BREAKING CHNAGE: Upgrade commit-check to v2.0.0

[shenxianpeng]

What's New in v2

Important

This v2 release introduces several 🚨breaking changes. Please review the Breaking Changes section carefully before upgrading.

Breaking Changes

• Removed support for commit-signoff, merge-base, and imperative inputs — now configured via commit-check.toml or cchk.toml.
• Deprecated .commit-check.yml in favor of commit-check.toml or cchk.toml.
• Changed default values of author-name and author-email inputs to false to align with the default behavior in commit-check.
• Upgraded core dependency commit-check to v2.0.0.

Summary by CodeRabbit

• New Features

  • Adds TOML-based configuration for commit and branch rules (v2).

• Documentation

  • Added “What’s New in v2” with migration notes; updated usage, input descriptions, defaults and examples for v2.

• Chores

  • Upgraded tooling to v2; removed legacy YAML config and deprecated inputs/options (commit-signoff, merge-base, imperative); changed author-name/email defaults and simplified pre-commit checks.

• Workflows

  • PR checkout now uses branch ref; default release tag set to v2; removed some self-test inputs.

[coderabbitai]

Walkthrough

Commit-check enforcement moved from inline action inputs and .commit-check.yml into a new commit-check.toml and upgraded to commit-check v2; three inputs/flags (commit-signoff, merge-base, imperative) were removed and workflows, README, action metadata, CLI invocation, and dependency were updated accordingly.

Changes

Cohort / File(s)	Summary
Config migration & dependency bump \.commit-check.yml, commit-check.toml, requirements.txt	Removed inline YAML checks from \.commit-check.yml; added commit-check.toml with [commit] and [branch] policy keys (types, limits, rebase target, ignore lists); bumped commit-check from 0.10.2 → 2.0.0.
Action inputs & runtime cleanup action.yml, main.py	Removed inputs/env flags commit-signoff, merge-base, imperative; removed their env mappings, logging prints, and CLI argument propagation; changed default for author-name to false.
Workflows \.github/workflows/commit-check.yml, \.github/workflows/release.yaml	Deleted self-test inputs (commit-signoff, merge-base, imperative) from commit-check workflow; changed PR checkout to use branch ref (head.ref) and adjusted GITHUB_TOKEN comment; updated release workflow default tag and step names from v1 → v2.
Documentation README.md	Added “What’s New in v2” / breaking changes noting removal of inputs and \.commit-check.yml; updated examples and usage to reference commit-check.toml and commit-check v2; removed sections for the removed flags and adjusted input descriptions/defaults.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dev as Developer
  participant GH as GitHub Actions
  participant Action as commit-check Action
  participant Entrypoint as main.py
  participant CLI as commit-check CLI (v2)
  participant CFG as commit-check.toml

  Dev->>GH: Push / Open PR
  GH->>Action: Start commit-check job
  Action->>Entrypoint: Run composite action
  Entrypoint->>CLI: Execute commit-check (flags: message, branch, author-name, author-email...)
  CLI->>CFG: Load TOML policy (commit & branch rules)
  CLI-->>Entrypoint: Return results (pass / fail)
  Entrypoint-->>GH: Report outcome
  Note right of CFG: Enforcement moved from inline YAML/inputs to `commit-check.toml` and CLI v2

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

enhancement, documentation

Poem

I thump my paws: v2 hops in stride,
TOML maps rules where YAML did hide,
Old flags waved off, new defaults set true,
Workflows and tags lined up anew.
I nibble carrots — checks pass through! 🥕🐇

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The title clearly identifies the main change—upgrading commit-check to v2.0.0 and marking it as breaking—but contains a spelling mistake that undermines its clarity.	Please correct the typo in “CHNAGE” to “CHANGE” so the title reads “BREAKING CHANGE: upgrade commit-check to v2.0.0.”

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/v2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Commit-Check ✔️

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 09d59e4 and f5fc99e.

📒 Files selected for processing (5)

• .commit-check.yml (0 hunks)
• .github/workflows/release.yaml (2 hunks)
• README.md (1 hunks)
• commit-check.toml (1 hunks)
• requirements.txt (1 hunks)

💤 Files with no reviewable changes (1)

• .commit-check.yml

🔇 Additional comments (4)

requirements.txt (1)

3-3: Upgrade looks good.

Pin to commit-check 2.0.0 aligns with v2 migration.

