Commit message linting

[yashgoyal0110]

fixes: PSMRI/AMRIT#91

Added Commit Message Linting

• Set up Husky and Commitlint to enforce proper commit message format.
• This ensures all commit messages follow the Conventional Commit style.
• Also added Commitizen to help write commits using an interactive prompt.

Summary by CodeRabbit

• Chores
  • Added configuration for commit message linting and conventional commit enforcement.
  • Introduced Husky Git hooks to automate commit message formatting and validation.
  • Updated .gitignore to exclude node_modules from version control.
  • Added project metadata and development dependencies for commit management tools.

[coderabbitai]

Walkthrough

This change introduces commit message linting and automation for the repository. It adds Commitlint configuration, Husky git hooks for local commit message validation and Commitizen prompts, and a GitHub Actions workflow to enforce commit message standards on pull requests. The package.json is created to manage dependencies and scripts for these tools. The .gitignore is updated to exclude node_modules from version control. No changes are made to application code or exported entities.

Changes

File(s)	Change Summary
.github/workflows/commitlint.yml	Adds a GitHub Actions workflow to lint commit messages on pull requests using Commitlint.
.husky/commit-msg, .husky/prepare-commit-msg	Adds Husky hooks: one to validate commit messages with Commitlint, another to invoke Commitizen for commit prompts.
commitlint.config.js	Adds Commitlint configuration extending conventional commit rules.
package.json	Introduces project metadata, scripts, Commitlint, Commitizen, and Husky dependencies and configuration.
.gitignore	Adds node_modules/ to the ignore list.

Sequence Diagram(s)

sequenceDiagram
    participant Developer
    participant Husky
    participant Commitlint
    participant Commitizen
    participant GitHub Actions

    Developer->>Husky: git commit (prepares commit message)
    Husky->>Commitizen: Run Commitizen prompt (prepare-commit-msg)
    Commitizen-->>Husky: Format commit message
    Husky->>Commitlint: Validate commit message (commit-msg)
    Commitlint-->>Husky: Approve or block commit

    Developer->>GitHub Actions: Open/synchronize/edit PR
    GitHub Actions->>Commitlint: Lint all PR commit messages
    Commitlint-->>GitHub Actions: Pass/fail PR check

Loading

Assessment against linked issues

Objective	Addressed	Explanation
Integrate Commitlint to enforce commit message standards (#91)	✅
Set up Husky to trigger commit-msg hooks (#91)	✅
Add Commitizen to provide structured commit prompts to contributors (#91)	✅
Configure GitHub Actions to verify commit format in Pull Requests (#91)	✅
Ensure no conflicts/interference with existing CI/CD workflows (#91)	✅

Poem

In the warren of code, where the carrots grow bright,
We’ve added some rules to keep commits right.
With Husky and Commitlint, no message goes astray,
Commitizen hops in to guide what you say.
On every pull request, GitHub Actions will chime—
“Your commits are so tidy, they’re simply sublime!”
🐇✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (4)

commitlint.config.js (1)

1-3: Configuration looks good with minor formatting inconsistency

The commitlint configuration correctly extends the conventional commit rules, which will enforce standardized commit messages. There's a minor indentation inconsistency between line 2 (4 spaces) and line 3 (2 spaces).

module.exports = {
    extends: ['@commitlint/config-conventional'],
-  };
+};

.github/workflows/commitlint.yml (1)

19-21: Optionally cache npm dependencies for faster CI runs.

Caching ~/.npm between builds can significantly reduce install time.

-      - name: Install dependencies
-        run: npm install
+      - name: Cache npm modules
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-npm-
+
+      - name: Install dependencies
+        run: npm install

package.json (2)

4-5: Resolve license mismatch in the description.

The badge in description is for GPLv3, but the license field is ISC. Align the badge with the actual license or update the license field.

