From 952139c6160bbf491fd9bfea45960c718b27a0ed Mon Sep 17 00:00:00 2001 From: Fabian Engelniederhammer Date: Thu, 8 Jan 2026 10:51:53 +0100 Subject: [PATCH 1/3] lint PR title instead of commits --- .github/workflows/changelog-preview.yml | 64 ------------------------- .github/workflows/commitlint.yml | 6 ++- CONTRIBUTING.md | 5 +- 3 files changed, 8 insertions(+), 67 deletions(-) delete mode 100644 .github/workflows/changelog-preview.yml diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml deleted file mode 100644 index c3d90f17a..000000000 --- a/.github/workflows/changelog-preview.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Changelog Preview - -on: - pull_request: - types: - - opened - - reopened - - synchronize - - ready_for_review - -jobs: - previewChangelog: - name: Preview Changelog - runs-on: ubuntu-latest - if: ${{ !github.event.pull_request.draft }} - permissions: - pull-requests: write - steps: - - uses: actions/checkout@v6 - - - uses: actions/setup-node@v6 - with: - node-version: lts/* - - - uses: actions/cache@v5 - with: - path: ~/.npm - key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} - - - name: Install npm packages - run: npm ci - - - name: Generate Changelog Preview - id: changelog-preview - run: | - changelog=$(npm run --silent release-please-changelog-preview -- --token=${{ secrets.GITHUB_TOKEN }} --target-branch=${{ github.head_ref || github.ref_name }}) - - echo "changelog<> "$GITHUB_OUTPUT" - - - name: Write changelog comment on PR - uses: marocchino/sticky-pull-request-comment@v2 - if: ${{ steps.changelog-preview.outputs.changelog != '' }} - with: - skip_unchanged: true - header: changelogPreview - message: | - This is a preview of the changelog of the next release. If this branch is not up-to-date with the current main branch, the changelog may not be accurate. Rebase your branch on the main branch to get the most accurate changelog. - - Note that this might contain changes that are on main, but not yet released. - - Changelog: - - ${{ steps.changelog-preview.outputs.changelog }} - - - name: Write "no change" Comment on PR - uses: marocchino/sticky-pull-request-comment@v2 - if: ${{ steps.changelog-preview.outputs.changelog == '' }} - with: - skip_unchanged: true - header: changelogPreview - message: | - There is no change in the changelog. This PR will not produce a new releasable version. diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index 54d7437f9..13c64a389 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -4,6 +4,7 @@ on: pull_request: types: - opened + - edited - reopened - synchronize - ready_for_review @@ -29,5 +30,6 @@ jobs: - name: Install npm packages run: npm ci - - name: Validate PR commits with commitlint - run: npx commitlint --from ${{ github.event.pull_request.base.sha }} --verbose + - name: Lint PR title + run: | + echo "${{ github.event.pull_request.title }}" | npx commitlint --verbose diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ea6560b11..d83aaa85e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -125,7 +125,10 @@ Creating a release means: ### Commit Messages The changelog and the version number are determined by the commit messages. -Therefore, commit messages should follow the [Conventional Commits](https://www.conventionalcommits.org/) specification. +Therefore, commit messages on the `main` branch should follow the [Conventional Commits](https://www.conventionalcommits.org/) specification. +Since we squash-merge pull requests, the PR title should also follow conventional commits +(because it will become the commit message of the squashed commit). + Also refer to the Release Please documentation for more information on how to write commit messages. If you want to indicate a breaking change, you can use the `BREAKING CHANGE` keyword in the commit message, followed by the description of the breaking change. From 19ea01cdca17c0fd6004ee69a79ac0f3771e2b40 Mon Sep 17 00:00:00 2001 From: Fabian Engelniederhammer <92720311+fengelniederhammer@users.noreply.github.com> Date: Thu, 8 Jan 2026 10:54:49 +0100 Subject: [PATCH 2/3] Update .github/workflows/commitlint.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/commitlint.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index 13c64a389..c3e95c213 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -32,4 +32,7 @@ jobs: - name: Lint PR title run: | - echo "${{ github.event.pull_request.title }}" | npx commitlint --verbose + cat << 'EOF' > pr_title.txt + ${{ github.event.pull_request.title }} + EOF + npx commitlint --verbose < pr_title.txt From 79bffd58f1a52070470054b159a067119164c142 Mon Sep 17 00:00:00 2001 From: Fabian Engelniederhammer Date: Thu, 8 Jan 2026 11:02:42 +0100 Subject: [PATCH 3/3] less prone to command line injection --- .github/workflows/commitlint.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index c3e95c213..e65c345f0 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -31,8 +31,6 @@ jobs: run: npm ci - name: Lint PR title - run: | - cat << 'EOF' > pr_title.txt - ${{ github.event.pull_request.title }} - EOF - npx commitlint --verbose < pr_title.txt + env: + PR_TITLE: ${{ github.event.pull_request.title }} + run: echo "$PR_TITLE" | npx commitlint --verbose