Skip to content
Pull Request Validation

chore(deps): update dependency com.github.spotbugs:spotbugs-maven-plugin to v4.9.8.2 - autoclosed #65

Sign in to view logs

chore(deps): update dependency com.github.spotbugs:spotbugs-maven-plugin to v4.9.8.2 - autoclosed

chore(deps): update dependency com.github.spotbugs:spotbugs-maven-plugin to v4.9.8.2 - autoclosed #65

Workflow file for this run

.github/workflows/pull-request-checks.yml at 1bbc84d
name: Pull Request Validation
on:
pull_request:
types: [opened, synchronize, reopened, edited]
permissions:
contents: read
pull-requests: write
issues: write
jobs:
validate-title:
name: Validate PR Title
runs-on: ubuntu-latest
if: github.actor != 'dependabot[bot]'
steps:
- name: Check PR title format
uses: amannn/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
types: |
feat
fix
refactor
perf
test
docs
style
build
ci
chore
revert
requireScope: false
subjectPattern: ^[a-z].+$
subjectPatternError: |
The subject "{subject}" found in the pull request title "{title}" should start with a lowercase letter.
validateSingleCommit: false
check-size:
name: Check PR Size
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Check PR size
uses: actions/github-script@v8
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const pr = context.payload.pull_request;
const { additions, deletions, changed_files } = pr;
const total_changes = additions + deletions;
let size_label = '';
let comment = '';
if (total_changes < 50) {
size_label = 'size/xs';
comment = '✅ **PR Size: XS** (<50 lines)';
} else if (total_changes < 200) {
size_label = 'size/s';
comment = '✅ **PR Size: S** (50-200 lines)';
} else if (total_changes < 500) {
size_label = 'size/m';
comment = '👀 **PR Size: M** (200-500 lines)';
} else if (total_changes < 1000) {
size_label = 'size/l';
comment = '⚠️ **PR Size: L** (500-1000 lines) - Consider breaking into smaller PRs';
} else {
size_label = 'size/xl';
comment = '❌ **PR Size: XL** (>1000 lines) - Please break into smaller PRs';
}
// Add size label
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr.number,
labels: [size_label]
});
// Add comment with stats
const body = `## 📊 PR Statistics
${comment}
| Metric | Value |
|--------|-------|
| Files Changed | ${changed_files} |
| Lines Added | +${additions} |
| Lines Deleted | -${deletions} |
| Total Changes | ${total_changes} |`;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr.number,
body: body
});
check-commits:
name: Check Commit Messages
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Check commit message format
uses: actions/github-script@v8
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const commits = await github.rest.pulls.listCommits({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.payload.pull_request.number
});
const conventionalCommitRegex = /^(feat|fix|refactor|perf|test|docs|style|build|ci|chore|revert)(\(.+\))?: .+/;
const invalidCommits = [];
for (const commit of commits.data) {
const message = commit.commit.message.split('\n')[0];
if (!conventionalCommitRegex.test(message)) {
invalidCommits.push(`- ${message}`);
}
}
if (invalidCommits.length > 0) {
const body = `⚠️ **Non-conventional commit messages detected:**
${invalidCommits.join('\n')}
Please use conventional commit format: \`type(scope): description\`
Valid types: feat, fix, refactor, perf, test, docs, style, build, ci, chore, revert`;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
body: body
});
}
verify-files:
name: Verify File Changes
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Check for sensitive files
uses: actions/github-script@v8
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const files = await github.rest.pulls.listFiles({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.payload.pull_request.number
});
const sensitivePatterns = [
/\.env$/,
/\.aws\./,
/secrets?\.ya?ml$/,
/password/i,
/token/i,
/key\.pem$/,
/\.key$/
];
const sensitiveFiles = files.data
.map(f => f.filename)
.filter(filename =>
sensitivePatterns.some(pattern => pattern.test(filename))
);
if (sensitiveFiles.length > 0) {
const body = `⚠️ **Potentially sensitive files detected:**
${sensitiveFiles.map(f => `- ${f}`).join('\n')}
Please ensure no secrets or sensitive data are being committed.`;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
body: body
});
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
labels: ['security-review']
});
}
auto-label:
name: Auto-label PR
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Apply labels based on files
uses: actions/labeler@v6
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
configuration-path: .github/labeler.yml
sync-labels: false
test-changes:
name: Validate Code Changes
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Set up JDK 21
uses: actions/setup-java@v5
with:
java-version: '21'
distribution: 'corretto'
cache: maven
- name: Build cdk-common dependency
run: |
git clone https://github.com/fast-ish/cdk-common.git /tmp/cdk-common
cd /tmp/cdk-common
mvn clean install -DskipTests -B
- name: Run quick checks
run: |
echo "## 🔍 Quick Validation Checks" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Check if pom.xml is valid
if mvn validate; then
echo "✅ pom.xml is valid" >> $GITHUB_STEP_SUMMARY
else
echo "❌ pom.xml validation failed" >> $GITHUB_STEP_SUMMARY
exit 1
fi
# Run compile
if mvn compile -B; then
echo "✅ Compilation successful" >> $GITHUB_STEP_SUMMARY
else
echo "❌ Compilation failed" >> $GITHUB_STEP_SUMMARY
exit 1
fi
# Run tests
if mvn test -B; then
echo "✅ Tests passed" >> $GITHUB_STEP_SUMMARY
else
echo "⚠️ Tests failed or skipped" >> $GITHUB_STEP_SUMMARY
fi