-  "description": "[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)  ![branch parameter](https://github.com/PSMRI/Identity-API/actions/workflows/sast-and-package.yml/badge.svg)",
+  "description": "[![License: ISC](https://img.shields.io/badge/License-ISC-blue.svg)](https://opensource.org/licenses/ISC)  ![branch parameter](https://github.com/PSMRI/Identity-API/actions/workflows/sast-and-package.yml/badge.svg)",

---

12-16: Add a commitlint script for local validation.

Contributors will appreciate a shortcut to lint commits locally. For example:

 "scripts": {
   "test": "echo \"No tests specified\"",
   "prepare": "husky install",
   "commit": "cz",
+  "lint:commits": "commitlint --from=origin/main --to=HEAD"
 },

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0cce2b3 and 69c8262.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (7)

• .github/workflows/commitlint.yml (1 hunks)
• .gitignore (1 hunks)
• .husky/commit-msg (1 hunks)
• .husky/pre-commit (1 hunks)
• .husky/prepare-commit-msg (1 hunks)
• commitlint.config.js (1 hunks)
• package.json (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/commitlint.yml

12-12: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

15-15: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (6)

.gitignore (1)

38-38: Appropriate addition of node_modules to gitignore

Adding the node_modules directory to .gitignore is a standard practice for Node.js projects and aligns well with the introduction of Husky, Commitlint, and Commitizen dependencies.

.husky/pre-commit (1)

1-4:

✅ Verification successful

Verify that the npm test command is properly configured

The pre-commit hook correctly executes npm test before each commit, which is good practice for maintaining code quality. However, for this to work properly, a "test" script needs to be defined in your package.json file.

---

🏁 Script executed:

#!/bin/bash
# Check if a test script is defined in package.json
if [ -f "package.json" ]; then
  echo "Checking for test script in package.json..."
  grep -o '"test":[^,]*' package.json || echo "No test script found in package.json"
else
  echo "package.json not found. The npm test command in the pre-commit hook won't work without it."
fi

Length of output: 198

---

Verified npm test configuration

The package.json includes a test script, so the pre-commit hook in .husky/pre-commit will execute successfully.

• File: .husky/pre-commit
• Validation: "test": "echo \"No tests specified\"" found in package.json

Consider replacing the placeholder test script with real tests to enforce code quality.

.husky/commit-msg (1)

1-4: Appropriate commit message validation hook

This hook correctly invokes commitlint to validate commit messages against the conventional commit format rules defined in commitlint.config.js.

.github/workflows/commitlint.yml (1)

22-28: Approve commitlint loop implementation.

The workflow fetches origin/main, lists commits between origin/main and HEAD, then runs npx commitlint per commit. This correctly enforces Conventional Commits on PRs.

package.json (2)

7-11: Commitizen adapter configured correctly.

The config.commitizen.path points to cz-conventional-changelog, ensuring interactive prompts generate Conventional Commits. Good to go.

---

28-34: Dev dependencies for commit linting are correctly specified.

You've added @commitlint/cli, @commitlint/config-conventional, commitizen, cz-conventional-changelog, and husky at recent versions. This aligns with best practices.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify the Commitizen usage in prepare-commit-msg hook

The current implementation runs Commitizen without passing the commit message file as a parameter, which may not work as expected. Typically, a prepare-commit-msg hook receives parameters ($1, $2, $3) that should be passed to the tool that modifies the commit message.

---

🏁 Script executed:

#!/bin/bash
# Check Commitizen documentation for proper usage in Git hooks
echo "Checking standard prepare-commit-msg hooks for Commitizen..."
curl -s https://github.com/commitizen/cz-cli/blob/master/README.md | grep -A 10 "prepare-commit-msg"

echo -e "\nStandard prepare-commit-msg hooks typically pass parameters:"
echo "Example: npx --no-install cz --hook || true"
echo "or: exec < /dev/tty && npx cz --hook || true"

echo -e "\nCurrent implementation:"
cat .husky/prepare-commit-msg

Length of output: 65842

---

Ensure the Husky hook invokes Commitizen with the --hook flag and an interactive TTY

