Skip to content

ci: enforce Conventional Commits and modernize all workflows#4

Merged
rubenhensen merged 2 commits into
mainfrom
add-pr-title-check
May 18, 2026
Merged

ci: enforce Conventional Commits and modernize all workflows#4
rubenhensen merged 2 commits into
mainfrom
add-pr-title-check

Conversation

@rubenhensen

@rubenhensen rubenhensen commented May 18, 2026

Copy link
Copy Markdown

Summary

Three things in one PR, all CI-pipeline housekeeping for the fork:

1. Conventional Commits gate on PR titles (the original goal of this PR)

New `pr-title.yml` runs `amannn/action-semantic-pull-request@v6` on every PR. Allowed types: `feat`, `fix`, `chore`, `docs`, `refactor`, `perf`, `test`, `build`, `ci`, `revert`. Scope optional. Subject must start with a letter and not end with a period. Matters because release-plz parses Conventional Commits from git history to build `CHANGELOG.md`, and squash-merge uses the PR title as the commit subject.

2. Rewritten CI workflow (`rust.yml`)

  • Split into three parallel jobs: Rustfmt, Clippy, Integration tests, so lint failures no longer wait on the irma/go setup.
  • `actions/checkout` v2 -> v6; archived `actions-rs/clippy-check` removed; clippy/rustfmt installed via `dtolnay/rust-toolchain` components; `Swatinem/rust-cache@v2` added; `actions/setup-go@v6` pins Go (was using whatever the runner shipped).
  • Clippy now runs with `-D warnings`. Three pre-existing warnings fixed in `src/sessionrequest.rs` so the bar is actually enforceable (`== None` -> `.is_none()`, redundant `.clone()` on a `Copy` type).
  • Drop redundant `cargo check` (the test job builds anyway).
  • IRMA server now installed via `curl -fsSL` into `$RUNNER_TEMP` instead of `wget` into the workspace.
  • Top-level `permissions: contents: read`. Concurrency group cancels superseded PR runs but never cancels main.

3. Modernized release-plz workflow

  • `actions/checkout` v4 -> v6.
  • Top-level `permissions: contents: read` so each job opts into the writes it needs.
  • Release job got its own concurrency group (PR job already had one).
  • crates.io trusted publishing via `id-token: write` is unchanged.

Follow-up

Once this merges, add the new required status checks to `Settings -> Branches -> main`:

  • `Conventional Commits`
  • `Rustfmt`
  • `Clippy`
  • `Integration tests` (optional — long-running)

Test plan

  • `cargo fmt --all --check` clean
  • `cargo clippy --all-targets --all-features -- -D warnings` clean
  • `cargo test --lib` -> 6 passed
  • CI run on this PR shows fmt, clippy, and Conventional Commits all green
  • Integration tests pass on this PR (run on Linux with the v0.8.0 irma server)

The squash-merge commit message defaults to the PR title, so
gating titles on Conventional Commits gives release-plz clean
input for changelog generation.
- Split CI into parallel fmt / clippy / test jobs so lint failures
  do not wait on the integration-test setup.
- Bump actions/checkout v2 -> v6, actions-rs/clippy-check (archived)
  removed, dtolnay/rust-toolchain used for component installs,
  Swatinem/rust-cache@v2 added, actions/setup-go v5 (was not present
  before, was relying on runner's default Go).
- Make clippy fail on warnings (-D warnings) and fix three lint hits
  in sessionrequest.rs (== None comparisons, redundant clone on
  Copy type) to keep the bar enforceable.
- Drop redundant `cargo check` (the test job already builds).
- Use curl -fsSL and \$RUNNER_TEMP instead of wget into the workspace
  for the irma server install.
- Add top-level `permissions: contents: read` and a concurrency group
  that cancels superseded PR runs but never cancels main.
- Bump checkout v4 -> v6 in release-plz workflow, add its own
  top-level read permissions, and give the release job a concurrency
  group that mirrors the PR job.

@dobby-coder dobby-coder Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Workflow file is well-formed and the type list matches what release-plz cares about. requireScope: false and the ^[A-Za-z].+[^.]$ subject pattern look right.

One small note (not blocking): because this uses pull_request_target, the workflow runs from the base branch's checkout of the file. The check therefore won't actually execute on this PR itself — it'll start firing on PRs opened against main after this merges. So test-plan item 1 ("this PR's own title should pass green") will pass trivially by absence, not by the rule actually evaluating. The non-conformant follow-up PR in item 2 is the real validation.

pull_request_target is still the correct trigger here (no user code is checked out, and you need it if you ever want write permissions on forks), so nothing to change.

@rubenhensen rubenhensen changed the title ci: enforce Conventional Commits in PR titles ci: enforce Conventional Commits and modernize all workflows May 18, 2026
@rubenhensen rubenhensen merged commit da71f36 into main May 18, 2026
3 checks passed
@rubenhensen rubenhensen deleted the add-pr-title-check branch May 18, 2026 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant