CI: Add PR title verifier workflow#355
Conversation
Assisted-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Gloire Rubambiza <gloire@ibm.com>
Assisted-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Gloire Rubambiza <gloire@ibm.com>
Assisted-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Gloire Rubambiza <gloire@ibm.com>
|
Update: The reusable workflow in However, the pinned SHA in this workflow will need a final bump once kagenti/.github#67 merges. That PR adds Once #67 merges, I'll push an updated SHA pin to this branch. |
Assisted-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Gloire Rubambiza <gloire@ibm.com>
Assisted-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Gloire Rubambiza <gloire@ibm.com>
Assisted-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Gloire Rubambiza <gloire@ibm.com>
mrsabath
left a comment
There was a problem hiding this comment.
Clean caller workflow for the org-level PR title verifier. Verified the pinned SHA (4e535f2) exists in kagenti/.github — points to the April 29 merge of PR #67 (ci/force-node24). Good security posture with permissions: {} and proper PR event triggers.
Areas reviewed: CI/GitHub Actions, YAML, security (SHA pinning), commit conventions
Commits: 6 commits, all signed-off ✓
CI: All checks passing ✓
|
|
||
| jobs: | ||
| verify-pr-title: | ||
| uses: kagenti/.github/.github/workflows/pr-verifier-required.yml@4e535f2436d167295d39d488ce5c44b5a2d49792 |
There was a problem hiding this comment.
praise: Good security practices — permissions: {} at the top level (lets the reusable workflow declare its own minimal permissions), and the reusable workflow reference is pinned to a full SHA rather than a branch or tag. Verified: 4e535f2 → merge of kagenti/.github#67 (April 29).
Summary
kagenti/.github