ci: update workflows

.github/workflows/auto-merge.yml

@@ -1,6 +1,6 @@
-name: Dependabot auto-approve
-
-on: pull_request_target
+name: Dependabot auto-approve & auto-merge
+on: 
+  pull_request:
 
 permissions:
   pull-requests: write
@@ -9,30 +9,25 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
+    # Checking the author will prevent this Action run failing on non-Dependabot PRs
     if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
       - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v2.1.0
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1
         with:
-          github-token: '${{ secrets.GITHUB_TOKEN }}'
-
-      - name: Approve PR
-        run: gh pr review --approve "$PR_URL"
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - uses: actions/checkout@v4
+      - name: Approve a PR
+        run: 
+          gh pr review --approve "$PR_URL"
         env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Enable auto-merge for Dependabot PRs
-        if: ${{steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
+        # Only auto merge non-major dependency upgrade
+        if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
         run: gh pr merge --auto --merge "$PR_URL"
         env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-
-      - name: Tag me in the PR if it's a major release
-        if: ${{steps.metadata.outputs.update-type == 'version-update:semver-major'}}
-        run: gh pr comment "$PR_URL" --body "@justintaddei, this is major release. Your approval is needed before merging."
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/commitlint.yml

@@ -0,0 +1,29 @@
+name: Commitlint
+
+on: [push, pull_request]
+
+jobs:
+  commitlint:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 9
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: 'https://registry.npmjs.org'
+          cache: "pnpm"
+      - name: Install commitlint
+        run: |
+          npm install conventional-changelog-conventionalcommits
+          npm install commitlint@latest
+
+      - name: Validate current commit (last commit) with commitlint
+        if: github.event_name == 'push'
+        run: npx commitlint --last --verbose
+
+      - name: Validate PR commits with commitlint
+        if: github.event_name == 'pull_request'
+        run: npx commitlint --from ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }} --to ${{ github.event.pull_request.head.sha }} --verbose

.github/workflows/main.yml

@@ -1,4 +1,4 @@
-name: CI
+name: Checks
 on:
   push:
     branches:

.github/workflows/publish.yml

@@ -2,7 +2,7 @@ name: Publish
 
 on:
   workflow_run:
-    workflows: [CI]
+    workflows: [Checks]
     branches: [master]
     types: [completed]