fix(commit-lint): provide conventional config as baseline with reason…

…able fetch depth
erzz · Jan 9, 2022 · b7948c5 · b7948c5
1 parent c5001ef
commit b7948c5
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 9 deletions.
diff --git a/.github/workflows/configs/.commitlintrc.json b/.github/workflows/configs/.commitlintrc.json
@@ -0,0 +1,3 @@
+{
+  "extends": ["@commitlint/config-conventional"]
+}
diff --git a/.github/workflows/source-protection.yml b/.github/workflows/source-protection.yml
@@ -2,6 +2,13 @@ name: Source Protection
 on:
   workflow_call:
     inputs:
+      # <--------------- GENERAL OPTIONS ----------------->
+      # Used for both gitleaks and commit lint and should be set reasonably high
+      fetch-depth:
+        required: false
+        type: string
+        description: "How many commits to fetch from the repo. Set to 0 for all (slow!) - but at least a minimum of 2"
+        default: '50'
       # <---------- CREDENTIAL SCANNING OPTIONS ---------->
       creds-scan-directory:
         required: false
@@ -13,11 +20,6 @@ on:
         type: boolean
         description: "Defaults to failing the job if tests do not pass. Set to false for the opposite (yet not recommended!) behaviour"
         default: true
-      creds-fetch-depth:
-        required: false
-        type: string
-        description: "How many commits to fetch from the repo. Set to 0 for all (slow!) - but at least a minimum of 2"
-        default: '50'
       creds-gitleaks-config:
         required: false
         type: string
@@ -38,7 +40,7 @@ on:
         required: false
         type: string
         description: "Relative path to your own configuration for commit lint if not using the default."
-        default: '.commitlint.config.js'
+        default: '.commitlintrc.json'
       commits-fail-build:
         required: false
         type: boolean
@@ -66,7 +68,7 @@ jobs:
       - name: Checkout the code
         uses: actions/checkout@v2
         with:
-          fetch-depth: ${{ inputs.creds-fetch-depth }}
+          fetch-depth: ${{ inputs.fetch-depth }}
 
       - name: gitleaks
         uses: zricethezav/[email protected]
@@ -81,12 +83,14 @@ jobs:
     steps:
       - name: Checkout the code
         uses: actions/checkout@v2
+        with:
+          fetch-depth: ${{ inputs.fetch-depth }}
 
       - name: Get Configuration
         if: ${{ inputs.commits-default-config }}
         run: |
           echo "Fetching default configuration from erzz/workflows..."
-          curl -L --fail -o .commitlint.config.js https://raw.githubusercontent.com/erzz/workflows/main/.github/workflows/configs/.commitlint.config.js || exit 1
+          curl -L --fail -o .commitlintrc.json https://raw.githubusercontent.com/erzz/workflows/main/.github/workflows/configs/.commitlintrc.json || exit 1
 
       - uses: wagoid/commitlint-github-action@v4
         with:

diff --git a/docs/source-protection/source-protection.md b/docs/source-protection/source-protection.md
@@ -14,11 +14,15 @@ None at this time
 
 ## Inputs
 
+?> You may want to tweak `fetch-depth` to a number that works for your projects. It determines how many commits to fetch for analysis in both the gitleaks and the commitlint jobs.
+One option is to set to `0` which will fetch every commit but can be slow in long-lived repos. It certainly should be reasonably many commits and definitely more than 10 to be usable
+in the jobs
+
 | Input                    | Required | Default                 | Details                                                                                                           |
 | ------------------------ | -------- | ----------------------- | ----------------------------------------------------------------------------------------------------------------- |
+| `fetch-depth`            | false    | `50`                    | How many commits to fetch from the repo. Set to 0 for all (slow!) - but at least a minimum of 2                   |
 | `creds-scan-directory`   | false    | `''`                    | Defaults to the repository root - specify your own path if required                                               |
 | `creds-fail-build`       | false    | `true`                  | Defaults to failing the job if tests do not pass. Set to false for the opposite (yet not recommended!) behaviour" |
-| `creds-fetch-depth`      | false    | `50`                    | How many commits to fetch from the repo. Set to 0 for all (slow!) - but at least a minimum of 2                   |
 | `creds-gitleaks-config`  | false    | `.gitleaks.toml`        | Path to a custom gitleaks config if required                                                                      |
 | `commits-enable`         | false    | `true`                  | Set to false if you want to disable the commit lint job                                                           |
 | `commits-default-config` | false    | `true`                  | This workflow provides a commit lint config based on conventional commits. Set to false to use your own           |