example-app/.github/workflows/pull-request.yml at master · oneanupam/example-app · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: Pull Request Checks

on:
  pull_request:
    branches:
      - master
    types:
      - opened
      - synchronize
      - reopened

jobs:
  pull-request-check:
    runs-on: ubuntu-latest
    steps:
      # Checkout the repository code
      - name: Code checkout
        id: code_checkout
        uses: actions/checkout@v4

      # Check PR title prefix to ensure it follows the convention
      - name: Check PR title prefix
        run: |
          echo "PR Title: '${{ github.event.pull_request.title }}'"

          if [[ ! "${{ github.event.pull_request.title }}" =~ ^(ci|feat|fix|chore|docs|refactor): ]]; then
            echo "❌ PR title must start with one of: ci:, feat:, fix:, chore:, docs:, refactor:"
            exit 1
          else
            echo "✅ PR title is valid."
          fi

      # Scan the repo for any sensitive information like secrets etc
      - name: Secret Scanning
        uses: trufflesecurity/trufflehog@main
        with:
          path: ./ # Code repository path
          base: "" # Start scanning from here
          head: ${{ github.head_ref || github.ref_name }} # Scan commits until here
          extra_args: --only-verified