chore: Create CI workflow enforcing conventional commits

[ykaiboussiSO]

Description

Add CI workflow to enforce a lightweight commit specification v1.0.0

Resolves: PQE-408

Type of Change

• Chore (a change that does not modify the application functionality)
• Bug fix (a change that fixes an issue)
• New feature / enhancement (a change that adds new functionality)
• Refactor (no behaviour change)
• Test coverage
• Build / CI / tooling
• Documentation

Testing

• Unit tests added / updated
• Integration tests added / updated
• Manual integration tests run (go test -tags manual_integration ./integration/...)

Screenshots (if appropriate):

Driver Impact

• PostgreSQL driver (drivers/pg)
• Neo4j driver (drivers/neo4j)

Checklist

• Code is formatted
• All existing tests pass
• go.mod / go.sum are up to date if dependencies changed

Summary by CodeRabbit

• Chores
  • Introduced automated pull request title validation to enforce Conventional Commits formatting standards. The system validates all PRs targeting main and release branches, automatically posting validation error feedback when checks fail and removing error notifications when PR titles successfully comply with formatting requirements.

[coderabbitai]

Warning

Rate limit exceeded

@ykaiboussiSO has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 48 minutes and 35 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c4bb8997-c2f3-4e1f-8034-04dcf3b51d77

📥 Commits

Reviewing files that changed from the base of the PR and between 950c468 and e469bda.

📒 Files selected for processing (1)

• .github/workflows/conventional-commits.yml

Walkthrough

A new GitHub Actions workflow is introduced to enforce Conventional Commits formatting on pull request titles. When PRs are opened, synchronized, edited, or reopened against main and stage/** branches, the workflow validates the title using a semantic pull request action. Validation failures trigger a comment posting the error message; successes delete any prior error comments.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/conventional-commits.yml	New workflow file enforcing Conventional Commits format on PR titles via amannn/action-semantic-pull-request, with sticky error comment management on validation failure/success.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 With bouncing hops through CI so bright,
We validate each PR's title with might!
Conventional commits now have their say,
Keeping our codebase tidy each day! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: introducing a CI workflow that enforces conventional commits formatting on pull requests.
Description check	✅ Passed	The PR description follows the template structure with all required sections completed, including a clear motivation (Conventional Commits v1.0.0), proper issue reference (PQE-408), and appropriate type classification (Chore).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch PQE-408

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

.github/workflows/conventional-commits.yml (1)

19-28: Switch to pull_request_target for fork security.

The official amannn/action-semantic-pull-request documentation recommends pull_request_target for public repositories accepting pull requests from forks. This ensures the workflow runs against the base repository's configuration rather than fork-author-controlled changes, and prevents secrets leakage since the workflow definition is from the base branch. Since this action performs title-only validation without checking out PR code, pull_request_target is safe and recommended here.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/conventional-commits.yml around lines 19 - 28, Replace the
current GitHub Actions trigger event "pull_request" with "pull_request_target"
in the workflow (the top-level on: block where pull_request is defined) so the
workflow runs against the base repository config and avoids exposing secrets to
fork PRs; keep the same branch filters ("main" and "stage/**") and PR types
(opened, synchronize, edited, reopened) but change the event key from
pull_request to pull_request_target to follow the
amannn/action-semantic-pull-request recommendation.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/conventional-commits.yml:
- Line 61: Fix the typo in the workflow comment that reads "Delete previews
comments with resolved" by changing "previews" to "previous" so the comment
becomes "Delete previous comments with resolved"; locate this comment in the
.github/workflows/conventional-commits.yml file and update the text accordingly.
- Around line 30-34: The workflow lacks an explicit permissions block so actions
can fail under restrictive GITHUB_TOKEN defaults; update the job named "main" in
the conventional-commits.yml to add a permissions block that grants
pull-requests: read (for amannn/action-semantic-pull-request) and pull-requests:
write (for marocchino/sticky-pull-request-comment) so both actions have the
required token scopes to run.
- Line 47: Update the trailing version comment for the pinned action reference
`uses:
marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405`
to reflect the actual tag `v2.9.4` (replace `# v2.0.0` with `# v2.9.4`), and
make the same change for the second occurrence of that exact `uses:` line
elsewhere in the workflow so both comments match the pinned SHA.

---

Nitpick comments:
In @.github/workflows/conventional-commits.yml:
- Around line 19-28: Replace the current GitHub Actions trigger event
"pull_request" with "pull_request_target" in the workflow (the top-level on:
block where pull_request is defined) so the workflow runs against the base
repository config and avoids exposing secrets to fork PRs; keep the same branch
filters ("main" and "stage/**") and PR types (opened, synchronize, edited,
reopened) but change the event key from pull_request to pull_request_target to
follow the amannn/action-semantic-pull-request recommendation.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8cc49cf6-ec0d-45e8-a2ca-fa3f166f7d56

📥 Commits

Reviewing files that changed from the base of the PR and between c106f1f and 950c468.

📒 Files selected for processing (1)

• .github/workflows/conventional-commits.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

amannn/action-semantic-pull-request and marocchino/sticky-pull-request-comment required GITHUB_TOKEN permissions

💡 Result:

amannn/action-semantic-pull-request requires pull-requests: read permission for basic PR title validation using GITHUB_TOKEN. If the wip: true option is enabled, it additionally requires statuses: write (to update PR status while WIP) and pull-requests: write permissions. marocchino/sticky-pull-request-comment requires pull-requests: write permission to create or update PR comments using GITHUB_TOKEN. For private repos or when using actions/checkout, contents: read may also be needed.

Citations:

• 1: https://github.com/amannn/action-semantic-pull-request
• 2: feat: added permissions (pull-requests: read) setting to workflow and README example amannn/action-semantic-pull-request#215
• 3: Error: Resource not accessible by integration amannn/action-semantic-pull-request#249
• 4: https://github.com/marocchino/sticky-pull-request-comment
• 5: https://github.com/marocchino/sticky-pull-request-comment/blob/main/action.yml

---

Add permissions block to declare required GITHUB_TOKEN access.

Both actions in this workflow require explicit permissions to function when the repository has default-restrictive GITHUB_TOKEN settings (now GitHub's default for new repositories):

• amannn/action-semantic-pull-request requires pull-requests: read to validate PR titles
• marocchino/sticky-pull-request-comment requires pull-requests: write to post and update comments

Without the permissions block, these actions will fail on repositories with read-only token defaults.

Proposed fix

 jobs:
   main:
     name: Validate PR title
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     steps:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/conventional-commits.yml around lines 30 - 34, The
workflow lacks an explicit permissions block so actions can fail under
restrictive GITHUB_TOKEN defaults; update the job named "main" in the
conventional-commits.yml to add a permissions block that grants pull-requests:
read (for amannn/action-semantic-pull-request) and pull-requests: write (for
marocchino/sticky-pull-request-comment) so both actions have the required token
scopes to run.