Skip to content
Merged
Show file tree
Hide file tree
Changes from 20 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
59870a0
docs: More restrictive permissions (#280)
github-actions[bot] Aug 21, 2025
6b4efb0
docs: More restrictive permissions (#280)
github-actions[bot] Aug 21, 2025
adfdc32
docs: Remove `synchronize` trigger (#281)
github-actions[bot] Aug 21, 2025
e87e9b6
build: configure Dependabot (#231)
github-actions[bot] Aug 21, 2025
ab90f4b
feat!: Upgrade action to use Node.js 24 and ESM (#287)
amanstep Aug 25, 2025
178bb35
feat!: Upgrade action to use Node.js 24 and ESM (#287)
amanstep Aug 25, 2025
0aee098
feat!: Upgrade action to use Node.js 24 and ESM (#287)
amanstep Aug 25, 2025
5543b80
feat!: Upgrade action to use Node.js 24 and ESM (#287)
amanstep Aug 25, 2025
fbbe659
feat!: Upgrade action to use Node.js 24 and ESM (#287)
amanstep Aug 25, 2025
a7e1870
feat!: Upgrade action to use Node.js 24 and ESM (#287)
amanstep Aug 25, 2025
59e481d
feat!: Upgrade action to use Node.js 24 and ESM (#287)
amanstep Aug 25, 2025
6fc708a
feat!: Upgrade action to use Node.js 24 and ESM (#287)
amanstep Aug 25, 2025
a7d7044
fix: apply code build script
github-actions[bot] Aug 21, 2025
62feb46
chore: manually resolved conflicting changes from origin
amanstep Aug 21, 2025
a160341
build: installed new packages and create a build
amanstep Aug 21, 2025
7752271
chore: changed node version to 20 in action.yml
amanstep Aug 21, 2025
ed61036
ci: upgrade node version in w
amanstep Aug 24, 2025
7fb4e0a
ci: restored dependabot to original configuration
amanstep Aug 24, 2025
41cb821
ci: added a new workflow and changed trigger mechanism for auto_cherr…
amanstep Aug 25, 2025
753e263
Merge branch 'main' into auto-cherry-pick
amanstep Aug 25, 2025
78899e7
chore: added type property in package.json
amanstep Aug 25, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 0 additions & 12 deletions .eslintrc.js

This file was deleted.

3 changes: 3 additions & 0 deletions .github/workflows/auto_cherry_pick.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ on:
required: false
default: "yarn"

pull_request:
types: [labeled, opened, synchronize]

permissions:
contents: write
pull-requests: write
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint-pr-title.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
with:
node-version: 20
node-version: 24
- uses: ./
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
egress-policy: audit
- uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
with:
node-version: 20
node-version: 24
- run: yarn install
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- run: yarn install
Expand Down
36 changes: 19 additions & 17 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,26 +19,25 @@ See [Conventional Commits](https://www.conventionalcommits.org/) for more exampl

1. If your goal is to create squashed commits that will be used for automated releases, you'll want to configure your GitHub repository to [use the squash & merge strategy](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/configuring-commit-squashing-for-pull-requests) and tick the option "Default to PR title for squash merge commits".
2. [Add the action](https://docs.github.com/en/actions/quickstart) with the following configuration:

```yml
name: "Lint PR"
name: 'Lint PR'

on:
pull_request_target:
types:
- opened
- edited
- synchronize
- reopened

permissions:
pull-requests: read

jobs:
main:
name: Validate PR title
runs-on: ubuntu-latest
permissions:
pull-requests: read
steps:
- uses: step-security/action-semantic-pull-request@v5
- uses: step-security/action-semantic-pull-request@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
Expand Down Expand Up @@ -125,7 +124,7 @@ This will prevent the PR title from being validated, and pull request checks wil
**Attention**: If you want to use the this feature, you need to grant the `pull-requests: write` permission to the GitHub Action. This is because the action will update the status of the PR to remain in a pending state while `[WIP]` is present in the PR title.

```yml
name: "Lint PR"
name: 'Lint PR'

permissions:
pull-requests: write
Expand All @@ -134,8 +133,10 @@ jobs:
main:
name: Validate PR title
runs-on: ubuntu-latest
permissions:
pull-requests: read
steps:
- uses: step-security/action-semantic-pull-request@v5
- uses: step-security/action-semantic-pull-request@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -144,7 +145,7 @@ jobs:

### Legacy configuration for validating single commits

When using "Squash and merge" on a PR with only one commit, GitHub will suggest using that commit message instead of the PR title for the merge commit. As it's easy to commit this by mistake this action supports two configuration options to provide additional validation for this case.
When using "Squash and merge" on a PR with only one commit, GitHub will suggest using that commit message instead of the PR title for the merge commit. As it's easy to commit this by mistake this action supports two configuration options to provide additional validation for this case.

```yml
# If the PR only contains a single commit, the action will validate that
Expand Down Expand Up @@ -174,15 +175,14 @@ There are two events that can be used as triggers for this action, each with dif
<details>
<summary>Example</summary>

