chore: setup commitlint and git hooks

2026-04-05 00:33:26 +03:00
7 changed files with 168 additions and 4 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -8,3 +8,4 @@ coverage
 .env
 .env.*
 README.md
+.codex
--- a/.gitea/workflows/commit-conventional.yml
+++ b/.gitea/workflows/commit-conventional.yml
@@ -0,0 +1,129 @@
+name: Commit Message Check
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+
+jobs:
+  conventional-commits:
+    runs-on: [self-hosted, linux]
+
+    steps:
+      - name: Prepare git repository
+        env:
+          SERVER_URL: ${{ github.server_url }}
+          REPOSITORY: ${{ github.repository }}
+          GITHUB_TOKEN: ${{ github.token }}
+          BEFORE_SHA: ${{ github.event.before }}
+          PR_BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          HEAD_SHA: ${{ github.sha }}
+        run: |
+          set -euo pipefail
+
+          if [ ! -d .git ]; then
+            git init
+          fi
+
+          if git remote get-url origin >/dev/null 2>&1; then
+            git remote set-url origin "${SERVER_URL}/${REPOSITORY}.git"
+          else
+            git remote add origin "${SERVER_URL}/${REPOSITORY}.git"
+          fi
+
+          FETCH_CMD=(git fetch --force --prune --no-tags origin '+refs/heads/*:refs/remotes/origin/*')
+          if [ -n "${GITHUB_TOKEN:-}" ]; then
+            FETCH_CMD=(git -c "http.extraHeader=Authorization: Bearer ${GITHUB_TOKEN}" fetch --force --prune --no-tags origin '+refs/heads/*:refs/remotes/origin/*')
+          fi
+
+          "${FETCH_CMD[@]}"
+
+          for SHA in "${HEAD_SHA:-}" "${PR_BASE_SHA:-}" "${PR_HEAD_SHA:-}" "${BEFORE_SHA:-}"; do
+            if [ -n "${SHA}" ] && [ "${SHA}" != "0000000000000000000000000000000000000000" ]; then
+              if [ -n "${GITHUB_TOKEN:-}" ]; then
+                git -c "http.extraHeader=Authorization: Bearer ${GITHUB_TOKEN}" fetch --no-tags origin "${SHA}" || true
+              else
+                git fetch --no-tags origin "${SHA}" || true
+              fi
+            fi
+          done
+
+          if [ -n "${HEAD_SHA:-}" ] && git cat-file -e "${HEAD_SHA}^{commit}" 2>/dev/null; then
+            git checkout --detach "${HEAD_SHA}"
+          fi
+
+      - name: Validate commit messages
+        env:
+          EVENT_NAME: ${{ github.event_name }}
+          BEFORE_SHA: ${{ github.event.before }}
+          PR_BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          HEAD_SHA: ${{ github.sha }}
+        run: |
+          set -euo pipefail
+
+          BASE_SHA=""
+          TARGET_SHA="${HEAD_SHA}"
+          BASE_HINT_SHA="${PR_BASE_SHA:-}"
+
+          if [ "${EVENT_NAME}" = "pull_request" ]; then
+            if [ -n "${PR_HEAD_SHA:-}" ]; then
+              TARGET_SHA="${PR_HEAD_SHA}"
+            elif git rev-parse "${HEAD_SHA}^2" >/dev/null 2>&1; then
+              TARGET_SHA="$(git rev-parse "${HEAD_SHA}^2")"
+            fi
+
+            if [ -z "${BASE_HINT_SHA}" ] && git rev-parse "${HEAD_SHA}^1" >/dev/null 2>&1; then
+              BASE_HINT_SHA="$(git rev-parse "${HEAD_SHA}^1")"
+            fi
+          fi
+
+          if [ "${EVENT_NAME}" = "pull_request" ] && [ -n "${BASE_HINT_SHA}" ] && [ -n "${TARGET_SHA:-}" ]; then
+            BASE_SHA="$(git merge-base "${BASE_HINT_SHA}" "${TARGET_SHA}" || true)"
+
+            if [ -z "${BASE_SHA}" ]; then
+              BASE_SHA="${BASE_HINT_SHA}"
+            fi
+          elif [ -n "${BEFORE_SHA:-}" ] && [ "${BEFORE_SHA}" != "0000000000000000000000000000000000000000" ]; then
+            BASE_SHA="${BEFORE_SHA}"
+          elif git rev-parse "${TARGET_SHA}^" >/dev/null 2>&1; then
+            BASE_SHA="$(git rev-parse "${TARGET_SHA}^")"
+          fi
+
+          if [ -n "${BASE_SHA}" ] && [ "${BASE_SHA}" != "${TARGET_SHA}" ]; then
+            MESSAGES="$(git log --format=%s "${BASE_SHA}..${TARGET_SHA}")"
+          else
+            MESSAGES="$(git log -1 --format=%s "${TARGET_SHA}")"
+          fi
+
+          if [ -z "${MESSAGES}" ]; then
+            MESSAGES="$(git log -1 --format=%s "${TARGET_SHA}")"
+          fi
+
+          PATTERN='^(build|chore|ci|docs|feat|fix|perf|refactor|style|test)(\([a-z0-9._/-]+\))?(!)?: .+'
+          FAILED=0
+
+          while IFS= read -r SUBJECT; do
+            [ -z "${SUBJECT}" ] && continue
+
+            if [[ "${SUBJECT}" =~ ^Merge[[:space:]] ]]; then
+              continue
+            fi
+
+            if [[ "${SUBJECT}" =~ ^Revert[[:space:]] ]]; then
+              continue
+            fi
+
+            if [[ ! "${SUBJECT}" =~ ${PATTERN} ]]; then
+              echo "Invalid commit message: ${SUBJECT}"
+              FAILED=1
+            else
+              echo "OK: ${SUBJECT}"
+            fi
+          done <<< "${MESSAGES}"
+
+          if [ "${FAILED}" -ne 0 ]; then
+            echo "Conventional Commit check failed."
+            exit 1
+          fi
--- a/.gitea/workflows/deploy-dev.yml
+++ b/.gitea/workflows/deploy-dev.yml
@@ -3,6 +3,7 @@ name: Deploy monie-backend to dev (kaniko)
 on:
  push:
    branches: [ develop ]
+  pull_request:

