type; edit the block containing the
"Type of change" checklist (the lines showing `feat`, `fix`, `hotfix`) to delete
the `hotfix` entry and instead add a short comment/instruction near the
checklist (e.g., above it) explaining that hotfix branches should still use
`fix` as the commit/PR type; ensure you update the same checklist block in
.github/pull_request_template.md (where the three checkbox items are defined)
and keep the existing wording that the first checked item should match the PR
title prefix.
In @.github/workflows/commitlint.yml:
- Line 66: Replace mutable tag references for GitHub Actions with immutable
commit SHAs: update the uses entries that currently read "actions/checkout@v4"
and "actions/setup-node@v4" to their corresponding commit SHAs (e.g.,
"actions/checkout@<sha>" and "actions/setup-node@<sha>"). Locate the two
occurrences in the workflow (the uses lines) and fetch the latest stable commit
SHAs from the actions' GitHub releases pages before substituting them so the
workflow pins to fixed commits.
- Around line 65-68: The Checkout step ("Checkout (with full history)" using
actions/checkout@v4) currently omits disabling credential persistence; update
that step's with block to include persist-credentials: false so the GITHUB_TOKEN
is not persisted to subsequent steps, e.g., add the persist-credentials: false
key alongside fetch-depth to the actions/checkout@v4 invocation.
- Around line 70-74: The workflow step "Setup Node.js" currently sets
node-version: 22 which conflicts with package.json engines (node: 20.x); update
the "Setup Node.js" step to use node-version: 20 (or 20.x) so the CI runtime
matches package.json and removes EBADENGINE warnings, keeping the rest of that
step (uses: actions/setup-node@v4, cache: npm) unchanged.
- Around line 28-29: The workflow currently references the mutable tag
amannn/action-semantic-pull-request@v5; replace that tag with a specific commit
SHA (e.g., amannn/action-semantic-pull-request@<commit-sha>) to pin the action
for supply chain security. Find the stable SHA for the desired v5 release on the
action's GitHub releases or commit history and update the uses entry in the
Validate PR title step to use that full SHA instead of `@v5`.
In `@package.json`:
- Line 59: The package.json script "lint:commits" currently hardcodes
"origin/staging", which breaks for forks or different base branches; update the
"lint:commits" script to compute the base ref dynamically (e.g., use an
environment variable like COMMITLINT_BASE or derive it via git commands such as
git merge-base or using github.event.pull_request.base.sha when in CI) so the
command uses that dynamic base instead of "origin/staging"; modify the script
entry named "lint:commits" to accept and fallback to a sensible default if the
env var is missing.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 3831cb36-9138-4050-b91d-a7e20b4094bc
📒 Files selected for processing (6)
.github/ISSUE_TEMPLATE/config.yml.github/pull_request_template.md.github/workflows/branch-name.yml.github/workflows/commitlint.ymlcommitlint.config.jspackage.json
- Remove standalone hotfix checkbox from PR template (not a
commitlint-accepted type; note in comment explains hotfix
branches should still use `fix` for their commits/PR title)
- Pin 3 GitHub Actions to commit SHAs (supply-chain hardening):
amannn/action-semantic-pull-request -> v5.5.3 SHA
actions/checkout -> v4.2.2 SHA
actions/setup-node -> v4.1.0 SHA
- Add persist-credentials: false to checkout step (prevents
GITHUB_TOKEN from leaking into subsequent steps)
- Match Node version to package.json engines: 22 -> 20
(eliminates EBADENGINE warnings)
- Make lint:commits work for forks/PRs against different bases:
hardcoded origin/staging -> ${BASE_BRANCH:-origin/staging}
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Fixes CI failure on PR #209: npm error EUSAGE `npm ci` can only install packages when your package.json and package-lock.json are in sync. Missing: @commitlint/cli@^19.5.0, @commitlint/config-conventional@^19.5.0 (and ~50 transitive deps). When the commitlint devDeps were added to package.json in the initial commit, package-lock.json wasn't regenerated. `npm ci` runs in strict mode and refused to install packages not in the lockfile. Generated via: npm install --package-lock-only Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
