ci: enforce Conventional Commits and modernize all workflows#4
Conversation
The squash-merge commit message defaults to the PR title, so gating titles on Conventional Commits gives release-plz clean input for changelog generation.
- Split CI into parallel fmt / clippy / test jobs so lint failures do not wait on the integration-test setup. - Bump actions/checkout v2 -> v6, actions-rs/clippy-check (archived) removed, dtolnay/rust-toolchain used for component installs, Swatinem/rust-cache@v2 added, actions/setup-go v5 (was not present before, was relying on runner's default Go). - Make clippy fail on warnings (-D warnings) and fix three lint hits in sessionrequest.rs (== None comparisons, redundant clone on Copy type) to keep the bar enforceable. - Drop redundant `cargo check` (the test job already builds). - Use curl -fsSL and \$RUNNER_TEMP instead of wget into the workspace for the irma server install. - Add top-level `permissions: contents: read` and a concurrency group that cancels superseded PR runs but never cancels main. - Bump checkout v4 -> v6 in release-plz workflow, add its own top-level read permissions, and give the release job a concurrency group that mirrors the PR job.
There was a problem hiding this comment.
Workflow file is well-formed and the type list matches what release-plz cares about. requireScope: false and the ^[A-Za-z].+[^.]$ subject pattern look right.
One small note (not blocking): because this uses pull_request_target, the workflow runs from the base branch's checkout of the file. The check therefore won't actually execute on this PR itself — it'll start firing on PRs opened against main after this merges. So test-plan item 1 ("this PR's own title should pass green") will pass trivially by absence, not by the rule actually evaluating. The non-conformant follow-up PR in item 2 is the real validation.
pull_request_target is still the correct trigger here (no user code is checked out, and you need it if you ever want write permissions on forks), so nothing to change.
Summary
Three things in one PR, all CI-pipeline housekeeping for the fork:
1. Conventional Commits gate on PR titles (the original goal of this PR)
New `pr-title.yml` runs `amannn/action-semantic-pull-request@v6` on every PR. Allowed types: `feat`, `fix`, `chore`, `docs`, `refactor`, `perf`, `test`, `build`, `ci`, `revert`. Scope optional. Subject must start with a letter and not end with a period. Matters because release-plz parses Conventional Commits from git history to build `CHANGELOG.md`, and squash-merge uses the PR title as the commit subject.
2. Rewritten CI workflow (`rust.yml`)
3. Modernized release-plz workflow
Follow-up
Once this merges, add the new required status checks to `Settings -> Branches -> main`:
Test plan