The current .husky/prepare-commit-msg just runs

npx --no-install cz

but Commitizen’s hook mode requires the --hook argument and a TTY for interactivity. Please update it to something like:

 File: .husky/prepare-commit-msg
-------------------------------------------------------------------
 #!/usr/bin/env sh
 . "$(dirname -- "$0")/_/husky.sh"
-
-npx --no-install cz
+exec < /dev/tty && npx --no-install cz --hook || true

• exec < /dev/tty attaches the hook to your terminal for prompts
• --hook tells CZ to process the prepare-commit-msg hook parameters
• || true prevents hook failures from blocking commits if needed

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.github/workflows/commitlint.yml (1)

11-12: Ensure full git history for commitlint.
By default actions/checkout@v3 only fetches a shallow clone, which can prevent git log origin/main..HEAD from seeing all commits.

Apply this diff to fetch the complete history:

       - name: Checkout PR branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0

🧰 Tools

🪛 actionlint (1.7.4)

12-12: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🧹 Nitpick comments (2)

.github/workflows/commitlint.yml (2)

19-20: Use npm ci for reproducible installs.
npm ci is optimized for CI environments: it’s faster, cleans node_modules first, and guarantees a clean install matching package-lock.json.

-      - name: Install dependencies
-        run: npm install
+      - name: Install dependencies
+        run: npm ci

---

24-28: Simplify commitlint invocation by linting the full range.
Instead of looping per commit, commitlint can lint an entire range in one command.

-      - name: Lint commit messages
-        run: |
-          git fetch origin main
-          COMMITS=$(git log origin/main..HEAD --pretty=format:"%H")
-          echo "$COMMITS" | while read commit; do
-            npx commitlint --from=$commit --to=$commit --verbose
-          done
+      - name: Lint commit messages
+        run: |
+          git fetch --no-tags origin main
+          npx commitlint --from=origin/main --to=HEAD --verbose

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f7fd0b6 and 68cae46.

📒 Files selected for processing (1)

• .github/workflows/commitlint.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/commitlint.yml

12-12: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

15-15: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (3)

.github/workflows/commitlint.yml (3)

1-1: Workflow name is clear and descriptive.
The title “Commit Message Lint” accurately reflects the purpose of this workflow.

---

3-6: Trigger configuration is appropriate.
Linting on PR events (opened, synchronize, edited) covers the common use cases for commit message validation.

---

14-17: Node.js setup is correctly pinned to an LTS version.
Using Node 20 ensures compatibility with current LTS tooling.

🧰 Tools

🪛 actionlint (1.7.4)

15-15: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/commitlint.yml (2)

1-6: Enhance trigger coverage to include reopened PRs
Currently the workflow only runs on opened, synchronize, and edited events. To ensure commit messages are linted when a PR is reopened (e.g., after being closed and then reopened), consider adding the reopened type:

 on:
   pull_request:
-    types: [opened, synchronize, edited]
+    types: [opened, reopened, synchronize, edited]

---

25-29: Simplify commitlint invocation with the official Action
While the manual CLI call works, you can streamline maintenance by using the GitHub Action for commitlint. For example:

-      - name: Lint commit messages
-        run: |
-          git fetch --no-tags origin main
-          npx commitlint --from=origin/main --to=HEAD --verbose
+      - name: Lint commit messages
+        uses: wagoid/commitlint-github-action@v4
+        with:
+          from: origin/main
+          to: HEAD
+          verbose: true

This reduces custom scripting and leverages a maintained action.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 68cae46 and 4fbd098.

📒 Files selected for processing (1)

• .github/workflows/commitlint.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/commitlint.yml

13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

18-18: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (3)

.github/workflows/commitlint.yml (3)

11-15: Ensure full commit history is available
The fetch-depth: 0 option on the checkout step correctly provides the full Git history, which is essential for commitlint --from=origin/main --to=HEAD to validate all PR commits. Great catch.