 jobs:
  build-and-deploy:
@@ -26,7 +27,12 @@ jobs:
      REPO_PATH: monie/monie-backend.git

    steps:
+      - name: Skip deploy for pull requests
+        if: github.event_name == 'pull_request'
+        run: echo "Pull request check passed. Deploy runs only on push to develop."
+
      - name: Debug
+        if: github.event_name == 'push'
        run: |
          set -eu
          echo "sha=${{ github.sha }}"
@@ -35,6 +41,7 @@ jobs:
          microk8s kubectl version --client=true

      - name: Build & push with Kaniko (K8s Job)
+        if: github.event_name == 'push'
        env:
          SHA: ${{ github.sha }}
          REF: ${{ github.ref_name }}
@@ -131,6 +138,7 @@ jobs:
          fi

      - name: Deploy to dev
+        if: github.event_name == 'push'
        env:
          SHA: ${{ github.sha }}
        run: |
--- a/.gitea/workflows/deploy-prod.yml
+++ b/.gitea/workflows/deploy-prod.yml
@@ -1,9 +1,9 @@
-# .gitea/workflows/deploy-prod.yml
 name: Deploy monie-backend (kaniko)

 on:
  push:
    branches: [ main ]
+  pull_request:

 jobs:
  build-and-deploy:
@@ -27,7 +27,12 @@ jobs:
      REPO_PATH: monie/monie-backend.git

    steps:
+      - name: Skip deploy for pull requests
+        if: github.event_name == 'pull_request'
+        run: echo "Pull request check passed. Deploy runs only on push to main."
+
      - name: Build & push image with Kaniko (K8s Job)
+        if: github.event_name == 'push'
        env:
          SHA: ${{ github.sha }}
          REF: ${{ github.ref_name }}
@@ -120,6 +125,7 @@ jobs:
          fi

      - name: Deploy to prod
+        if: github.event_name == 'push'
        env:
          SHA: ${{ github.sha }}
        run: |
--- a/.gitignore
+++ b/.gitignore
@@ -34,6 +34,7 @@ lerna-debug.log*
 !.vscode/tasks.json
 !.vscode/launch.json
 !.vscode/extensions.json
+.codex

 # dotenv environment variable files
 .env
--- a/.husky/pre-push
+++ b/.husky/pre-push
@@ -0,0 +1,19 @@
+#!/usr/bin/env sh
+
+branch="$(git rev-parse --abbrev-ref HEAD)"
+
+case "$branch" in
+  main|develop)
+    echo "Direct pushes to $branch are not allowed."
+    echo "Please create a feature/... or bugfix/... branch and open a PR/MR."
+    exit 1
+    ;;
+  feature/*|bugfix/*|hotfix/*|chore/*)
+    exit 0
+    ;;
+  *)
+    echo "Invalid branch name: $branch"
+    echo "Allowed branch prefixes: feature/*, bugfix/*, hotfix/*, chore/*"
+    exit 1
+    ;;
+esac
--- a/6
+++ b/6
@@ -1,15 +1,15 @@
-FROM node:22-bookworm-slim AS deps
+FROM node:24-bookworm-slim AS deps
 WORKDIR /app
 COPY package*.json ./
 RUN npm ci

-FROM node:22-bookworm-slim AS build
+FROM node:24-bookworm-slim AS build
 WORKDIR /app
 COPY --from=deps /app/node_modules ./node_modules
 COPY . .
 RUN npm run build && npm prune --omit=dev

-FROM node:22-bookworm-slim AS runner
+FROM node:24-bookworm-slim AS runner
 WORKDIR /app
 ENV NODE_ENV=production
 COPY package*.json ./