test(e2e): ci stability #17488
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "PR health" | |
| on: | |
| pull_request_target: | |
| # !!!! Be especially careful with checkouts are we are using: pull_request_target | |
| # See: https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/ | |
| types: [edited, opened, reopened, synchronize] | |
| permissions: | |
| contents: read | |
| jobs: | |
| pr-check: | |
| timeout-minutes: 10 | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Add checklist comment | |
| if: github.event.pull_request.author != 'app/dependabot' | |
| uses: marocchino/sticky-pull-request-comment@daa4a82a0a3f6c162c02b83fa44b3ab83946f7cb # v2.9.0 | |
| with: | |
| header: PR reviewer checklist | |
| only_create: true | |
| message: | | |
| ## Reviewer Checklist | |
| :mag: Each of these sections need to be checked by the reviewer of the PR :mag:: | |
| If something doesn't apply please check the box and add a justification if the reason is non obvious. | |
| - [ ] Is the PR title satisfactory? Is this part of a larger feature and should be grouped using `> Changelog`? | |
| - [ ] PR description is clear and complete. It [Links to relevant issue][1] as well as docs and UI issues | |
| - [ ] This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as an image registry) | |
| - [ ] IPv6 is taken into account (.e.g: no string concatenation of host port) | |
| - [ ] Tests (Unit test, E2E tests, manual test on universal and k8s) | |
| - Don't forget `ci/` labels to run additional/fewer tests | |
| - [ ] Does this contain a change that needs to be notified to users? In this case, [`UPGRADE.md`](../blob/master/UPGRADE.md) should be updated. | |
| - [ ] Does it need to be backported according to the [backporting policy](../blob/master/CONTRIBUTING.md#backporting)? ([this](https://github.com/kumahq/kuma/actions/workflows/auto-backport.yaml) GH action will add "backport" label based on these [file globs](https://github.com/kumahq/kuma/blob/master/.github/workflows/auto-backport.yaml#L6), if you want to prevent it from adding the "backport" label use [no-backport-autolabel](https://github.com/kumahq/kuma/blob/master/.github/workflows/auto-backport.yaml#L8) label) | |
| [1]: https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword | |
| - name: Check PR title | |
| # Check PR title against the Conventional Commits format using commitlint. | |
| # For more details, see: https://www.conventionalcommits.org/en/v1.0.0/ | |
| # This ensures the PR title matches the conventonal commit title format | |
| # as it will be usead as a commit name after squashing. | |
| # See: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges#merge-message-for-a-squash-merge. | |
| if: github.event.action != 'synchronize' | |
| env: | |
| # Use an intermediate environment variable to safely handle the PR title | |
| # and avoid potential injection risks. See: | |
| # https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable | |
| TITLE: ${{ github.event.pull_request.title }} | |
| run: | | |
| # Create a temporary commitlint configuration file | |
| cat <<EOF > commitlint.config.js | |
| module.exports = { | |
| extends: ["@commitlint/config-conventional"], | |
| helpUrl: "https://github.com/kumahq/kuma/blob/master/CONTRIBUTING.md#commit-message-format", | |
| rules: { | |
| "body-max-line-length": [0], | |
| "footer-max-line-length": [0], | |
| "footer-leading-blank": [0], | |
| "header-max-length": [0], | |
| "scope-enum": [2, "never", [ | |
| "kumacp", "kumadp", "kumacni", "kumainit", "*", "madr", "test", "ci", "perf", "policies", "tests" | |
| ]], | |
| "scope-empty": [2, "never"] | |
| }, | |
| }; | |
| EOF | |
| # Install commitlint CLI and configuration | |
| npm install -g @commitlint/[email protected] @commitlint/[email protected] | |
| # Validate the PR title. Use the intermediate variable to safely handle the title. | |
| # '${{ env.TITLE }}' doesn't protect against injection, so "$TITLE" must be used instead. | |
| echo "$TITLE" | commitlint --config commitlint.config.js |