README.md (2)

43-43: LGTM on action upgrade reference.

Switch to commit-check-action@v2 is correct.

---

144-145: Please provide the repository URL or package name for commit-check v2 so I can locate the canonical default configuration file (commit-check.toml) and its URL.

commit-check.toml (1)

1-23: Provide commit-check v2 docs link
Please share the GitHub repo or documentation URL for the commit-check tool (v2) you’re using so we can confirm that keys like subject_imperative, conventional_branch, and require_rebase_target are valid.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

README.md (1)

121-121: Update the config filename reference.

We now ship a commit-check.toml, yet the doc still instructs users to add .commit-check.yml. Following this guidance with v2 will silently fail because the CLI won’t read the YAML file. Please update the link and wording to .toml so users can customise successfully.

🧹 Nitpick comments (1)

README.md (1)

41-43: Refresh the fetch-depth comment.

The merge-base input no longer exists in v2, so the “required for merge-base check” note is stale. Please reword to reflect the current need (e.g., fetching full history for rebase-target validation) or drop it.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 09d59e4 and c427042.

📒 Files selected for processing (8)

• .commit-check.yml (0 hunks)
• .github/workflows/commit-check.yml (0 hunks)
• .github/workflows/release.yaml (2 hunks)
• README.md (1 hunks)
• action.yml (0 hunks)
• commit-check.toml (1 hunks)
• main.py (0 hunks)
• requirements.txt (1 hunks)

💤 Files with no reviewable changes (4)

• .commit-check.yml
• .github/workflows/commit-check.yml
• main.py
• action.yml

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4e5410a and 2d5dfe0.

📒 Files selected for processing (2)

• README.md (4 hunks)
• action.yml (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.18.1)

README.md

15-15: Blank line inside blockquote

(MD028, no-blanks-blockquote)

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

README.md (1)

13-17: MD028 (no-blanks-blockquote) resolved

The spacer line inside the callout is now correctly prefixed with >. LGTM.

🧹 Nitpick comments (1)

README.md (1)

135-135: Polish wording for clarity

Minor grammar tweak to improve readability.

-Note: the default rule of above inputs is following [this configuration](https://github.com/commit-check/commit-check-action/blob/main/commit-check.toml). If you want to customize, just add your [`commit-check.toml`](https://commit-check.github.io/commit-check/configuration.html) config file under your repository root directory.
+Note: the default behavior of the above inputs follows [this configuration](https://github.com/commit-check/commit-check-action/blob/main/commit-check.toml). To customize, add a [`commit-check.toml`](https://commit-check.github.io/commit-check/configuration.html) file at the repository root.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2d5dfe0 and 6cbe8b5.

📒 Files selected for processing (1)

• README.md (4 hunks)

🔇 Additional comments (3)

README.md (3)

20-23: Breaking changes list is clear and consistent

Bullets accurately reflect input removals and defaults moving to commit-check.toml. LGTM.

---

25-25: Verify release notes link/date before merging

Ensure the tag v2.0.0 and the date shown in What's New match the actual release.

Would you confirm the tag exists and the date is correct?

---

65-66: Defaults aligned with v2 behavior

Setting author-name and author-email to false by default matches the stated breaking change. LGTM.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

README.md (5)

18-21: Tighten “Breaking Changes” wording for clarity

Minor phrasing improvements to avoid “dropped support … moved” ambiguity and reference v2 defaults.

-- Dropped support for `commit-signoff`, `merge-base`, and `imperative` inputs which are moved to new config file `commit-check.toml`.
+- Removed action inputs `commit-signoff`, `merge-base`, and `imperative`; these are now configured in `commit-check.toml`.
 - Dropped support for `.commit-check.yml` in favor of `commit-check.toml`.
-- Changed default values of `author-name` and `author-email` inputs to `false` to align with commit-check default configuration.
+- Changed defaults for `author-name` and `author-email` inputs to `false` to align with commit‑check v2 defaults.

---

61-62: Omit redundant inputs (already default false)

Docs say these default to false; removing keeps the example minimal.

-          author-name: false
-          author-email: false

---

93-93: Polish wording for message description

Small grammar/casing tweak.

-- **Description**: check git commit message following [Conventional Commits](https://www.conventionalcommits.org/).
+- **Description**: Check Git commit messages follow [Conventional Commits](https://www.conventionalcommits.org/).

