Validate CHANGELOG generation

1. Check that CHANGELOG.md was updated - Ensures the file is modified
   in the PR.
2. Validate the entry format - Ensures it matches the pattern:
  * [#PR_NUMBER](PR_URL): Description - [@username](https://github.com/username).
3. Enforce exactly one entry - Validates that only ONE changelog entry
   is added per PR.
4. Reject blank lines - Ensures no blank lines or additional content
   is added.

The validation will run automatically on all pull requests (when
opened, updated, or reopened). If the validation fails, it will
provide clear error messages explaining what needs to be fixed.

The message dynamically refers to "the topmost version section
(e.g., under '### X.X.X (Next)')" instead of hardcoding a specific
version number.

Resolves:
#48.

Author: acm19

.github/PULL_REQUEST_TEMPLATE.md

@@ -2,8 +2,4 @@
 
 *Description of changes:*
 
-### Pull Request Checklist:
-
-- [ ] I have added a contribution line at the top of [CHANGELOG.md](CHANGELOG.md).
-
 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

.github/workflows/changelog-validation.yml

@@ -0,0 +1,92 @@
+name: Validate Changelog
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  check-changelog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Check if CHANGELOG.md was updated
+        run: |
+          # Get the list of changed files in this PR
+          git fetch origin ${{ github.base_ref }}
+          CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD)
+
+          echo "Files changed in this PR:"
+          echo "$CHANGED_FILES"
+          echo ""
+
+          # Check if CHANGELOG.md is in the list of changed files
+          if ! echo "$CHANGED_FILES" | grep -q "^CHANGELOG.md$"; then
+            echo "✗ CHANGELOG.md has not been updated"
+            echo ""
+            echo "Please update CHANGELOG.md with your changes following the format:"
+            echo "* [#PR_NUMBER](PR_URL): Description - [@username](https://github.com/username)."
+            echo ""
+            echo "Add your entry under the topmost version section (e.g., under '### X.X.X (Next)')."
+            exit 1
+          fi
+
+          echo "✓ CHANGELOG.md has been updated"
+          echo ""
+
+      - name: Validate changelog entry format
+        run: |
+          # Get the diff for CHANGELOG.md
+          git fetch origin ${{ github.base_ref }}
+          CHANGELOG_DIFF=$(git diff origin/${{ github.base_ref }}...HEAD -- CHANGELOG.md)
+
+          # Extract added lines (lines starting with + [changes], but not +++ [metadata])
+          ADDED_LINES=$(echo "$CHANGELOG_DIFF" | grep "^+" | grep -v "^+++" || true)
+
+          echo "Added lines in CHANGELOG.md:"
+          echo "$ADDED_LINES"
+          echo ""
+
+          # Count valid changelog entries
+          VALID_ENTRIES=$(echo "$ADDED_LINES" | grep -E '^\+\* \[#[0-9]+\]\(https://github\.com/[^/]+/[^/]+/pull/[0-9]+\): .+ - \[@[^]]+\]\(https://github\.com/[^)]+\)\.' || true)
+          VALID_COUNT=$([[ -n "$VALID_ENTRIES" ]] && echo "$VALID_ENTRIES" | grep -c "^\+" || echo 0)
+
+          # Check that exactly one valid entry was added
+          if [ "$VALID_COUNT" -eq 0 ]; then
+            echo "✗ No valid changelog entry found"
+            echo ""
+            echo "Expected format:"
+            echo "* [#PR_NUMBER](https://github.com/OWNER/REPO/pull/PR_NUMBER): Description - [@username](https://github.com/username)."
+            echo ""
+            echo "Example:"
+            echo "* [#123](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/123): Add changelog validation - [@username](https://github.com/username)."
+            exit 1
+          elif [ "$VALID_COUNT" -gt 1 ]; then
+            echo "✗ Multiple changelog entries detected ($VALID_COUNT entries)"
+            echo ""
+            echo "Please add only ONE changelog entry per pull request."
+            echo ""
+            echo "Entries found:"
+            echo "$VALID_ENTRIES" | sed 's/^+//'
+            exit 1
+          fi
+
+          # Count total added lines (including any blank lines or invalid entries)
+          TOTAL_ADDED=$([[ -n "$ADDED_LINES" ]] && echo "$ADDED_LINES" | wc -l || echo 0)
+
+          # Check that only one line was added (no blank lines or other content)
+          if [ "$TOTAL_ADDED" -ne 1 ]; then
+            echo "✗ Detected $TOTAL_ADDED added lines, but only 1 line should be added"
+            echo ""
+            echo "Please add only ONE changelog entry with no blank lines or additional content."
+            echo ""
+            echo "All added lines:"
+            echo "$ADDED_LINES"
+            exit 1
+          fi
+
+          echo "✓ Exactly one valid changelog entry found:"
+          echo "$VALID_ENTRIES" | sed 's/^+//'

