ci: update cosign to v2.4.0 and add semantic commit validation (#69)

2026-01-26 03:04:10 +00:00 · 2025-10-04 15:08:41 +03:00
parent ce8958698f
commit d19c49bd48
10 changed files with 180 additions and 13 deletions
--- a/.commitlintrc.json
+++ b/.commitlintrc.json
@@ -0,0 +1,29 @@
+{
+  "extends": ["@commitlint/config-conventional"],
+  "rules": {
+    "type-enum": [
+      2,
+      "always",
+      [
+        "feat",
+        "fix",
+        "docs",
+        "style",
+        "refactor",
+        "perf",
+        "test",
+        "chore",
+        "ci",
+        "build",
+        "revert"
+      ]
+    ],
+    "type-case": [2, "always", "lower-case"],
+    "type-empty": [2, "never"],
+    "subject-empty": [2, "never"],
+    "subject-full-stop": [2, "never", "."],
+    "header-max-length": [2, "always", 72],
+    "body-leading-blank": [1, "always"],
+    "footer-leading-blank": [1, "always"]
+  }
+}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -34,23 +34,23 @@ jobs:

          # Generate multiple formats for different actions to demonstrate new functionality
          echo "Generating documentation for example-action..."
-          go run . gen testdata/example-action/ --output $PWD/docs/example-action.md
-          go run . gen testdata/example-action/ -f html --output $PWD/docs/example-action.html
-          go run . gen testdata/example-action/ -f json --output $PWD/docs/example-action.json
+          go run . gen testdata/example-action/ --output "$PWD/docs/example-action.md"
+          go run . gen testdata/example-action/ -f html --output "$PWD/docs/example-action.html"
+          go run . gen testdata/example-action/ -f json --output "$PWD/docs/example-action.json"

          echo "Generating documentation for composite-action..."
-          go run . gen testdata/composite-action/ --output $PWD/docs/composite-action.md
-          go run . gen testdata/composite-action/ -f html --output $PWD/docs/composite-action.html
+          go run . gen testdata/composite-action/ --output "$PWD/docs/composite-action.md"
+          go run . gen testdata/composite-action/ -f html --output "$PWD/docs/composite-action.html"

          # Test single file targeting
          echo "Generating from specific action.yml files..."
-          go run . gen testdata/example-action/action.yml --output $PWD/docs/direct-example.md
-          go run . gen testdata/composite-action/action.yml --output $PWD/docs/direct-composite.md
+          go run . gen testdata/example-action/action.yml --output "$PWD/docs/direct-example.md"
+          go run . gen testdata/composite-action/action.yml --output "$PWD/docs/direct-composite.md"

          # Test recursive generation with different themes
          echo "Testing recursive generation with themes..."
-          go run . gen testdata/ --recursive --theme minimal -f html --output $PWD/docs/all-actions-minimal.html
-          go run . gen testdata/ --recursive --theme professional -f json --output $PWD/docs/all-actions-professional.json
+          go run . gen testdata/ --recursive --theme minimal -f html --output "$PWD/docs/all-actions-minimal.html"
+          go run . gen testdata/ --recursive --theme professional -f json --output "$PWD/docs/all-actions-professional.json"

          # Verify files were generated
          echo "Verifying generated documentation files..."
--- a/.github/workflows/commitlint.yml
+++ b/.github/workflows/commitlint.yml
@@ -0,0 +1,40 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Commit Messages
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  commitlint:
+    name: Validate Commit Messages
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        with:
+          node-version: '22'
+
+      - name: Install commitlint
+        run: |
+          npm install --save-dev @commitlint/cli@19.6.1 @commitlint/config-conventional@19.6.0
+
+      - name: Validate current commit (for single commits)
+        if: github.event_name == 'push'
+        run: npx commitlint --from HEAD~1 --to HEAD --verbose
+
+      - name: Validate PR commits
+        if: github.event_name == 'pull_request'
+        run: npx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -34,7 +34,7 @@ jobs:
      - name: Install cosign
        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
        with:
-          cosign-release: 'v2.2.2'
+          cosign-release: 'v2.4.0'

      - name: Install syft
        uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
--- a/.gitignore
+++ b/.gitignore
@@ -27,6 +27,7 @@ go.sum

