fix(deps): update ossf/scorecard-action action to v2.4.0 #144
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate commit or PR title format is correct | |
| on: | |
| push: | |
| paths: | |
| - '.github/workflows/integration-commit-validator.yml' | |
| pull_request: | |
| types: [opened, synchronize, edited] | |
| branches: | |
| - main | |
| workflow_call: | |
| inputs: | |
| commit_or_pr_title: | |
| required: false | |
| type: string | |
| description: Commit or PR title to validate | |
| format: | |
| required: false | |
| type: string | |
| default: conventional | |
| description: Commit or PR title format to validate against, from conventional, gitmoji or custom | |
| regex: | |
| required: false | |
| type: string | |
| description: Regex to validate against | |
| harden_runner: | |
| description: "Harden the runner" | |
| required: false | |
| default: true | |
| type: boolean | |
| permissions: {} | |
| concurrency: | |
| group: commit-pr-title-${{ github.repository }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| INPUT_TO_VALIDATE: ${{ inputs.commit_or_pr_title || github.event.pull_request.title || github.event.head_commit.message || ''}} | |
| FORMAT: ${{ inputs.format || 'conventional' }} | |
| jobs: | |
| setup: | |
| if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'allcontributors[bot]' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| outputs: | |
| regex: ${{ steps.set_regex.outputs.regex }} | |
| steps: | |
| - name: Harden the runner | |
| uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 | |
| if: ${{ inputs.harden_runner != false }} | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| - name: Check regex for custom format | |
| id: check_regex | |
| run: | | |
| if [[ "${{ env.FORMAT }}" == "custom" ]]; then | |
| if [[ -z "${{ inputs.regex }}" ]]; then | |
| { | |
| printf "# Validation failed\n" | |
| printf ":rotating_light: Missing regex for custom format\n" | |
| printf "Custom format specified but no regex provided\n" | |
| printf "Please provide a regex to validate \"${{ env.INPUT_TO_VALIDATE }}\"\n" | |
| } >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| fi | |
| fi | |
| - name: Set regex to use | |
| id: set_regex | |
| run: | | |
| if [[ "${{ env.FORMAT }}" == "conventional" ]]; then | |
| printf "regex=^[a-z_]+(\([^\)]*\))?(!)?(: .*)?$\n" >> $GITHUB_OUTPUT | |
| elif [[ "${{ env.FORMAT }}" == "gitmoji" ]]; then | |
| printf "regex=^:[a-z_]+: [a-z_]+(\([^\)]*\))?(!)?(: .*)?$\n" >> $GITHUB_OUTPUT | |
| elif [[ "${{ env.FORMAT }}" == "custom" ]]; then | |
| printf "regex=\"${{ env.FORMAT }}\"\n" >> $GITHUB_OUTPUT | |
| else | |
| { | |
| printf "# Validation failed\n" | |
| printf ":rotating_light: The specified format is invalid\n" | |
| printf "The format \"${{ env.FORMAT }}\" is not supported yet\n" | |
| printf "Valid formats are: conventional, gitmoji and custom\n" | |
| printf "Custom format requires a regex to be provided\n" | |
| printf "Please open an issue on the [workflows repository](https://github.com/gsuquet/workflows/issues/new?assignees=&labels=enhancement%2Cto+sort&projects=&template=feature.yml) with the corresponding regex to add support for `${{ inputs.format }}`\n" | |
| } >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| fi | |
| validate: | |
| if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'allcontributors[bot]' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| needs: setup | |
| steps: | |
| - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 | |
| if: ${{ inputs.harden_runner != false }} | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| - name: Validate commit or PR title format | |
| id: validate | |
| run: | | |
| if echo "${{ env.INPUT_TO_VALIDATE }}" | grep -Pq "${{ needs.setup.outputs.regex }}"; then | |
| { | |
| printf "# Validation passed\n" | |
| printf ":white_check_mark: Correct format\n" | |
| printf "\"${{ env.INPUT_TO_VALIDATE }}\" matches the \"${{ env.FORMAT || 'gitmoji' }}\" format when analyzed using the following regex : \"${{ needs.setup.outputs.regex }}\"\n" | |
| } >> $GITHUB_STEP_SUMMARY | |
| else | |
| { | |
| printf "# Validation failed\n" | |
| printf ":rotating_light: Incorrect format\n" | |
| printf "\"${{ env.INPUT_TO_VALIDATE }}\" does not match the \"${{ env.FORMAT }}\" format when analyzed using the following regex : \"${{ needs.setup.outputs.regex }}\"\n" | |
| } >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| fi |