Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Enable PR lint workflow #41

Merged
merged 1 commit into from
Nov 3, 2024
Merged

feat: Enable PR lint workflow #41

merged 1 commit into from
Nov 3, 2024

Conversation

martimlobao
Copy link
Owner

@martimlobao martimlobao commented Nov 3, 2024
edited by sourcery-ai bot
Loading

  • enable GH action for linting PRs
  • check PR title follows Conventional Commits specification (https://www.conventionalcommits.org/)
  • check yamllint and shellcheck
  • use smaller screenshot in readme

Summary by Sourcery

Enable a GitHub Action workflow for linting pull requests, checking PR titles for compliance with the Conventional Commits specification, and running yamllint and shellcheck. Update the README to include a smaller screenshot.

CI:

  • Introduce a GitHub Action workflow to lint pull requests, ensuring PR titles follow the Conventional Commits specification and running yamllint and shellcheck.

Documentation:

  • Update README to use a smaller screenshot.

@martimlobao
feat: Enable PR lint workflow
d2be873 
- enable GH action for linting PRs
- check PR title follows Conventional Commits specification (https://www.conventionalcommits.org/)
- check yamllint and shellcheck
- use smaller screenshot in readme
@sourcery-ai Sourcery AI
Copy link
Contributor

sourcery-ai bot commented Nov 3, 2024
edited
Loading

Reviewer's Guide by Sourcery

This PR adds a new GitHub Actions workflow for linting pull requests. The workflow performs three main checks: validates PR titles against Conventional Commits specification, runs shellcheck on shell scripts, and runs yamllint on YAML files. The workflow is triggered on pull request events including when PRs are opened, edited, synchronized, or reopened.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change Details Files
Implementation of PR title validation workflow
  • Uses amannn/action-semantic-pull-request@v5 action to validate PR titles
  • Configures workflow to trigger on pull_request_target events
  • Sets minimal required permissions to read pull-requests
 .github/workflows/lint_pr.yaml
Addition of shell script linting job
  • Implements shellcheck validation for all .sh files
  • Uses -x flag to follow external sources
  • Displays shellcheck version for debugging purposes
 .github/workflows/lint_pr.yaml
Addition of YAML linting job
  • Implements yamllint validation for all YAML files
  • Displays yamllint version for debugging purposes
 .github/workflows/lint_pr.yaml
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time. You can also use
    this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Nov 3, 2024
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @martimlobao - I've reviewed your changes - here's some feedback:

Overall Comments:

  • Consider using pull_request instead of pull_request_target trigger unless you specifically need to access secrets in forked repo PRs
  • The -x flag for shellcheck follows source statements which could be a security risk. Consider removing it unless absolutely necessary
Here's what I looked at during the review
  • 🟢 General issues: all looks good
  • 🟡 Security: 1 issue found
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

.github/workflows/lint_pr.yaml
---
name: Lint PR
on: # yamllint disable-line rule:truthy
pull_request_target:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚨 suggestion (security): Consider security implications of using pull_request_target

While pull_request_target is sometimes necessary for fork PR workflows, it runs with repository secrets and elevated permissions. Ensure this is required for your use case and consider using regular pull_request if possible.

Suggested change
pull_request_target:
pull_request:

@martimlobao martimlobao merged commit ba9f52b into main Nov 3, 2024
1 check passed
@martimlobao martimlobao deleted the feat/lint-workflow branch November 3, 2024 01:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@martimlobao