 /gh-action-readme
 *.out
+actionlint

 # Created readme files
 testdata/**/*.md
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -251,4 +251,4 @@ sboms:

 # Announce
 announce:
-  skip: '{{gt .Patch 0}}'
+  skip: '{{gt .Patch 0}}'
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -74,3 +74,11 @@ repos:
    hooks:
      - id: actionlint
        args: ["-shellcheck="]
+
+  # Commit message linting
+  - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
+    rev: v9.24.0
+    hooks:
+      - id: commitlint
+        stages: [commit-msg]
+        additional_dependencies: ["@commitlint/config-conventional"]
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -135,7 +135,7 @@ Improve documentation and examples:
 - [ ] Tests added for new features (`make test` passes)
 - [ ] Documentation updated for user-facing changes
 - [ ] No security vulnerabilities (`make security` passes)
- [ ] Commit messages follow conventional format
+- [ ] Commit messages follow [conventional commit format](docs/COMMIT_MESSAGES.md)

 ### PR Requirements

@@ -204,7 +204,7 @@ if err != nil {

 ### Commit Message Format

-Follow [Conventional Commits](https://conventionalcommits.org/):
+Follow [Conventional Commits](https://conventionalcommits.org/). See [docs/COMMIT_MESSAGES.md](docs/COMMIT_MESSAGES.md) for detailed guidelines.

 ```bash
 # Feature additions
--- a/docs/COMMIT_MESSAGES.md
+++ b/docs/COMMIT_MESSAGES.md
@@ -0,0 +1,76 @@
+# Semantic Commit Messages
+
+This project follows [Conventional Commits](https://www.conventionalcommits.org/) specification for commit messages.
+
+## Format
+
+```
+<type>(<scope>): <subject>
+
+<body>
+
+<footer>
+```
+
+### Type
+
+Must be one of the following:
+
+- **feat**: A new feature
+- **fix**: A bug fix
+- **docs**: Documentation only changes
+- **style**: Changes that do not affect the meaning of the code (white-space, formatting, etc)
+- **refactor**: A code change that neither fixes a bug nor adds a feature
+- **perf**: A code change that improves performance
+- **test**: Adding missing tests or correcting existing tests
+- **chore**: Changes to the build process or auxiliary tools
+- **ci**: Changes to CI configuration files and scripts
+- **build**: Changes that affect the build system or external dependencies
+- **revert**: Reverts a previous commit
+
+### Scope
+
+The scope is optional and can be anything specifying the place of the commit change.
+
+### Subject
+
+The subject contains a succinct description of the change:
+
+- Use the imperative, present tense: "change" not "changed" nor "changes"
+- Don't capitalize the first letter
+- No dot (.) at the end
+
+### Examples
+
+```
+feat: add support for AsciiDoc output format
+fix: correct template rendering for empty descriptions
+docs: update installation instructions
+chore: prepare release v1.2.3
+ci: update cosign version to v2.4.0
+```
+
+## Validation
+
+Commit messages are validated using commitlint:
+
+- **Pre-commit hook**: Validates commit messages before they are created (if pre-commit is installed)
+- **CI/CD**: GitHub Actions workflow validates all commits in pull requests
+- **Release script**: Warns if recent commits don't follow the format
+
+## Setup
+
+To enable local commit message validation:
+
+```bash
+# Install pre-commit hooks
+make pre-commit-install
+
+# Or manually
+npm install
+```
+
+## Resources
+
+- [Conventional Commits](https://www.conventionalcommits.org/)
+- [Commitlint](https://commitlint.js.org/)
--- a/scripts/release.sh
+++ b/scripts/release.sh
@@ -93,6 +93,19 @@ if ! golangci-lint run; then
  exit 1
 fi

+# Validate recent commit messages follow semantic commit format
+log_info "Validating commit messages..."
+if command -v npx &>/dev/null; then
+  # Check last 10 commits for semantic commit format
+  if ! npx --yes @commitlint/cli@19.6.1 --from HEAD~10 --to HEAD --verbose 2>/dev/null; then
+    log_warning "Some commit messages don't follow conventional commit format"
+    log_warning "Consider using semantic commit messages: feat:, fix:, docs:, etc."
+  fi
+else
+  log_warning "npx not found. Skipping commit message validation."
+  log_warning "Install Node.js to enable commit message validation."
+fi
+
 # Build and test GoReleaser config
 log_info "Testing GoReleaser configuration..."
 if ! goreleaser check; then