---
name: Commit Linter

on:
    pull_request:
        types: [opened, reopened]
    push:
        branches:
            - main

permissions: # added using https://github.com/step-security/secure-workflows
    contents: read

jobs:
    lint-commits:
        if: "!contains(github.event.head_commit.message, 'bump(release)')"
        permissions:
            contents: read # for actions/checkout to fetch code
            pull-requests: read # for wagoid/commitlint-github-action to get commits in PR
        runs-on: ubuntu-latest
        steps:
            - name: Harden Runner
              uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0
              with:
                  egress-policy: block
                  allowed-endpoints: >
                      api.github.com:443
                      github.com:443

            - name: Checkout repository
              uses: actions/checkout@v3
              with:
                  fetch-depth: 0

            - name: Lint commits
              uses: wagoid/commitlint-github-action@v5