mit-commit 3.3.3

For building commit linters. This makes it easy.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

name: CI

on:
  push:
    paths-ignore:
      - CHANGELOG.md
      - "**.md"
  pull_request:
    paths-ignore:
      - CHANGELOG.md
      - "**.md"

env:
  CARGO_TERM_COLOR: always

jobs:
  test:
    name: Test
    runs-on: codeberg-small
    strategy:
      matrix:
        rust: [stable, beta, nightly]
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust Toolchain
        uses: https://codeberg.org/PurpleBooth/common-pipelines/actions/install-rust@main
        with:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Rust ${{ matrix.rust }}
        run: rustup default ${{ matrix.rust }}

      - name: Run tests
        run: cargo test

  lint:
    name: Lint
    runs-on: codeberg-small
    strategy:
      matrix:
        rust: [stable, beta, nightly]
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust Toolchain
        uses: https://codeberg.org/PurpleBooth/common-pipelines/actions/install-rust@main
        with:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Rust ${{ matrix.rust }}
        run: |
          rustup default ${{ matrix.rust }}
          rustup component add rustfmt clippy

      - name: Check formatting
        run: cargo fmt --all -- --check

      - name: Run Clippy
        run: cargo clippy --all-features -- -D warnings

  security:
    name: Security
    runs-on: codeberg-small
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust Toolchain
        uses: https://codeberg.org/PurpleBooth/common-pipelines/actions/install-rust@main
        with:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Run cargo audit
        run: cargo audit

      - name: Run Trivy filesystem scan
        run: |
          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
          trivy fs --scanners vuln,secret,misconfig --exit-code 1 .

  bump:
    name: Bump version
    needs: [test, lint, security]
    if: github.ref == 'refs/heads/main'
    runs-on: codeberg-small
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Install Rust Toolchain
        uses: https://codeberg.org/PurpleBooth/common-pipelines/actions/install-rust@main
        with:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Install tools
        run: cargo binstall --no-confirm --locked cocogitto

      - name: Configure Git user
        run: |
          git config user.name "Forgejo Actions"
          git config user.email "forgejo-actions@codeberg.org"

      - name: Import GPG key
        run: |
          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --yes --import
          gpg --export-ownertrust | sed 's/:.*/:5:/' | gpg --import-ownertrust
          echo "${{ secrets.GPG_PASSPHRASE }}" > ~/.gpg-passphrase
          chmod 600 ~/.gpg-passphrase
          cat > ~/.gpg-wrapper.sh <<'EOF'
          #!/bin/sh
          gpg --batch --pinentry-mode loopback --passphrase-file ~/.gpg-passphrase "$@"
          EOF
          chmod +x ~/.gpg-wrapper.sh
          git config gpg.program ~/.gpg-wrapper.sh
          git config gpg.format openpgp
          KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep sec | awk '{print $2}' | cut -d'/' -f2)
          git config user.signingkey "$KEY_ID"
          git config commit.gpgsign true

      - name: Bump version with cog
        run: |
          if VERSION=$(cog bump --dry-run --auto 2>/dev/null); then
            echo "Bumping to $VERSION"
            cog bump --auto
            git remote set-url origin https://token:${{ secrets.GITHUB_TOKEN }}@codeberg.org/${{ github.repository }}.git
            git push origin main --follow-tags
          else
            echo "No version bump needed"
          fi