ci: update commitlint#3
Conversation
Automatically generated by python-semantic-release
Signed-off-by: Jin Yu Zhang <39463416+SiegeSailor@users.noreply.github.com>
Automatically generated by python-semantic-release
Automatically generated by python-semantic-release
There was a problem hiding this comment.
Pull request overview
This PR updates the repository’s CI linting/release setup (including bumping the opensource-nepal/commitlint GitHub Action to v1.13.3) and aligns project configuration/docs around Poetry dependency groups and semantic-release/commit message conventions.
Changes:
- Update commitlint usage in the Continuous Delivery workflow and add PR-title validation.
- Adjust python-semantic-release configuration and move version tracking to
pyproject.toml(tool.commitizen.version). - Update project documentation and add repository metadata files (e.g., Apache 2.0 LICENSE, FUNDING).
Reviewed changes
Copilot reviewed 9 out of 10 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
releaserc.toml |
Updates semantic-release commit message format and configures version source in pyproject.toml. |
README.md |
Adds workflow badge and updates local setup instructions (Poetry, install flags). |
pyproject.toml |
Introduces Poetry dependency groups and adds tool.commitizen.version. |
poetry.lock |
Lockfile updated to reflect new dependency groups/tooling dependencies. |
LICENSE.md |
Adds Apache 2.0 license text. |
CHANGELOG.md |
Adds generated changelog entries for recent releases. |
.github/workflows/continuous-delivery.yml |
Updates commitlint action version and expands workflow triggers/steps for PRs and releases. |
.github/SECURITY.md |
Expands security policy text with project-specific scope/constraints. |
.github/FUNDING.yml |
Adds GitHub Sponsors handle. |
.github/CONTRIBUTING.md |
Updates contribution/dev environment instructions and branching diagram/process. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| > eval "$(pyenv init - zsh)" | ||
| > # ===> Poetry | ||
| > fpath+=~/.zfunc | ||
| > export PATH="/Users/user/.local/bin:$PATH" |
There was a problem hiding this comment.
The shell snippet hard-codes a user-specific path (/Users/user/.local/bin) for Poetry, which is likely to break when copied by other users. Use $HOME (or a more portable approach) in documentation examples to avoid OS/user-specific paths.
| > export PATH="/Users/user/.local/bin:$PATH" | |
| > export PATH="$HOME/.local/bin:$PATH" |
| ```shell | ||
| pip install pre-commit | ||
| pre-commit install --hook-type commit-msg | ||
| pre-commit install |
There was a problem hiding this comment.
pre-commit install relies on pre-commit being on PATH. Since the instructions install it via Poetry, it’s safer to either instruct users to enter poetry shell first or run poetry run pre-commit install so the command works without extra steps.
| pre-commit install | |
| poetry run pre-commit install |
| release: | ||
| runs-on: ubuntu-latest | ||
| needs: linting | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.job }}-${{ github.ref_name }} |
There was a problem hiding this comment.
The workflow now runs on pull_request events (see the on.pull_request trigger), but the release job has no job-level condition and will also run for PRs. On PRs, github.ref_name refers to a PR ref (e.g., 123/merge) and the job performs write operations (releases/tags), which is unsafe and likely to fail. Add a job-level if: github.event_name == 'push' (or move PR linting into a separate workflow) so releases only run on intended pushes.
| - name: Setup | Install Commitlint | ||
| if: github.event_name == 'pull_request' | ||
| run: | | ||
| pip install commitlint |
There was a problem hiding this comment.
pip install commitlint will install the latest available commitlint at runtime, which can change behavior over time and make CI non-reproducible. Prefer pinning the version (e.g., align with poetry.lock) or installing via Poetry dependency groups so CI uses the locked version.
| pip install commitlint | |
| python -m pip install commitlint==1.3.0 |
| - name: Action | Validate Commit Messages | ||
| uses: opensource-nepal/commitlint@v1.13.3 | ||
|
|
There was a problem hiding this comment.
The PR description says this update is just bumping commitlint in the workflow, but this PR also changes release configuration, dependency management (Poetry dependency groups), docs, and adds/updates multiple repository meta files (LICENSE/FUNDING/SECURITY/CHANGELOG). Please update the PR description/scope to reflect the full set of changes, or split into focused PRs.
| To install the required dependencies, run the following command: | ||
|
|
||
| ```shell | ||
| poetry install | ||
| poetry install --without dev | ||
| ``` |
There was a problem hiding this comment.
This section is framed as setting up a local environment “for development”, but the install command excludes the dev dependency group. Either clarify that this is a runtime-only install, or switch to poetry install --with dev (and document when to use --without dev).
|
Wrong target branch. |
Summary
Update
commitlint.Changes
commitlinttov1.13.3incontinuous-delivery.ymlChecklist