From 754bc85c33d9595e3d5d1f3484354facc7960b52 Mon Sep 17 00:00:00 2001
From: Philipp Schuster <philipp.schuster@cyberus-technology.de>
Date: Thu, 20 Mar 2025 16:23:47 +0100
Subject: [PATCH 1/3] ci: init gitlint check for SAP-compliant commits

We at Cyberus commit with our @cyberus-technology.de emails. To be
compliant with SAP, we use gitlint to check if we include the
mandatory "On-behalf-of: SAP" line in each commit.

To develop and play around with gitlint, you may use
- `gitlint --commits HEAD~1..HEAD`
- `gitlint --debug`

On-behalf-of: SAP philipp.schuster@sap.com
---
 .config/gitlint/rules/on-behalf-of-marker.py | 36 ++++++++++++++++++++
 .github/workflows/commit-lint.yml            | 23 +++++++++++++
 .gitlint                                     | 20 +++++++++++
 3 files changed, 79 insertions(+)
 create mode 100644 .config/gitlint/rules/on-behalf-of-marker.py
 create mode 100644 .github/workflows/commit-lint.yml
 create mode 100644 .gitlint

diff --git a/.config/gitlint/rules/on-behalf-of-marker.py b/.config/gitlint/rules/on-behalf-of-marker.py
new file mode 100644
index 0000000..d08e334
--- /dev/null
+++ b/.config/gitlint/rules/on-behalf-of-marker.py
@@ -0,0 +1,36 @@
+from gitlint.rules import LineRule, RuleViolation, CommitMessageTitle, CommitRule
+
+class BodyContainsOnBehalfOfSAPMarker(CommitRule):
+  """Enforce that each commit coming from an SAP contractor contains an
+  "On-behalf-of SAP user@sap.com" marker.
+  """
+
+  # A rule MUST have a human friendly name
+  name = "body-requires-on-behalf-of-sap"
+
+  # A rule MUST have a *unique* id
+  # We recommend starting with UC (for User-defined Commit-rule).
+  id = "UC-sap"
+
+  # Lower-case list of contractors
+  contractors = [
+    "@cyberus-technology.de"
+  ]
+
+  # Marker followed by " name.surname@sap.com"
+  marker = "On-behalf-of: SAP"
+
+  def validate(self, commit):
+    if "@sap.com" in commit.author_email.lower():
+      return
+
+    # Allow third-party open-source contributions
+    if not any(contractor in commit.author_email.lower() for contractor in self.contractors):
+      return
+
+    for line in commit.message.body:
+      if line.startswith(self.marker) and "@sap.com" in line.lower():
+        return
+
+    msg = f"Body does not contain a '{self.marker} user@sap.com' line"
+    return [RuleViolation(self.id, msg, line_nr=1)]
diff --git a/.github/workflows/commit-lint.yml b/.github/workflows/commit-lint.yml
new file mode 100644
index 0000000..eded551
--- /dev/null
+++ b/.github/workflows/commit-lint.yml
@@ -0,0 +1,23 @@
+name: Commit Lint
+on: [ pull_request ]
+jobs:
+  gitlint:
+    name: Check commit messages
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v3
+        with:
+          python-version: "3.10"
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install --upgrade gitlint
+      - name: Lint git commit messages
+        run: |
+          gitlint --commits origin/$GITHUB_BASE_REF..
diff --git a/.gitlint b/.gitlint
new file mode 100644
index 0000000..83a2f31
--- /dev/null
+++ b/.gitlint
@@ -0,0 +1,20 @@
+[general]
+extra-path=.config/gitlint/rules
+regex-style-search=true
+ignore=body-is-missing
+
+[ignore-by-author-name]
+regex=dependabot
+ignore=all
+
+# default 72
+[title-max-length]
+line-length=72
+
+# default 80
+[body-max-line-length]
+line-length=72
+
+# Empty bodies are fine
+[body-min-length]
+min-length=0

From 3027384847ef99a4740159dd3f29d82addc78a13 Mon Sep 17 00:00:00 2001
From: Stefan Kober <stefan.kober@cyberus-technology.de>
Date: Fri, 21 Mar 2025 10:08:49 +0100
Subject: [PATCH 2/3] git: ignroe __pycache__

On-behalf-of: SAP stefan.kober@sap.com
---
 .gitignore | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitignore b/.gitignore
index 3ad3d59..ce7c7c8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
 result*
 /.pre-commit-config.yaml
 /.nixos-test-history
+
+# Produced by gitlint
+__pycache__

From 2d0662af5b9ea60068f9c70e2a474d071e7bc088 Mon Sep 17 00:00:00 2001
From: Stefan Kober <stefan.kober@cyberus-technology.de>
Date: Fri, 21 Mar 2025 10:35:58 +0100
Subject: [PATCH 3/3] nix: add gitlint to devshell

On-behalf-of: SAP stefan.kober@sap.com
---
 flake.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/flake.nix b/flake.nix
index 83b4fef..dc00fba 100644
--- a/flake.nix
+++ b/flake.nix
@@ -28,6 +28,7 @@
         devShells.default = pkgs.mkShellNoCC {
           inherit (self.checks.${system}.pre-commit-check) shellHook;
           buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
+          packages = with pkgs; [ gitlint ];
         };
 
         lib = {