policies:
- type: commit
spec:
header:
length: 89
imperative: true
case: lower
jira:
keys:
- PROJ
- JIRA
body:
required: true
dco: true
gpg:
required: false
spellcheck:
locale: US
maximumOfOneCommit: true
conventional:
types:
- "type"
scopes:
- "scope"
descriptionLength: 72
- type: license
spec:
skipPaths:
- .git/
includeSuffixes:
- .go
header: |
// This is the license header
conform
Policy enforcement for your pipelines.
siderolabs/conform
action will help maintain uniformity and quality across the codebase through policy checks, commit message formats, GPG signatures, and license headers.
Here is a summary of the most important features: - Adheres to various commit policies: message length, DCO inclusion, GPG signature check, and more. I was checking the license headers of all the source code files. First off, let's create a .conform.yaml
configuration file in our repository, enabling us to state the policies to be forced. We will set it up in GitHub Actions, where these checks will automatically be executed on every push and pull request. It can also be run with Docker locally before pushing into the repository so that the committed code follows the policy.
With Conform's aid, we can uphold sound standards for our code and make code review less dependent on manual efforts. Let me know in case of any queries or further help required in this regard.
Main features
-
Commit Policies:
- Ensure that the commit message header is not too long.
- Ensure the existence of a Developer Certificate of Origin (DCO) document.
- GPG Signature verify and trusted.
- Conventional commit validation and make for the imperative mood of commits.
- Make the commit message spell check and body a mandatory rule.
- Restrict the number of commits that exist ahead of the main branch.
- Commit message to validate Jira issue keys.
-
License Headers:
- It should be strict that all source code files include license headers.
- Supports specifying paths to skip and file types to include or exclude.
GitHub Actions Integration
You can integrate Conform with GitHub Actions using this configuration in your .github/workflows/conform.yml
file:
name: Conform
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Run Conform
uses: siderolabs/[email protected]-alpha.28
with:
args: enforce
Enforce Conform Configuration policies on push, pull requests, or commit, ensuring code is up to date and compliant with defined standards.
Running Conform On Premise
Local enforcement of policies is also possible through the use of Docker. To do this, simply execute the following command:
docker run --rm -v $PWD:/src -w /src ghcr.io/siderolabs/conform:v0.1.0-alpha.22 enforce
Running Conform in the local environment of a developer allows developers to get confirmation when the developers adhere to the policies before pushing to the repo; this means most of the failures in the CI/CD pipeline are less likely.
Enforce safeguards in which a codebase conforms to defined standards and practices in a more systematic way that enhances quality assurance. Automated enforcement serves to reduce manual efforts placed on reviews of code and catch the issues earlier in the development process.
Automation, in combination with Conform, enforces the commit and code standards. All of these boil down to being some simple and better development workflow methods for ensuring code quality.