---

98-98: Polish wording for branch description

Small grammar/casing tweak.

-- **Description**: check git branch name following [Conventional Branch](https://conventional-branch.github.io/).
+- **Description**: Check Git branch names follow [Conventional Branch](https://conventional-branch.github.io/).

---

131-131: Clarify “Note” grammar and pluralization

-Note: the default rule of above inputs is following [this configuration](https://github.com/commit-check/commit-check-action/blob/main/commit-check.toml). If you want to customize, just add your [`commit-check.toml`](https://commit-check.github.io/commit-check/configuration.html) config file under your repository root directory.
+Note: the default rules for the above inputs follow [this configuration](https://github.com/commit-check/commit-check-action/blob/main/commit-check.toml). To customize, add your own [`commit-check.toml`](https://commit-check.github.io/commit-check/configuration.html) at the repository root.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2d5dfe0 and 1f6c524.

📒 Files selected for processing (1)

• README.md (4 hunks)

🔇 Additional comments (1)

README.md (1)

11-15: v2 section and callout look good

Clear, concise, and lint-friendly. No issues.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

README.md (1)

53-55: Make checkout ref robust for push and PR events

${{ github.event.pull_request.head.sha }} is undefined on push events; provide a fallback to github.sha so the example works for both.

Apply:

-          ref: ${{ github.event.pull_request.head.sha }}  # Checkout PR HEAD commit
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}  # PR HEAD on PRs; current SHA on pushes
           fetch-depth: 0  # Required for merge-base checks

🧹 Nitpick comments (3)

README.md (3)

93-93: Tighten phrasing (grammar/style)

Use imperative style consistent with others.

- - **Description**: check git commit message following [Conventional Commits](https://www.conventionalcommits.org/).
+ - **Description**: Check Git commit messages follow [Conventional Commits](https://www.conventionalcommits.org/).

---

98-98: Tighten phrasing (grammar/style)

Match tense/capitalization.

- - **Description**: check git branch name following [Conventional Branch](https://conventional-branch.github.io/).
+ - **Description**: Check Git branch names follow [Conventional Branch](https://conventional-branch.github.io/).

---

131-131: Clarify note (grammar + clarity)

Small grammar polish and clearer wording.

-Note: the default rule of above inputs is following [this configuration](https://github.com/commit-check/commit-check-action/blob/main/commit-check.toml). If you want to customize, just add your [`commit-check.toml`](https://commit-check.github.io/commit-check/configuration.html) config file under your repository root directory.
+Note: the default behavior of the inputs above follows [this configuration](https://github.com/commit-check/commit-check-action/blob/main/commit-check.toml). To customize, add a [`commit-check.toml`](https://commit-check.github.io/commit-check/configuration.html) file at the root of your repository.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6cbe8b5 and 1f6c524.

📒 Files selected for processing (1)

• README.md (4 hunks)

🔇 Additional comments (4)

README.md (4)

11-22: v2 summary reads well

Clear breaking changes and migration notes. Looks good.

---

54-54: Confirm need for full history with v2

Is fetch-depth: 0 still required for default v2 config? If merge-base rules are disabled, consider fetch-depth: 1 for speed. If enabled via commit-check.toml, keep 0.

---

61-62: Defaults change acknowledged

Setting author-name and author-email to false matches v2 defaults. Good.

---

104-104: Default noted

Default value update documented correctly.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

README.md (1)

53-58: Example checkout must include a fallback ref.

The Usage snippet runs on push, but github.event.pull_request.head.ref is empty there, so anyone copying this fails checkout. Reintroduce a fallback (e.g. || github.ref_name) to keep the example runnable.

-          ref: ${{ github.event.pull_request.head.ref }}  # Checkout PR branch
-          fetch-depth: 0  # Required for merge-base checks
+          ref: ${{ github.event.pull_request.head.ref || github.ref_name }}  # PR branch on PRs; branch on push/dispatch
+          fetch-depth: 0  # Required for merge-base checks
       - uses: commit-check/commit-check-action@v2
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed for PR comments
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed for PR comments

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1f6c524 and 31b4871.

📒 Files selected for processing (2)

• .github/workflows/commit-check.yml (1 hunks)
• README.md (4 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

.github/workflows/commit-check.yml (1)

main.py (2)

• main (197-210)
• add_pr_comments (111-177)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Restore checkout fallback for non-PR runs.

github.event.pull_request.head.ref is undefined during workflow_dispatch, so checkout receives an empty ref and the workflow aborts on manual runs. Please fall back to github.ref_name/github.sha so both PR and dispatch executions work.