README: - Add 3 GitHub-native badges (release, discussions, stars) - Add hero screenshot under the badges row - Convert .gitbook/* image paths to absolute raw URLs so images render in non-GitHub viewers (markdownlivepreview, npm, Docker Hub, external aggregators) - New Quick Start with TWO options: Docker (recommended) + From source - New Architecture section with a Mermaid diagram (Vue/Electron -> Express+Socket.io -> MongoDB + Wasabi/local storage) - Expand Key Features from 6 bare bullets to 9 descriptive paragraphs covering project mgmt, RBAC + multi-tenancy, real-time collab, search + saved filters, timesheets, AI, chat, web+desktop, and self-hosting - New 📸 Screenshots section with 8 subsections: Dashboard / Board (Kanban) / List / Calendar / Task Detail / Workload Report / Settings & Customization / AI Assist - Rename "Getting Started" -> "Documentation" with cleaner per-file links - New Roadmap section pointing to new ROADMAP.md - Rewrite Contributing section with BRANCHING.md link and good-first-issue / help-wanted shortcuts - New Support & Community section with where-do-I-go matrix - New Repo Activity section using GitHub-native shields, with a Repobeats upgrade-path comment for later CONTRIBUTING.md: - New Commit Message Format section explaining Conventional Commits, accepted types, and npm run lint:commits New files: - ROADMAP.md (75 lines) — public roadmap template with Recently shipped / In progress / Planned / Considering / Out of scope sections - SUPPORT.md (86 lines) — routing matrix (docs, Discussions, Issues, Security, Commercial), bug-report content guide, response expectations - .gitbook/assets/screenshots/*.png — 8 product screenshots (1.2 MB total) Step 6 of the open-source repo maintenance baseline initiative. The License section and badge, the Branch Naming Convention in CONTRIBUTING.md, and the default PR template are intentionally left untouched to avoid conflicts with PRs aliansoftwareteam#207, aliansoftwareteam#208, and aliansoftwareteam#209. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Summary
Adds CI enforcement and contributor-facing templates for the conventions documented in BRANCHING.md (PR #208):
<type>(<scope>): <description>)<type>/<kebab-description>Step 3 of the open-source repo maintenance baseline initiative (#207 license, #208 branching).
Files changed (6)
commitlint.config.js.github/workflows/commitlint.ymlwipordo not merge.github/workflows/branch-name.yml<type>/<kebab-description>; exemptsrelease/v*,hotfix-backport/*,dependabot/*,renovate/*.github/ISSUE_TEMPLATE/config.yml.github/pull_request_template.mdbug_fix.md,new_feature.md,refactor.md) remain accessible via?template=URL params.package.json@commitlint/cli@^19.5.0+@commitlint/config-conventional@^19.5.0to devDeps, pluslint:commitsscriptHow to test locally (after merge)
Try opening a draft PR with a malformed title (e.g.
Updated stuff) — the new check should fail with a clear error message explaining the expected format.What contributors will experience
Opening a PR:
PR title (Conventional Commits)Commit messages (commitlint)Branch name matches conventionOpening an issue:
Test plan
chore: test ci) → all 3 checks should passFixed login) → PR-title check should fail with a clear errormy-cool-fix) → branch-name check should failwiplabel → PR-title check should be skipped?template=bug_fix.mdURLDecisions documented (push back during review if any feel wrong)
feat(scope): descriptionpatternswip,do not mergedependabot/*,renovate/*Notes for reviewers
BRANCHING.md, which lands in PR #208. Until docs(branching): add branching strategy and update CONTRIBUTING #208 merges, that link will 404 for a brief window. Self-resolves on merge.main.ymlCI/deploy workflow is not touched — these new lint jobs run alongside it on PRs.bug_fix.md,new_feature.md,refactor.md) are not removed — only the default chooser is replaced.bug_report.yml,feature_request.yml,documentation.yml) are not touched — onlyconfig.ymlis added alongside them.🤖 Generated with Claude Code
Summary by CodeRabbit
Release Notes