ci: add semantic-pr workflow to enforce conventional commits

[Hyperion2220]

Description

This PR adds a GitHub Action workflow to automatically validate that Pull Request titles follow the Conventional Commits standard. It also updates the contributing guide to inform future contributors of this automated check.

• Fixes Create a workflow that checks if GitHub PRs follow the Conventional Commits convention #2457

How Has This Been Tested?

The new workflow file was validated for syntax correctness. The existing CI (Lint & Test Build) passed successfully on this PR.

Screenshots / Logs (if applicable)

N/A

Checklist:

• I have read and followed the contribution guidelines.
• Disclosed any use of AI (see our policy)
• I have updated the documentation accordingly.
• All new and existing tests passed. (Verified by CI)
• Successful build pnpm build (Verified by CI)
• Translation keys pnpm i18n:extract (N/A)
• Database migration (if required) (N/A)

Summary by CodeRabbit

• Chores

  • Added an automated CI check to validate pull request titles and enforce Conventional Commits formatting for incoming PRs; redundant runs are cancelled when updated.

• Documentation

  • Updated the contributing guide to require PR titles follow Conventional Commits and note that PR titles are now automatically verified.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a new GitHub Actions workflow at .github/workflows/semantic-pr.yml to validate pull request titles using amannn/action-semantic-pull-request, and updates CONTRIBUTING.md to require PR titles follow Conventional Commits and note automatic checking.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow \.github/workflows/semantic-pr.yml	New "Semantic PR" workflow triggered on pull_request_target (types: opened, reopened, edited, synchronize). Top-level permissions: {}; concurrency: semantic-pr-${{ github.event.pull_request.number }} with cancel-in-progress: true. Single job "Validate PR Title" runs on ubuntu-slim, grants pull-requests: read, and runs amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 (v6.1.1) with GITHUB_TOKEN.
Documentation CONTRIBUTING.md	Language updated to require PR titles follow Conventional Commits and indicate PR titles are automatically checked by the new workflow.

Sequence Diagram(s)

sequenceDiagram
    participant Contributor as Contributor
    participant GitHub as GitHub (Events)
    participant Actions as GitHub Actions Runner
    participant Semantic as amannn/action-semantic-pull-request

    Contributor->>GitHub: Open / edit PR
    GitHub->>Actions: Trigger workflow (pull_request_target)
    Actions->>Semantic: Run semantic PR action (validate title)
    Semantic-->>Actions: Validation result (pass/fail)
    Actions-->>GitHub: Report check status on PR
    GitHub-->>Contributor: Display status / require fixes if failed

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped to the repo with whiskers aflutter,

A guardian checks titles — no more clutter,
Semantic rules hum, tidy and bright,
I munched a carrot and signed off tonight.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (2 files): ⚔️ CONTRIBUTING.md (content) ⚔️ docs/getting-started/third-parties/unraid.mdx (content) These conflicts must be resolved before merging into develop.	Resolve conflicts locally and push changes to this branch.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a GitHub Actions workflow to enforce conventional commits in PR titles.
Linked Issues check	✅ Passed	The PR implements the required workflow to validate PR titles against Conventional Commits standard as specified in issue #2457.
Out of Scope Changes check	✅ Passed	Changes are limited to adding the semantic-pr workflow and updating documentation; all changes directly support the issue objective.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[fallenbagel]

Could you update the pr description with the pr template?

[M0NsTeRRR]

Thanks for your PR! Just a heads-up for next time: if someone is already assigned to the issue, it means they’ll handle the PR. This way, we avoid duplicating work and save time for everyone. ;)

[Hyperion2220]

Sorry about that, @M0NsTeRRR. I missed the assignment on this one and certainly didn't mean to double up on the work you already had planned.

I've just pushed an update to follow your suggestions regarding the concurrency/permissions and simplified the workflow logic. Thanks for the guidance and for taking the time to review.

[M0NsTeRRR]

No problem, that happens @Hyperion2220 you missed some others suggestions I did

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/semantic-pr.yml:
- Around line 12-14: The concurrency group currently uses the template value
"semantic-pr-${{ github.ref }}" which causes different PRs targeting the same
base branch to share a group; update the concurrency.group to use the pull
request identifier instead (e.g., use github.event.pull_request.number or
github.run_id) so each PR run is isolated, leaving cancel-in-progress: true
as-is; change the value referenced in the concurrency block (the group key under
concurrency) from semantic-pr-${{ github.ref }} to a template that includes
github.event.pull_request.number.
- Line 10: Update the GitHub Action pin for amannn/action-semantic-pull-request
in the workflow: replace the old reference
amannn/action-semantic-pull-request@v5.5.3 with the current release
amannn/action-semantic-pull-request@v6.1.1 (or pin the v6.1.1 SHA) while keeping
the existing permissions: {} and pull_request_target usage; ensure the workflow
uses the new tag/SHA in the uses: entry to mitigate supply-chain risk.

[Hyperion2220]

You're right, @M0NsTeRRR. I missed the specific concurrency detail in the automated review dropdown. I've updated the workflow to use the pull request number for the concurrency group as suggested. Thanks for catching that.

[M0NsTeRRR]

You're right, @M0NsTeRRR. I missed the specific concurrency detail in the automated review dropdown. I've updated the workflow to use the pull request number for the concurrency group as suggested. Thanks for catching that.

No it wasn't that part, go there https://github.com/seerr-team/seerr/pull/2472/changes you can see others suggestions.

For the AI stuff you fixed, I've to check tomorrow because I didn't know the reported issue so I've to confirm before ;)

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/semantic-pr.yml:
- Around line 10-23: The workflow currently sets permissions: {} which removes
all token scopes; update the permissions block to grant minimal read access so
the action can read PR metadata (add pull-requests: read under permissions).
Locate the top-level permissions key in this workflow (the permissions: {}
entry) and change it to include pull-requests: read so the job "main" and the
amannn/action-semantic-pull-request invocation can access PR title data.

---

Duplicate comments:
In @.github/workflows/semantic-pr.yml:
- Line 21: Update the amannn/action-semantic-pull-request action reference in
the workflow (the uses entry currently pinned to
amannn/action-semantic-pull-request@0723387f...) to the latest release (v6.1.1
or its commit SHA) and verify compatibility with v6 breaking changes (Node.js 24
/ ESM); ensure the uses string in the workflow is replaced and run CI to confirm
the action behaves correctly under the new version.

[Hyperion2220]

Understood, @M0NsTeRRR. I've moved the pull-requests: read permission to the job level so the action has the access it needs while keeping the global permissions restricted. Thanks for the clarification.

[M0NsTeRRR]

@Hyperion2220 are you using an AI to reply and fix my suggestion ?

[Hyperion2220]

lol, no. i'm just trying to branch out and get some experience with other types of projects outside of my usual wheelhouse. I probably seem a little extra as I'm trying really hard to do a good job. This is my first pull from a project outside of my own.

[M0NsTeRRR]

Click on this link https://github.com/seerr-team/seerr/pull/2472/changes, on the right side you can see my suggestion they are still 3 left.

[Hyperion2220]

Ok, should be all set now. Sorry for all the hand holding you had to do.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/semantic-pr.yml:
- Around line 21-26: There are duplicate top-level permissions blocks; the
second one overrides the first and drops scopes — consolidate them into a single
permissions mapping by removing the second "permissions:" block and merging its
entries so the final block contains contents: read, pull-requests: read, and
checks: write (keep the existing "pull-requests: read" entry and add the missing
"contents: read" and "checks: write" keys under the same "permissions" mapping).