Alien-Gateway/.github/workflows/pre-commit-validation.yml at dev · Alien-Protocol/Alien-Gateway · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: Pre-commit Hook Validation

on:
  push:
    branches: [main, dev, staging]
  pull_request:
    branches: [main, dev, staging]

jobs:
  validate-pre-commit:
    name: Validate Pre-commit Hooks
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Resolve changed files and commit subjects
        id: context
        shell: bash
        run: |
          if [ "${GITHUB_EVENT_NAME}" = "push" ]; then
            RANGE="${{ github.event.before }}..${{ github.event.after }}"
            COMMITS="$(git log --pretty=format:'%s' "$RANGE" 2>/dev/null || git log --pretty=format:'%s' -10)"
            FILES="$(git diff --name-only "$RANGE" 2>/dev/null || git diff --name-only HEAD~1)"
          else
            git fetch origin "${{ github.base_ref }}:${{ github.base_ref }}" --no-tags
            RANGE="origin/${{ github.base_ref }}..HEAD"
            COMMITS="$(git log --pretty=format:'%s' "$RANGE" 2>/dev/null || git log --pretty=format:'%s' HEAD~10..HEAD)"
            FILES="$(git diff --name-only "$RANGE" 2>/dev/null || git diff --name-only HEAD~1)"
          fi

          {
            echo "commits<<EOF"
            echo "$COMMITS"
            echo "EOF"
            echo "files<<EOF"
            echo "$FILES"
            echo "EOF"
          } >> "$GITHUB_OUTPUT"

      - name: Validate branch naming convention
        if: github.event_name == 'pull_request'
        shell: bash
        run: |
          branch="${{ github.head_ref }}"
          branch_regex='^(feat|fix|docs|refactor|test|chore)/[a-z0-9][a-z0-9-]*[a-z0-9]$'

          if echo "$branch" | grep -qE "$branch_regex"; then
            echo "Branch name '$branch' follows the naming convention."
          else
            echo "::warning::Branch name '$branch' does not follow the recommended naming convention."
          fi

      - name: Check for bypassed commits
        shell: bash
        run: |
          commits="${{ steps.context.outputs.commits }}"
          bypass_commits=$(echo "$commits" | grep -iE "emergency.*bypass|no-verify|skip.*hook" || true)

          if [ -n "$bypass_commits" ]; then
            echo "Found commits that appear to bypass hooks:"
            echo "$bypass_commits"
            exit 1
          fi

          echo "No bypassed commits found."

      - name: Validate commit message format
        shell: bash
        run: |
          commits="${{ steps.context.outputs.commits }}"
          commit_regex='^(feat|fix|docs|style|refactor|test|chore|perf|ci|build|revert)(\(.+\))?: .{1,72}$'
          invalid_commits=""

          while IFS= read -r message; do
            if [ -z "$message" ] || echo "$message" | grep -qE "^Merge "; then
              continue
            fi
            if ! echo "$message" | grep -qE "$commit_regex"; then
              invalid_commits="$invalid_commits\n- $message"
            fi
          done <<< "$commits"

          if [ -n "$invalid_commits" ]; then
            echo "::warning::Some commit subjects are not conventional commits."
            echo -e "$invalid_commits"
          else
            echo "All commit messages follow the Conventional Commits format."
          fi

      - name: Check for console.log statements
        shell: bash
        run: |
          files="${{ steps.context.outputs.files }}"
          console_log_found=false

          while IFS= read -r file; do
            if [[ "$file" =~ \.(ts|tsx|js|jsx)$ ]] && [ -f "$file" ]; then
              if grep -n "console\.log" "$file"; then
                echo "Found console.log in $file"
                console_log_found=true
              fi
            fi
          done <<< "$files"

          if [ "$console_log_found" = true ]; then
            echo "console.log statements found. Please remove them before merging."
            exit 1
          fi

          echo "No console.log statements found."

      - name: Check for TODO and FIXME comments
        shell: bash
        run: |
          files="${{ steps.context.outputs.files }}"
          todo_found=false

          while IFS= read -r file; do
            if [[ "$file" =~ \.(rs|ts|tsx|js|jsx)$ ]] && [ -f "$file" ]; then
              if grep -nE "TODO|FIXME" "$file"; then
                echo "::warning file=$file::TODO or FIXME found"
                todo_found=true
              fi
            fi
          done <<< "$files"

          if [ "$todo_found" = false ]; then
            echo "No TODO or FIXME comments found."
          fi

      - name: Check for unsafe unwrap and expect usage in Rust
        shell: bash
        run: |
          files="${{ steps.context.outputs.files }}"

          while IFS= read -r file; do
            if [[ "$file" =~ \.rs$ ]] && [ -f "$file" ]; then
              if grep -nE "\.unwrap\(\)|\.expect\(" "$file" | grep -vE "^\s*//"; then
                echo "::warning file=$file::unwrap/expect usage found"
              fi
            fi
          done <<< "$files"