mirror of
https://github.com/NoFxAiOS/nofx.git
synced 2026-07-04 03:21:04 +08:00
Fix validation error
This commit is contained in:
1
.github/workflows/README.md
vendored
1
.github/workflows/README.md
vendored
@@ -9,6 +9,7 @@ This directory contains the GitHub Actions workflows for the NOFX project.
|
||||
- **[TRIGGERS.md](./TRIGGERS.md)** - Comparison of event triggers (pull_request vs pull_request_target vs workflow_run)
|
||||
- **[FORK_PR_FLOW.md](./FORK_PR_FLOW.md)** - Complete analysis of what happens when a fork PR is submitted
|
||||
- **[FLOW_DIAGRAM.md](./FLOW_DIAGRAM.md)** - Visual flow diagrams and quick reference
|
||||
- **[SECRETS_SCANNING.md](./SECRETS_SCANNING.md)** - Secrets scanning solutions and TruffleHog setup
|
||||
|
||||
## 🚀 Quick Start
|
||||
|
||||
|
||||
6
.github/workflows/pr-checks-run.yml
vendored
6
.github/workflows/pr-checks-run.yml
vendored
@@ -23,13 +23,13 @@ jobs:
|
||||
run: |
|
||||
PR_TITLE="${{ github.event.pull_request.title }}"
|
||||
|
||||
# Check if title follows conventional commits
|
||||
if echo "$PR_TITLE" | grep -qE "^(feat|fix|docs|style|refactor|perf|test|chore|ci|security)(\(.+\))?: .+"; then
|
||||
# Check if title follows conventional commits (expanded type list)
|
||||
if echo "$PR_TITLE" | grep -qE "^(feat|fix|docs|style|refactor|perf|test|chore|ci|security|build)(\(.+\))?: .+"; then
|
||||
echo "status=✅ Good" >> $GITHUB_OUTPUT
|
||||
echo "message=PR title follows Conventional Commits format" >> $GITHUB_OUTPUT
|
||||
else
|
||||
echo "status=⚠️ Suggestion" >> $GITHUB_OUTPUT
|
||||
echo "message=Consider using Conventional Commits format: type(scope): description" >> $GITHUB_OUTPUT
|
||||
echo "message=Consider using format: type(scope): description. Valid types: feat, fix, docs, style, refactor, perf, test, chore, ci, security, build" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Calculate PR size and save results
|
||||
|
||||
94
.github/workflows/pr-checks.yml
vendored
94
.github/workflows/pr-checks.yml
vendored
@@ -23,6 +23,8 @@ jobs:
|
||||
# Inherits workflow-level permissions (contents: read, pull-requests: write, issues: write)
|
||||
steps:
|
||||
- name: Check PR title format
|
||||
id: semantic-pr
|
||||
continue-on-error: true # Don't block PR if title format is invalid
|
||||
uses: amannn/action-semantic-pull-request@v5
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -38,6 +40,7 @@ jobs:
|
||||
chore
|
||||
ci
|
||||
security
|
||||
build
|
||||
scopes: |
|
||||
exchange
|
||||
trader
|
||||
@@ -48,8 +51,67 @@ jobs:
|
||||
backend
|
||||
security
|
||||
deps
|
||||
workflow
|
||||
github
|
||||
actions
|
||||
config
|
||||
docker
|
||||
build
|
||||
release
|
||||
requireScope: false
|
||||
|
||||
- name: Comment on invalid PR title
|
||||
if: steps.semantic-pr.outcome == 'failure'
|
||||
uses: actions/github-script@v7
|
||||
continue-on-error: true # Don't fail for fork PRs
|
||||
with:
|
||||
script: |
|
||||
const prTitle = context.payload.pull_request.title;
|
||||
const isFork = context.payload.pull_request.head.repo.full_name !== context.payload.pull_request.base.repo.full_name;
|
||||
|
||||
const comment = [
|
||||
'## ⚠️ PR Title Format Suggestion',
|
||||
'',
|
||||
"Your PR title doesn't follow the Conventional Commits format, but **this won't block your PR from being merged**.",
|
||||
'',
|
||||
`**Current title:** \`${prTitle}\``,
|
||||
'',
|
||||
'**Recommended format:** `type(scope): description`',
|
||||
'',
|
||||
'### Valid types:',
|
||||
'`feat`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `chore`, `ci`, `security`, `build`',
|
||||
'',
|
||||
'### Common scopes (optional):',
|
||||
'`exchange`, `trader`, `ai`, `api`, `ui`, `frontend`, `backend`, `security`, `deps`, `workflow`, `github`, `actions`, `config`, `docker`, `build`, `release`',
|
||||
'',
|
||||
'### Examples:',
|
||||
'- `feat(trader): add new trading strategy`',
|
||||
'- `fix(api): resolve authentication issue`',
|
||||
'- `docs: update README`',
|
||||
'- `chore(deps): update dependencies`',
|
||||
'- `ci(workflow): improve GitHub Actions`',
|
||||
'',
|
||||
'**Note:** This is a suggestion to improve consistency. Your PR can still be reviewed and merged.',
|
||||
'',
|
||||
'---',
|
||||
'*This is an automated comment. You can update the PR title anytime.*'
|
||||
].join('\n');
|
||||
|
||||
if (!isFork) {
|
||||
try {
|
||||
await github.rest.issues.createComment({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: context.payload.pull_request.number,
|
||||
body: comment
|
||||
});
|
||||
} catch (error) {
|
||||
console.log('Could not post comment (expected for fork PRs):', error.message);
|
||||
}
|
||||
} else {
|
||||
console.log('Fork PR - comment will be posted by pr-checks-comment.yml');
|
||||
}
|
||||
|
||||
- name: Check PR size
|
||||
uses: actions/github-script@v7
|
||||
continue-on-error: true # Don't fail for fork PRs
|
||||
@@ -250,10 +312,13 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Run Gitleaks
|
||||
uses: gitleaks/gitleaks-action@v2
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run TruffleHog OSS
|
||||
uses: trufflesecurity/trufflehog@main
|
||||
with:
|
||||
path: ./
|
||||
base: ${{ github.event.pull_request.base.sha }}
|
||||
head: ${{ github.event.pull_request.head.sha }}
|
||||
extra_args: --debug --only-verified
|
||||
|
||||
# All checks passed
|
||||
all-checks:
|
||||
@@ -266,9 +331,24 @@ jobs:
|
||||
steps:
|
||||
- name: Check all jobs
|
||||
run: |
|
||||
if [ "${{ contains(needs.*.result, 'failure') }}" == "true" ]; then
|
||||
echo "Some checks failed"
|
||||
# Note: validate-pr uses continue-on-error, so it won't block even if title format is invalid
|
||||
# We only care about actual test failures
|
||||
echo "validate-pr: ${{ needs.validate-pr.result }}"
|
||||
echo "backend-tests: ${{ needs.backend-tests.result }}"
|
||||
echo "frontend-tests: ${{ needs.frontend-tests.result }}"
|
||||
echo "security-check: ${{ needs.security-check.result }}"
|
||||
echo "secrets-check: ${{ needs.secrets-check.result }}"
|
||||
|
||||
# Check if any critical checks failed (excluding validate-pr which is advisory)
|
||||
if [[ "${{ needs.backend-tests.result }}" == "failure" ]] || \
|
||||
[[ "${{ needs.frontend-tests.result }}" == "failure" ]] || \
|
||||
[[ "${{ needs.security-check.result }}" == "failure" ]] || \
|
||||
[[ "${{ needs.secrets-check.result }}" == "failure" ]]; then
|
||||
echo "❌ Critical checks failed"
|
||||
exit 1
|
||||
else
|
||||
echo "All checks passed!"
|
||||
echo "✅ All critical checks passed!"
|
||||
if [[ "${{ needs.validate-pr.result }}" != "success" ]]; then
|
||||
echo "ℹ️ Note: PR title format check is advisory only and doesn't block merging"
|
||||
fi
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user