CHANGELOG.md

@@ -1,4 +1,5 @@
 ### 4.0.1 (Next)
+* [#153](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/153): Validate CHANGELOG generation - [@acm19](https://github.com/acm19).
 * [#151](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/151): Upgrade deprecated actions/create-release@v1 - [@dblock](https://github.com/dblock).
 * [#150](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/150): Fix pom.xml indentation inconsistencies - [@dblock](https://github.com/dblock).
 * [#149](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/149): Add Checkstyle indentation checks - [@dblock](https://github.com/dblock).
@@ -19,12 +20,10 @@
 * [#104](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/104): Make request interceptors simpler and other improvements - [@acm19](https://github.com/acm19).
 
 ### 2.3.0 (2023/01/26)
-
 * [#94](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/94): Add support for OpenSearch Serverless - [@dblock](https://github.com/dblock).
 * [#92](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/92): Make samples compatible with OpenSearch 2.x - [@dblock](https://github.com/dblock).
 
 ### 2.2.0 (2022/10/02)
-
 * [#80](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/80): Add support for Apache client v5 - [@acm19](https://github.com/acm19).
 * [#76](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/76): Automate release process - [@acm19](https://github.com/acm19).
 * [#75](https://github.com/acm19/aws-request-signing-apache-interceptor/issues/75): Add OpenSearch cluster infrastructure - [@acm19](https://github.com/acm19).
@@ -33,11 +32,9 @@
 * [#70](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/70): Add maven release info, usage and badge to README - [@dblock](https://github.com/dblock).
 
 ### 2.1.1 (2022/07/12)
-
 * [#67](https://github.com/acm19/aws-request-signing-apache-interceptor/issues/67): Add fields required by Maven Central to de POM - [@acm19](https://github.com/acm19).
 
 ### 2.1.0 (2022/07/12)
-
 * [#58](https://github.com/acm19/aws-request-signing-apache-interceptor/issues/58): Test and fix the release process - [@acm19](https://github.com/acm19).
 * [#59](https://github.com/acm19/aws-request-signing-apache-interceptor/pull/59): Document versioning standard - [@acm19](https://github.com/acm19).
 * [#44](https://github.com/acm19/aws-request-signing-apache-interceptor/issues/44): Release to Maven Central - [@dblock](https://github.com/dblock), [@acm19](https://github.com/acm19).
@@ -60,14 +57,11 @@
 * Re-add support for JDK8 - [@acm19](https://github.com/acm19).
 
 ### 2.0.2 (2020/12/27)
-
 * Updated dependencies - [@renovate-bot](https://github.com/renovate-bot).
 
 ### 2.0.1 (2020/05/03)
-
 * Make `httpClient` a `provided` dependency - [@acm19](https://github.com/acm19).
 
 ### 2.0.0 (2020/05/03)
-
 * Added renovate - [@acm19](https://github.com/acm19).
 * Upgraded to AWS SDK 2.13.8 - [@acm19](https://github.com/acm19).