internal/ci: ensure commit messages do not @-mention users

Parse the commit message as GitHub-flavored markdown to only search
for @-mentions which would be linkified by GitHub, that is,
not within backticks or block quotes.

Adding goldmark as a Go dependency is okay given that it has zero
dependencies itself, and that Go's lazy module loading means
that any Go users of CUE as a library won't download it.

Add positive and negative test cases as well.

Signed-off-by: Daniel Martí <[email protected]>
Change-Id: Ie2c86998bc11384a6d2e6c96c40027a519e233df
Reviewed-on: https://review.gerrithub.io/c/cue-lang/cue/+/1198294
Reviewed-by: Paul Jolly <[email protected]>
Unity-Result: CUE porcuepine <[email protected]>
TryBot-Result: CUEcueckoo <[email protected]>

Author: mvdan

go.mod

@@ -19,6 +19,7 @@ require (
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
 	github.com/tetratelabs/wazero v1.6.0
+	github.com/yuin/goldmark v1.4.13
 	golang.org/x/mod v0.19.0
 	golang.org/x/net v0.27.0
 	golang.org/x/oauth2 v0.21.0

go.sum

@@ -59,6 +59,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tetratelabs/wazero v1.6.0 h1:z0H1iikCdP8t+q341xqepY4EWvHEw8Es7tlqiVzlP3g=
 github.com/tetratelabs/wazero v1.6.0/go.mod h1:0U0G41+ochRKoPKCJlh0jMg1CHkyfK8kDqiirMmKY8A=
+github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
 golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=

internal/ci/checks/commit.go

@@ -23,6 +23,11 @@ import (
 	"regexp"
 	"slices"
 	"strings"
+
+	"github.com/yuin/goldmark"
+	mdast "github.com/yuin/goldmark/ast"
+	mdextension "github.com/yuin/goldmark/extension"
+	mdtext "github.com/yuin/goldmark/text"
 )
 
 func main() {
@@ -81,6 +86,38 @@ func checkCommit(dir string) error {
 			authors, signers)
 	}
 
+	// Forbid @-mentioning any GitHub usernames in commit messages,
+	// as that will lead to notifications which are likely unintended.
+	// If one must include a similar-looking snippet, like @embed(),
+	// they can use markdown backticks or blockquotes to sidestep the issue.
+	//
+	// Note that we parse the body as markdown including git trailers, but that's okay.
+	// Note that GitHub does not interpret mentions in titles, but we still check them
+	// for the sake of being conservative and consistent.
+	md := goldmark.New(
+		goldmark.WithExtensions(mdextension.GFM),
+	)
+	docBody := []byte(body)
+	doc := md.Parser().Parse(mdtext.NewReader(docBody))
+	if err := mdast.Walk(doc, func(node mdast.Node, entering bool) (mdast.WalkStatus, error) {
+		if !entering {
+			return mdast.WalkContinue, nil
+		}
+		// Uncomment for some quick debugging.
+		// fmt.Printf("%T\n%q\n\n", node, node.Text(docBody))
+		switch node.(type) {
+		case *mdast.CodeSpan:
+			return mdast.WalkSkipChildren, nil
+		case *mdast.Text:
+			text := node.Text(docBody)
+			if m := rxUserMention.FindSubmatch(text); m != nil {
+				return mdast.WalkStop, fmt.Errorf("commit mentions %q; use backquotes or block quoting for code", m[2])
+			}
+		}
+		return mdast.WalkContinue, nil
+	}); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -91,7 +128,10 @@ func runCmd(dir string, exe string, args ...string) (string, error) {
 	return string(bytes.TrimSpace(out)), err
 }
 
-var rxExtractEmail = regexp.MustCompile(`.*<(.*)\>$`)
+var (
+	rxExtractEmail = regexp.MustCompile(`.*<(.*)\>$`)
+	rxUserMention  = regexp.MustCompile(`(^|\s)(@[a-z0-9][a-z0-9-]*)`)
+)
 
 func extractEmails(list string) []string {
 	lines := strings.Split(list, "\n")

internal/ci/checks/testdata/checks.txtar

@@ -30,6 +30,32 @@ Signed-off-by: cueckoo <[email protected]>
 Co-authored-by: collaborator <[email protected]>
 Signed-off-by: collaborator <[email protected]>
 Signed-off-by: collaborator <[email protected]>
+-- pass-quoted-embed --
+this message quotes an `@embed()` snippet
+
+Signed-off-by: cueckoo <[email protected]>
+-- pass-longquoted-embed --
+this message quotes a longer `foo: string @embed()` snippet
+
+Signed-off-by: cueckoo <[email protected]>
+-- pass-blockquoted-embed --
+this message block-quotes a snippet of code
+
+    foo: string @embed()
+
+Signed-off-by: cueckoo <[email protected]>
+-- pass-version --
+versions like cuelang.org/[email protected] are okay
+
+Signed-off-by: cueckoo <[email protected]>
+-- pass-lone-at --
+lone @ characters are also okay
+
+Signed-off-by: cueckoo <[email protected]>
+-- pass-email --
+email addresses like [email protected] are okay
+
+Signed-off-by: cueckoo <[email protected]>
 
 -- fail-no-empty --
 This message forgot a title
@@ -42,3 +68,15 @@ this message lacks a signed-off-by trailer
 this message is signed off by a different person
 
 Signed-off-by: Other Developer <[email protected]>
+-- fail-unquoted-embed --
+This message does not quote an @embed() snippet.
+
+Signed-off-by: cueckoo <[email protected]>
+-- fail-leading-embed --
+@embed() may also be at the start.
+
+Signed-off-by: cueckoo <[email protected]>
+-- fail-mention --
+This is an explicit mention of @someone which we don't do.
+
+Signed-off-by: cueckoo <[email protected]>