CCM-15317: Adding New PR Enforcement Action

[damientobin1]

Description

WIP - NOT READY FOR REVIEW YET

Adding new action within shared-modules repository to be used by other amet repositories

Context

Added .github/actions/check-pr-title-format/action.yml

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

[Copilot]

Pull request overview

Adds a reusable composite GitHub Action to enforce pull request title formatting (via regex), intended for consumption by other repositories.

Changes:

• Introduces a new composite action to validate a PR title against a required regex pattern.
• Allows customizing the failure message when the PR title does not match.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

inputs.title has an invalid key (descriptions instead of description) and required is defined twice with conflicting values. This will make the metadata incorrect and can unintentionally treat title as optional. Use description: and keep a single required: true entry.

Suggested change

	descriptions: Pull request title
	required: true
	required: false
	description: Pull request title
	required: true

[Copilot]

The bash conditional has invalid syntax: else if is not valid in bash (use else or elif ...; then). As written, the composite action will fail with a syntax error instead of emitting the intended ::error:: message.

Suggested change

	else if
	else

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The regex check treats an invalid/empty regex the same as a non-matching title, which can lead to confusing failures (and may emit bash "syntax error in conditional expression" to stderr). Consider validating that inputs.pattern is non-empty and using a matcher that lets you distinguish "no match" vs "invalid regex" (e.g., grep -E exit codes) so you can surface a clear configuration error when the regex is malformed.

Suggested change

	if [[ "$title" =~ $pattern ]]; then
	echo "PR title is valid"
	else
	echo "::error::$message"
	if [ -z "$pattern" ]; then
	echo "::error::Input 'pattern' must be a non-empty regular expression"
	exit 1
	fi
	if printf '%s\n' "$title" | grep -Eq -- "$pattern"; then
	echo "PR title is valid"
	else
	status=$?
	case "$status" in
	1)
	echo "::error::$message"
	;;
	2)
	echo "::error::Input 'pattern' is not a valid regular expression: $pattern"
	;;
	*)
	echo "::error::Unexpected error while validating PR title"
	;;
	esac

[Copilot]

echo "::error::$message" will treat any %, \r, or \n sequences in the message as workflow-command control characters, which can truncate/alter the emitted error. Since error_message is an input, it’s safer to escape workflow-command special characters before emitting the ::error:: command (or write the message to stderr without using workflow commands).

Suggested change

	echo "::error::$message"
	escaped_message="${message//'%'/'%25'}"
	escaped_message="${escaped_message//$'\n'/'%0A'}"
	escaped_message="${escaped_message//$'\r'/'%0D'}"
	echo "::error::$escaped_message"

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Inputs are interpolated directly into bash string literals (e.g., title="${{ inputs.title }}"). If this action is used with ${{ github.event.pull_request.title }} (untrusted user input), a title containing quotes/newlines can break the script and potentially enable shell injection. Pass inputs.* via env: and read from $TITLE/$PATTERN/$MESSAGE (or use toJson(...) + parsing) so arbitrary PR titles/patterns can’t alter the shell syntax.

Suggested change

	run: |
	title="${{ inputs.title }}"
	pattern="${{ inputs.pattern }}"
	message="${{ inputs.error_message }}"
	env:
	TITLE: ${{ inputs.title }}
	PATTERN: ${{ inputs.pattern }}
	MESSAGE: ${{ inputs.error_message }}
	run: |
	title="$TITLE"
	pattern="$PATTERN"
	message="$MESSAGE"

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The workflow-command annotation echo "::error::$message" uses a free-form message without escaping. If the message contains characters like %, carriage returns, or newlines, it can break the annotation formatting and (in worst cases) enable workflow command injection. Escape the message per GitHub’s workflow command rules (e.g., replace %, \r, \n) or avoid passing unescaped user-provided text into ::error:: commands.