From ed964020ab1ce308f0e8ee8e64bc8b5ca607f54b Mon Sep 17 00:00:00 2001 From: luohoufu Date: Thu, 5 Dec 2024 11:10:31 +0800 Subject: [PATCH 1/4] chore: add osv for repo --- .github/workflows/commit-message-check.yml | 36 ++++++++++++++++++++++ .github/workflows/osv-scanner.yml | 32 +++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 .github/workflows/commit-message-check.yml create mode 100644 .github/workflows/osv-scanner.yml diff --git a/.github/workflows/commit-message-check.yml b/.github/workflows/commit-message-check.yml new file mode 100644 index 00000000..f19dde70 --- /dev/null +++ b/.github/workflows/commit-message-check.yml @@ -0,0 +1,36 @@ +name: 'commit-message-check' +on: + pull_request: + +jobs: + check-commit-message: + name: check-subject + runs-on: ubuntu-latest + steps: + - name: check-subject-type + uses: gsactions/commit-message-checker@v2 + with: + checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request + excludeDescription: 'true' # optional: this excludes the description body of a pull request + excludeTitle: 'true' # optional: this excludes the title of a pull request + accessToken: ${{ secrets.GITHUB_TOKEN }} + pattern: '^(Change:|Feature:|Improve:|Perf:|Dep:|Doc:|Test:|CI:|Refactor:|Fix:|Fixdoc:|Fixup:|Merge|BumpVer:|Chore:|Build\(deps\):) .+$' + flags: 'gm' + error: | + Subject line has to contain a commit type, e.g.: "Change: blabla" or a merge commit e.g.: "Merge xxx". + Valid types are: + Change - API breaking change + Feature - API compatible new feature + Improve - Become better without functional changes + Perf - Performance improvement + Dep - dependency update + Doc - doc update + Test - test udpate + CI - CI workflow update + Refactor - refactor without function change. + Fix - fix bug + Fixdoc - fix doc + Fixup - minor change: e.g., fix sth mentioned in a review. + BumpVer - Bump to a new version. + Chore - Nothing important. + Build(deps) - bot: dependabot. \ No newline at end of file diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml new file mode 100644 index 00000000..c6b6a21e --- /dev/null +++ b/.github/workflows/osv-scanner.yml @@ -0,0 +1,32 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# A sample workflow which sets up periodic OSV-Scanner scanning for vulnerabilities, +# in addition to a PR check which fails if new vulnerabilities are introduced. +# +# For more examples and options, including how to ignore specific vulnerabilities, +# see https://google.github.io/osv-scanner/github-action/ + +name: OSV-Scanner + +on: + pull_request: + branches: [ "main" ] + +permissions: + # Require writing security events to upload SARIF file to security tab + security-events: write + # Read commit contents + contents: read + +jobs: + scan-pr: + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1 + with: + # Example of specifying custom arguments + scan-args: |- + -r + --skip-git + ./ From 58f844fecd6ccf538509ab2f9577ada9cfe0e370 Mon Sep 17 00:00:00 2001 From: luohoufu Date: Thu, 5 Dec 2024 11:26:12 +0800 Subject: [PATCH 2/4] chore: update cmc pattern --- .github/workflows/commit-message-check.yml | 34 +++++++++++----------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/commit-message-check.yml b/.github/workflows/commit-message-check.yml index f19dde70..19d7a82a 100644 --- a/.github/workflows/commit-message-check.yml +++ b/.github/workflows/commit-message-check.yml @@ -14,23 +14,23 @@ jobs: excludeDescription: 'true' # optional: this excludes the description body of a pull request excludeTitle: 'true' # optional: this excludes the title of a pull request accessToken: ${{ secrets.GITHUB_TOKEN }} - pattern: '^(Change:|Feature:|Improve:|Perf:|Dep:|Doc:|Test:|CI:|Refactor:|Fix:|Fixdoc:|Fixup:|Merge|BumpVer:|Chore:|Build\(deps\):) .+$' + pattern: '^(change:|feat:|improve:|perf:|dep:|docs:|test:|ci:|style:|refactor:|fix:|fixdoc:|fixup:|merge|bumpver:|chore:|build\(deps\):) .+$' flags: 'gm' error: | - Subject line has to contain a commit type, e.g.: "Change: blabla" or a merge commit e.g.: "Merge xxx". + Subject line has to contain a commit type, e.g.: "chore: blabla" or a merge commit e.g.: "merge xxx". Valid types are: - Change - API breaking change - Feature - API compatible new feature - Improve - Become better without functional changes - Perf - Performance improvement - Dep - dependency update - Doc - doc update - Test - test udpate - CI - CI workflow update - Refactor - refactor without function change. - Fix - fix bug - Fixdoc - fix doc - Fixup - minor change: e.g., fix sth mentioned in a review. - BumpVer - Bump to a new version. - Chore - Nothing important. - Build(deps) - bot: dependabot. \ No newline at end of file + change - API breaking change + feat - API compatible new feature + improve - Become better without functional changes + perf - Performance improvement + dep - dependency update + docs - docs update + test - test udpate + ci - CI workflow update + refactor - refactor without function change. + fix - fix bug + fixdoc - fix doc + fixup - minor change: e.g., fix sth mentioned in a review. + bumpver - Bump to a new version. + chore - Nothing important. + build - bot: dependabot. \ No newline at end of file From b449dab28f3e48e5eb94046b56124ab510ffaa99 Mon Sep 17 00:00:00 2001 From: luohoufu Date: Thu, 5 Dec 2024 11:26:36 +0800 Subject: [PATCH 3/4] chore: add pr template --- .github/PULL_REQUEST_TEMPLATE.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..4be14aab --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +## What does this PR do + +## Rationale for this change + +## Standards checklist + +- [ ] The PR title is descriptive +- [ ] The commit messages are [semantic](https://www.conventionalcommits.org/) +- [ ] Necessary tests are added +- [ ] Performance tests checked, no obvious performance degradation +- [ ] Necessary documents have been added if this is a new feature \ No newline at end of file From d83085202c6db7d5871de3146a6bb81940f05226 Mon Sep 17 00:00:00 2001 From: luohoufu Date: Thu, 5 Dec 2024 11:30:25 +0800 Subject: [PATCH 4/4] fix: fix cmc pattern --- .github/workflows/commit-message-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/commit-message-check.yml b/.github/workflows/commit-message-check.yml index 19d7a82a..105fcda2 100644 --- a/.github/workflows/commit-message-check.yml +++ b/.github/workflows/commit-message-check.yml @@ -14,7 +14,7 @@ jobs: excludeDescription: 'true' # optional: this excludes the description body of a pull request excludeTitle: 'true' # optional: this excludes the title of a pull request accessToken: ${{ secrets.GITHUB_TOKEN }} - pattern: '^(change:|feat:|improve:|perf:|dep:|docs:|test:|ci:|style:|refactor:|fix:|fixdoc:|fixup:|merge|bumpver:|chore:|build\(deps\):) .+$' + pattern: '^(change:|feat:|improve:|perf:|dep:|docs:|test:|ci:|style:|refactor:|fix:|fixdoc:|fixup:|merge|bumpver:|chore:|build:) .+$' flags: 'gm' error: | Subject line has to contain a commit type, e.g.: "chore: blabla" or a merge commit e.g.: "merge xxx".