```yml
name: "Lint PR"
````yml
name: 'Lint PR'

on:
pull_request_target:
types:
- opened
- edited
- synchronize

permissions:
pull-requests: write
Expand All @@ -191,8 +191,10 @@ jobs:
main:
name: Validate PR title
runs-on: ubuntu-latest
permissions:
pull-requests: read
steps:
- uses: step-security/action-semantic-pull-request@v5
- uses: step-security/action-semantic-pull-request@v6
id: lint_pr_title
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -205,21 +207,21 @@ jobs:
header: pr-title-lint-error
message: |
Hey there and thank you for opening this pull request! 👋🏼

We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.

Details:

```
${{ steps.lint_pr_title.outputs.error_message }}
```

# Delete a previous comment when the issue has been resolved
- if: ${{ steps.lint_pr_title.outputs.error_message == null }}
uses: marocchino/sticky-pull-request-comment@v2
with:
with:
header: pr-title-lint-error
delete: true
```
````

</details>
16 changes: 8 additions & 8 deletions action.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: semantic-pull-request
description: Ensure your PR title matches the Conventional Commits spec (https://www.conventionalcommits.org/).
runs:
using: 'node20'
using: 'node24'
main: 'dist/index.js'
branding:
icon: 'shield'
Expand All @@ -11,10 +11,10 @@ inputs:
description: "Provide custom types (newline delimited) if you don't want the default ones from https://www.conventionalcommits.org."
required: false
scopes:
description: "Configure which scopes are allowed (newline delimited). These are regex patterns auto-wrapped in `^ $`."
description: 'Configure which scopes are allowed (newline delimited). These are regex patterns auto-wrapped in `^ $`.'
required: false
requireScope:
description: "Configure that a scope must always be provided."
description: 'Configure that a scope must always be provided.'
required: false
disallowScopes:
description: 'Configure which scopes are disallowed in PR titles (newline delimited). These are regex patterns auto-wrapped in ` ^$`.'
Expand All @@ -26,23 +26,23 @@ inputs:
description: "If `subjectPattern` is configured, you can use this property to override the default error message that is shown when the pattern doesn't match. The variables `subject` and `title` can be used within the message."
required: false
validateSingleCommit:
description: "When using \"Squash and merge\" on a PR with only one commit, GitHub will suggest using that commit message instead of the PR title for the merge commit, and it's easy to commit this by mistake. Enable this option to also validate the commit message for one commit PRs."
description: 'When using "Squash and merge" on a PR with only one commit, GitHub will suggest using that commit message instead of the PR title for the merge commit, and it''s easy to commit this by mistake. Enable this option to also validate the commit message for one commit PRs.'
required: false
validateSingleCommitMatchesPrTitle:
description: "Related to `validateSingleCommit` you can opt-in to validate that the PR title matches a single commit to avoid confusion."
description: 'Related to `validateSingleCommit` you can opt-in to validate that the PR title matches a single commit to avoid confusion.'
required: false
githubBaseUrl:
description: "The GitHub base URL will be automatically set to the correct value from the GitHub context variable. If you want to override this, you can do so here (not recommended)."
description: 'The GitHub base URL will be automatically set to the correct value from the GitHub context variable. If you want to override this, you can do so here (not recommended).'
required: false
default: '${{ github.api_url }}'
ignoreLabels:
description: "If the PR contains one of these labels (newline delimited), the validation is skipped. If you want to rerun the validation when labels change, you might want to use the `labeled` and `unlabeled` event triggers in your workflow."
description: 'If the PR contains one of these labels (newline delimited), the validation is skipped. If you want to rerun the validation when labels change, you might want to use the `labeled` and `unlabeled` event triggers in your workflow.'
required: false
headerPattern:
description: "If you're using a format for the PR title that differs from the traditional Conventional Commits spec, you can use this to customize the parsing of the type, scope and subject. The `headerPattern` should contain a regex where the capturing groups in parentheses correspond to the parts listed in `headerPatternCorrespondence`. For more details see: https://github.com/conventional-changelog/conventional-changelog/tree/master/packages/conventional-commits-parser#headerpattern"
required: false
headerPatternCorrespondence:
description: "If `headerPattern` is configured, you can use this to define which capturing groups correspond to the type, scope and subject."
description: 'If `headerPattern` is configured, you can use this to define which capturing groups correspond to the type, scope and subject.'
required: false
wip:
description: "For work-in-progress PRs you can typically use draft pull requests from Github. However, private repositories on the free plan don't have this option and therefore this action allows you to opt-in to using the special '[WIP]' prefix to indicate this state. This will avoid the validation of the PR title and the pull request checks remain pending. Note that a second check will be reported if this is enabled."
Expand Down
30 changes: 0 additions & 30 deletions dist/commit.hbs

This file was deleted.

Empty file removed dist/footer.hbs
Empty file.
9 changes: 0 additions & 9 deletions dist/header.hbs

This file was deleted.

Loading
Loading