Re: [PR] FINERACT-2436: Add github action to enforce one commit per user in a PR [fineract]

Tue, 03 Feb 2026 00:42:08 -0800 


Aman-Mittal commented on code in PR #5437:
URL: https://github.com/apache/fineract/pull/5437#discussion_r2757907922


##########
.github/workflows/pr-one-commit-per-user-check.yml:
##########
@@ -0,0 +1,57 @@
+name: Fineract PR One Commit Per User Check
+
+
+on:
+ pull_request:
+   types: [opened, reopened, synchronize]
+
+
+permissions:
+ pull-requests: write
+
+
+jobs:
+ verify-commits:
+   name: Validate One Commit Per User
+   runs-on: ubuntu-latest
+   timeout-minutes: 1
+   steps:
+     - name: Verify Commit Policy
+       id: check
+       env:
+         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+       run: |
+
+         commits=$(gh api "repos/$REPO/pulls/$PR_NUMBER/commits") || { echo 
"::error::GitHub API request failed"; exit 1; }
+
+         if echo "$commits" | jq -e '.[] | select(.author == null)' > 
/dev/null; then
+           echo "null_authors=true" >> $GITHUB_OUTPUT
+           echo "::error::Some commits have a git email that is not linked to 
a GitHub account. Please ensure your git email matches one of your GitHub 
Account emails."
+           exit 1
+         fi
+
+         user_ids=$(echo "$commits" | jq -r '.[] | select(.author.type != 
"Bot") | .author.id')
+         if echo "$user_ids" | sort | uniq -d | grep -q .; then
+           echo "multiple_commits=true" >> $GITHUB_OUTPUT
+           echo "::error::Multiple commits from the same author have been 
detected."
+           exit 1
+         fi
+
+         echo "Success: Each author has exactly one commit."
+
+     - name: Comment on PR
+       if: failure()
+       env:
+         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Review Comment:
   @meonkeys Your input is valued here i will give my input.
   
   for point 1 I think, It doesn;t raise security concern, as we are not 
executing any external code (eg any suspicious JS file or third party 
dependency it will be based on implementation)
   
   for point 2, i think we can simply add check that PRs that do not have stale 
tag can be informed. As per stale information inactive PRs are automatically 
Closed by stale bot. And to reduce spaming further we can make it comment one 
time and let it edit the existing comment.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to