fix(ci): add OIDC permissions for Codecov upload #12

Workflow file for this run

.github/workflows/conventional-commits.yml at ab6a751

	name: Conventional Commits

	on:
	push:
	branches:
	- '**'
	pull_request:
	types: [opened, synchronize, reopened, edited]

	jobs:
	validate-commits:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Validate commit messages
	env:
	EVENT_NAME: ${{ github.event_name }}
	PR_BASE_SHA: ${{ github.event.pull_request.base.sha }}
	PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
	PUSH_BEFORE_SHA: ${{ github.event.before }}
	PUSH_AFTER_SHA: ${{ github.sha }}
	run: \|
	set -euo pipefail

	pattern='^(build\|chore\|ci\|docs\|feat\|fix\|perf\|refactor\|revert\|style\|test)($[a-z0-9._/-]+$)?!?: .+'

	if [ "$EVENT_NAME" = "pull_request" ]; then
	BASE_SHA="$PR_BASE_SHA"
	HEAD_SHA="$PR_HEAD_SHA"
	else
	BASE_SHA="$PUSH_BEFORE_SHA"
	HEAD_SHA="$PUSH_AFTER_SHA"
	fi

	# New branch first push has all-zero before SHA; validate only latest commit.
	if [ "$BASE_SHA" = "0000000000000000000000000000000000000000" ]; then
	RANGE="$HEAD_SHA^..$HEAD_SHA"
	else
	RANGE="$BASE_SHA..$HEAD_SHA"
	fi

	invalid=0
	while IFS= read -r subject; do
	[ -z "$subject" ] && continue

	# Ignore merge commits in case the branch was merged/rebased with base.
	if [[ "$subject" =~ ^Merge\ ]]; then
	continue
	fi

	if [[ ! "$subject" =~ $pattern ]]; then
	echo "Invalid commit message: $subject"
	invalid=1
	fi
	done < <(git log --format=%s "$RANGE")

	if [ "$invalid" -ne 0 ]; then
	echo ""
	echo "Expected Conventional Commits format, e.g.:"
	echo " feat(api): add public configs endpoint"
	echo " fix(ui): prevent fork button overflow"
	exit 1
	fi

	echo "All commit messages match Conventional Commits."

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(ci): add OIDC permissions for Codecov upload #12

Workflow file

fix(ci): add OIDC permissions for Codecov upload #12

Uh oh!

Workflow file for this run