-          ref: ${{ github.event.pull_request.head.ref }}  # Checkout PR branch
+          ref: ${{ github.event.pull_request.head.ref || github.ref_name }}  # PR branch on PRs; dispatch/push fallback

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	ref: ${{ github.event.pull_request.head.ref }} # Checkout PR branch
	fetch-depth: 0 # Required for merge-base checks
	- uses: ./ # self test
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # use GITHUB_TOKEN because of use pr-comments
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed for PR comments
	with:
	ref: ${{ github.event.pull_request.head.ref || github.ref_name }} # PR branch on PRs; dispatch/push fallback
	fetch-depth: 0 # Required for merge-base checks
	- uses: ./ # self test
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed for PR comments
	with:

🤖 Prompt for AI Agents

.github/workflows/commit-check.yml around lines 17 to 22: the checkout step
currently uses github.event.pull_request.head.ref which is undefined for
workflow_dispatch and causes failures; change the ref input to fall back to a
dispatch/commit ref by using a conditional expression that uses
github.event.pull_request.head.ref when present, otherwise github.ref_name (or
github.sha) so manual runs and PR runs both work; update the env/with block to
set ref: to that fallback expression (e.g. use the GitHub Actions expression OR
chain) so checkout always receives a valid ref.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 31b4871 and eb895f4.

📒 Files selected for processing (1)

• commit-check.toml (1 hunks)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Restore the full Conventional Commit type set.

We reference the Conventional Commits spec here, but allow_commit_types omits core types like build and perf. Any contributors using those standard types will now be blocked. Please add the missing spec-defined types so we don’t introduce false negatives.

-allow_commit_types = ["feat", "fix", "docs", "style", "refactor", "test", "chore", "ci"]
+allow_commit_types = ["feat", "fix", "docs", "style", "refactor", "test", "chore", "ci", "build", "perf"]

🤖 Prompt for AI Agents

In commit-check.toml at line 8, the allow_commit_types list omits standard
Conventional Commit types (e.g., build, perf, revert) which will block valid
commits; update the allow_commit_types array to include the missing spec-defined
types such as build, perf, and revert (in addition to the existing entries) so
the configuration accepts the full conventional set.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

README.md (1)

53-55: Make checkout ref robust for push and PR (and fork PRs); clarify fetch-depth comment

Using github.event.pull_request.head.ref fails on push events and can target a non-existent branch on forks. Prefer a SHA fallback so the example works across events. Also clarify why full history is needed.

-          ref: ${{ github.event_pull_request.head.ref }}  # Checkout PR branch
-          fetch-depth: 0  # Required for merge-base checks
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}  # PR HEAD on pull_request; current SHA on push
+          fetch-depth: 0  # Full history required for range/merge-base computations

🧹 Nitpick comments (2)

README.md (2)

11-22: Add “What’s New in v2” to the Table of Contents

Improve discoverability by adding this section to the TOC near the top.

---

131-131: Tighten wording for clarity

Minor grammar/readability improvement.

-Note: the default rule of above inputs is following [this configuration](https://github.com/commit-check/commit-check-action/blob/main/commit-check.toml). If you want to customize, just add your [`commit-check.toml`](https://commit-check.github.io/commit-check/configuration.html) config file under your repository root directory.
+Note: defaults for the above inputs are defined by [this configuration](https://github.com/commit-check/commit-check-action/blob/main/commit-check.toml). To customize, add your own [`commit-check.toml`](https://commit-check.github.io/commit-check/configuration.html) at the repository root.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eb895f4 and d36e878.

📒 Files selected for processing (1)

• README.md (4 hunks)

🔇 Additional comments (5)

README.md (5)

57-57: LGTM: token/env and permissions alignment

Using GITHUB_TOKEN with pull-requests: write matches the PR comments guidance.

---

61-62: LGTM: updated defaults for author checks

Defaults set to false align with v2 breaking changes.

---

93-93: LGTM: Conventional Commits description

Description accurately reflects enforcement.

---

98-98: LGTM: Conventional Branches link

Good reference to the spec.

---

104-104: LGTM: default clarified

Default false matches the new behavior.