ci(release): replace Cocogitto by semantic-release & commitlint (#513)

.github/CONTRIBUTING.md

@@ -161,7 +161,7 @@ from [Angular project](https://github.com/angular/angular/blob/main/CONTRIBUTING
   │       │             └─⫸ Summary in present tense. Not capitalized. No period at the end.
   │       │
   │       └─⫸ Commit Scope: core|spigot-adapter|spigot-plugin|readme|contributing|changelog|  
-  │                          packaging|deps|other|github|renovate|cocogitto
+  │                          packaging|deps|other|github|renovate|release
   │
   └─⫸ Commit Type: feat|fix|perf|refactor|docs|test|build|ci
 ```
@@ -213,7 +213,7 @@ But there are exceptions that shall be considered as well depending mostly on th
 * **github**: used for updating GitHub Actions workflows, issues/PRs templates and `CODEOWNERS`
   file(s)
 * **renovate**: used for updating Renovate configuration
-* **cocogitto**: used for updating Cocogitto configuration
+* **release**: used for updating release-related configuration
 
 ###### Special scope
 

.github/README.md

@@ -5,6 +5,7 @@
 [![CI](https://github.com/Djaytan/mc-jobs-reborn-patch-place-break/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/Djaytan/mc-jobs-reborn-patch-place-break/actions/workflows/ci.yml)
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=Djaytan_mc-jobs-reborn-patch-place-break&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=Djaytan_mc-jobs-reborn-patch-place-break)
 [![Coverage](https://sonarcloud.io/api/project_badges/measure?project=Djaytan_mc-jobs-reborn-patch-place-break&metric=coverage)](https://sonarcloud.io/summary/new_code?id=Djaytan_mc-jobs-reborn-patch-place-break)
+[![semantic-release: conventional-commits](https://img.shields.io/badge/semantic--release-conventional--commits-e10079?logo=semantic-release)](https://github.com/semantic-release/semantic-release)
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8112/badge)](https://www.bestpractices.dev/projects/8112)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/Djaytan/mc-jobs-reborn-patch-place-break/badge)](https://securityscorecards.dev/viewer/?uri=github.com/Djaytan/mc-jobs-reborn-patch-place-break)
 
@@ -169,7 +170,8 @@ Specifically for the CI:
 * [GitHub Actions](https://github.com/features/actions)
 * [CodeQL](https://codeql.github.com/)
 * [OpenSSF Scorecard](https://github.com/ossf/scorecard)
-* [Cocogitto](https://docs.cocogitto.io/)
+* [semantic-release](https://github.com/semantic-release/semantic-release)
+* [commitlint](https://github.com/conventional-changelog/commitlint)
 * [Sigstore](https://www.sigstore.dev/)
 
 ## Versioning

.github/commitlint.config.js

@@ -0,0 +1,13 @@
+module.exports = {
+  extends: ['@commitlint/config-conventional'],
+  rules: {
+    'header-max-length': [2, 'always', 64],
+    'scope-enum': [2, 'always', [
+      'core', 'spigot-adapter', 'spigot-plugin', 'readme', 'contributing',
+      'changelog', 'packaging', 'deps', 'other', 'github', 'renovate', 'release'
+    ]],
+    'type-enum': [2, 'always', [
+      'feat', 'fix', 'perf', 'revert', 'refactor', 'build', 'test', 'ci', 'docs'
+    ]]
+  }
+}

.github/renovate.json

@@ -5,13 +5,27 @@
     "config:best-practices",
     "config:semverAllMonthly"
   ],
-  "labels": [
-    "t:dependencies"
-  ],
+  "labels": ["t:dependencies"],
   "vulnerabilityAlerts": {
     "labels": ["t:security"]
   },
   "osvVulnerabilityAlerts": true,
   "semanticCommits": "enabled",
-  "semanticCommitType": "build"
+  "semanticCommitType": "build",
+  "customManagers": [
+    {
+      "customType": "regex",
+      "description": "semantic-release dependencies",
+      "fileMatch": ["^\\.github/workflows/[^/]+\\.ya?ml$"],
+      "matchStrings": ["(?<depName>[@]?semantic-release.*)@(?<currentValue>[^\\s]*)"],
+      "datasourceTemplate": "npm"
+    },
+    {
+      "customType": "regex",
+      "description": "commitlint dependencies",
+      "fileMatch": ["^\\.github/workflows/[^/]+\\.ya?ml$"],
+      "matchStrings": ["(?<depName>@commitlint/.*)@(?<currentValue>[^\\s]*)"],
+      "datasourceTemplate": "npm"
+    }
+  ]
 }

.github/workflows/ci.yml

@@ -3,9 +3,9 @@ name: CI
 on:
   workflow_dispatch:
   push:
-    branches: [main]
+    branches: [main, 'release/v*', beta, alpha]
   pull_request:
-    branches: [main]
+    branches: [main, 'release/v*', beta, alpha]
   schedule:
     - cron: '28 14 * * *' # At 14:28 every day
 
@@ -20,6 +20,9 @@ jobs:
     permissions:
       contents: read
 
+    env:
+      COMMITLINT_CONFIG_FILE: ${{ github.workspace }}/.github/commitlint.config.js
+
     steps:
       - name: Harden runner
         uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
@@ -28,11 +31,13 @@ jobs:
           egress-policy: block
           allowed-endpoints: >
             github.com:443
+            api.github.com:443
             objects.githubusercontent.com:443
             repo.maven.apache.org:443
             jitpack.io:443
             repo.papermc.io:443
             api.nuget.org:443
+            registry.npmjs.org:443
             auth.docker.io:443
             registry-1.docker.io:443
             production.cloudflare.docker.com:443
@@ -45,17 +50,31 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           persist-credentials: false
-          # Required by SonarCloud & Cocogitto
-          fetch-depth: 0
-          # Pick the PR HEAD instead of the merge commit (required by Cocogitto)
-          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0 # Required by SonarCloud and commitlint
 
-      - name: Conventional commits check
-        uses: cocogitto/cocogitto-action@ac6260150ee57e3164cd95b47fc84cdee9e3444c # v3.5
+      - name: Setup Node.js
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
         with:
-          check-latest-tag-only: true
+          node-version: 20
+
+      - name: Install commitlint
+        run: |
+          npm install --global \
+            @commitlint/[email protected] \
+            @commitlint/[email protected]
 
-      - name: Set up JDK 17
+      - name: Validate current commit (last commit) with commitlint
+        if: ${{ github.event_name != 'pull_request' }}
+        run: commitlint --config "${COMMITLINT_CONFIG_FILE}" --verbose --from HEAD~1 --to HEAD
+
+      - name: Validate PR commits with commitlint
+        if: ${{ github.event_name == 'pull_request' }}
+        run: |
+          commitlint --config "${COMMITLINT_CONFIG_FILE}" --verbose \
+            --from ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }} \
+            --to ${{ github.event.pull_request.head.sha }}
+
+      - name: Setup Java
         uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
         with:
           java-version: 17
@@ -110,13 +129,14 @@ jobs:
             repo.maven.apache.org:443
             jitpack.io:443
             repo.papermc.io:443
+            api.nuget.org:443
 
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           persist-credentials: false
 
-      - name: Set up JDK 17
+      - name: Setup Java
         uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
         with:
           java-version: 17

.github/workflows/openssf-scorecard-scan.yml

@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
   branch_protection_rule:
   push:
-    branches: [main]
+    branches: [main, 'release/v*', beta, alpha]
   schedule:
     - cron: '24 3 * * *' # At 03:24 every day