chore(release): 2.8.1 #773
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR text hygiene | |
| # Preventive lint for pull-request text. Scans the PR title, body, | |
| # head branch name, and every commit subject + body against the | |
| # deny-list configured in the `PR_TEXT_HYGIENE_DENYLIST` repository | |
| # variable. Any match fails the workflow with a `::error::` annotation | |
| # so the `text-hygiene` job can be made a required check. | |
| # | |
| # When the variable is unset (the default in a fresh fork) the script | |
| # logs a notice and the job exits 0; the gate becomes effectively | |
| # opt-in via repository settings. | |
| # | |
| # Operator opt-out: apply the `skip-text-hygiene` PR label. | |
| # Bot-authored PRs (renovate, dependabot, github-actions, | |
| # bernstein-orchestrator) are skipped to avoid feedback loops. | |
| on: | |
| pull_request: | |
| types: [opened, edited, synchronize, reopened] | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| concurrency: | |
| group: pr-text-hygiene-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| text-hygiene: | |
| name: text-hygiene | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| if: >- | |
| github.event.pull_request.user.login != 'dependabot[bot]' && | |
| github.event.pull_request.user.login != 'renovate[bot]' && | |
| github.event.pull_request.user.login != 'github-actions[bot]' && | |
| github.event.pull_request.user.login != 'bernstein[bot]' && | |
| github.event.pull_request.user.login != 'bernstein-orchestrator[bot]' && | |
| !contains(github.event.pull_request.labels.*.name, 'skip-text-hygiene') | |
| steps: | |
| - name: Harden runner (audit mode) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout PR head | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: '3.13' | |
| - name: Collect commit messages | |
| env: | |
| BASE_SHA: ${{ github.event.pull_request.base.sha }} | |
| HEAD_SHA: ${{ github.event.pull_request.head.sha }} | |
| run: | | |
| set -euo pipefail | |
| mkdir -p .ci/text-hygiene | |
| # Format every commit as subject + body separated by `---`. | |
| # `git log` is safe to run against a shallow-cloned PR head. | |
| git log --format='%B%n---' "${BASE_SHA}..${HEAD_SHA}" \ | |
| > .ci/text-hygiene/commits.txt | |
| - name: Run text hygiene scan | |
| env: | |
| PR_TITLE: ${{ github.event.pull_request.title }} | |
| PR_BODY: ${{ github.event.pull_request.body }} | |
| PR_BRANCH: ${{ github.event.pull_request.head.ref }} | |
| PR_TEXT_HYGIENE_DENYLIST: ${{ vars.PR_TEXT_HYGIENE_DENYLIST }} | |
| run: | | |
| set -euo pipefail | |
| python scripts/check_pr_text_hygiene.py \ | |
| --title "${PR_TITLE}" \ | |
| --body "${PR_BODY:-}" \ | |
| --branch "${PR_BRANCH}" \ | |
| --commit-messages-file .ci/text-hygiene/commits.txt \ | |
| --denylist-env-var PR_TEXT_HYGIENE_DENYLIST |