diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml new file mode 100644 index 0000000..9629aaf --- /dev/null +++ b/.github/workflows/quality_checks.yml @@ -0,0 +1,67 @@ +name: Quality checks ๐Ÿ‘Œ๐Ÿงช + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +on: + pull_request: + merge_group: + +jobs: + dependency-review: + name: Vulnerable dependencies ๐Ÿ”Ž + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v4.1.1 + with: + show-progress: false + + - name: Scan + uses: actions/dependency-review-action@v4.1.3 + with: + ## Workaround from https://github.com/actions/dependency-review-action/issues/456 + ## TODO: Remove when necessary + base-ref: ${{ github.event.pull_request.base.sha || 'master' }} + head-ref: ${{ github.event.pull_request.head.sha || github.ref }} + + pr_context: + name: Save PR context as artifact + if: ${{ always() && !cancelled() && github.event_name == 'pull_request' }} + runs-on: ubuntu-latest + ## Add needed jobs here + needs: + - dependency-review + + steps: + - name: Save PR context + env: + PR_NUMBER: ${{ github.event.number }} + PR_SHA: ${{ github.sha }} + run: | + echo $PR_NUMBER > PR_number + echo $PR_SHA > PR_sha + + - name: Upload PR number as artifact + uses: actions/upload-artifact@v4.3.1 + with: + compression-level: 0 + name: PR_context + path: | + PR_number + PR_sha + + conventional_commits: + name: Conventional commits check ๐Ÿ’ฌ + if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} + runs-on: ubuntu-latest + + steps: + - name: Checkout โฌ‡๏ธ + uses: actions/checkout@v4.1.1 + with: + show-progress: false + + - name: Check if all commits comply with the specification + uses: webiny/action-conventional-commits@v1.3.0