🧰 Tools

🪛 actionlint (1.7.4)

13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

17-21: Pin Node.js to a stable LTS version
Locking Node.js to version 20 ensures compatibility and avoids using unsupported or non-existent versions (e.g., '22').

🧰 Tools

🪛 actionlint (1.7.4)

18-18: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

22-24: Use npm ci for reproducible installs
Installing dependencies with npm ci guarantees a clean, reproducible environment by respecting the package-lock.json.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/commitlint.yml (2)

3-6: Include reopened event for PR linting
To ensure commit messages are linted when a pull request is reopened, consider adding the reopened type to the trigger.

Apply this diff:

 on:
   pull_request:
-    types: [opened, synchronize, edited]
+    types: [opened, synchronize, edited, reopened]

---

25-31: Use dynamic base/head refs in commitlint step
Hard‑coding origin/develop could lead to unexpected behavior if your default branch changes. You can leverage GitHub context to determine the PR’s base and head refs dynamically, and verify that develop is indeed the intended base.

Apply this diff:

-      - name: Lint commit messages
-        uses: wagoid/commitlint-github-action@v4
-        with:
-          from: origin/develop
-          to: HEAD
-          verbose: true
+      - name: Lint commit messages
+        uses: wagoid/commitlint-github-action@v4
+        with:
+          from: ${{ github.base_ref }}
+          to: ${{ github.head_ref }}
+          verbose: true

Please confirm whether develop is the correct base branch for your repository.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4fbd098 and 470a690.

📒 Files selected for processing (1)

• .github/workflows/commitlint.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/commitlint.yml

13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

18-18: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (4)

.github/workflows/commitlint.yml (4)

1-2: Approve workflow naming
The workflow name “Commit Message Lint” clearly conveys its purpose.

---

12-15: Checkout with full history
Using fetch-depth: 0 ensures Commitlint can access all commits in the PR. This addresses prior feedback.

🧰 Tools

🪛 actionlint (1.7.4)

13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

17-21: Pin stable Node.js version
Locking to Node.js v20 (LTS) guarantees a supported runtime for the linting tools. Well done.

🧰 Tools

🪛 actionlint (1.7.4)

18-18: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

22-24: Install dependencies via npm ci
Using npm ci provides a clean, reproducible installation for CI environments.

[drtechie]

indent looks off.

[drtechie]

we don't need these badges. Simple description is enough

[drtechie]

Can we use this?
https://github.com/PSMRI/MMU-API/pull/74/files#diff-2b1ae4316086c0ebb213227790133a792300e1cef03b0afc067b23d3399ea5ca

[yashgoyal0110]

thanks @drtechie for your feedbacks!
I have made the changes, please review and let me know if some more changes are required.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/commitlint.yml (1)

7-9: Consider adding concurrency to avoid redundant runs.

To cancel in‑progress runs for the same PR when new commits arrive, you can introduce a concurrency block at the job level:

 jobs:
   lint-commits:
     runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+      cancel-in-progress: true
     steps:

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 18c3066 and 030f142.

📒 Files selected for processing (1)

• .github/workflows/commitlint.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/commitlint.yml

13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

18-18: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (4)

.github/workflows/commitlint.yml (4)

12-15: Good catch on fetching full history.

Including fetch-depth: 0 ensures Commitlint has access to all commits in the PR. This addresses the previous concern about single‑commit checkouts blocking linting tools.

🧰 Tools

🪛 actionlint (1.7.4)

13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

17-20: Node.js version is properly pinned.

Using the LTS node-version: "20" prevents build failures due to nonexistent versions and aligns with best practices.

🧰 Tools

🪛 actionlint (1.7.4)

18-18: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

22-23: Installing dependencies with npm ci is correct.

This step guarantees a clean, reproducible environment matching package-lock.json.

---

25-30: Commit message linting step is configured correctly.

The wagoid/commitlint-github-action@v4 invocation with from/to refs and verbose: true will enforce conventional commits as intended.

[yashgoyal0110]

Hey @drtechie
Any updates on this?