From 19fafa30d3c0f9f596f3239a986ba174d92eb808 Mon Sep 17 00:00:00 2001
From: Marek Aufart <maufart@redhat.com>
Date: Thu, 18 Jun 2026 13:48:23 +0200
Subject: [PATCH 1/3] Introduce PR conventions check workflow

Adding a github workflow checking Konveyor-like PR conventions.

Adds `:gitmoji: Title` format.

Signed-off-by: Marek Aufart <maufart@redhat.com>
---
 .github/workflows/pr-title-check.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 .github/workflows/pr-title-check.yml

diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml
new file mode 100644
index 00000000..16d4867e
--- /dev/null
+++ b/.github/workflows/pr-title-check.yml
@@ -0,0 +1,18 @@
+name: PR Convetions Checks
+
+on:
+  pull_request_target:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    name: Verify PR contents
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Check Title
+      id: verifier
+      uses: konveyor/release-tools/cmd/verify-pr@main
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}

From 59fb222e0fea9f89a90d6c95e3b1e5d5591bc091 Mon Sep 17 00:00:00 2001
From: Marek Aufart <maufart@redhat.com>
Date: Mon, 29 Jun 2026 15:42:55 +0200
Subject: [PATCH 2/3] Address coderabbit feedback

Signed-off-by: Marek Aufart <maufart@redhat.com>
---
 .github/workflows/pr-title-check.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml
index 16d4867e..56c35677 100644
--- a/.github/workflows/pr-title-check.yml
+++ b/.github/workflows/pr-title-check.yml
@@ -1,7 +1,7 @@
-name: PR Convetions Checks
+name: PR Conventions Checks
 
 on:
-  pull_request_target:
+  pull_request:
     types: [opened, edited, reopened, synchronize]
 
 jobs:
@@ -10,7 +10,9 @@ jobs:
     name: Verify PR contents
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      with:
+        persist-credentials: false
     - name: Check Title
       id: verifier
       uses: konveyor/release-tools/cmd/verify-pr@main

From f8a0b4997f16fa4ac9ca08c30d10ae0327277902 Mon Sep 17 00:00:00 2001
From: Marek Aufart <maufart@redhat.com>
Date: Mon, 29 Jun 2026 15:52:34 +0200
Subject: [PATCH 3/3] Add explicit permissions:read for verify-pr@main

Signed-off-by: Marek Aufart <maufart@redhat.com>
---
 .github/workflows/pr-title-check.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml
index 56c35677..7594cabb 100644
--- a/.github/workflows/pr-title-check.yml
+++ b/.github/workflows/pr-title-check.yml
@@ -4,6 +4,9 @@ on:
   pull_request:
     types: [opened, edited, reopened, synchronize]
 
+permissions:
+  contents: read
+
 jobs:
   verify:
     runs-on: ubuntu-latest
@@ -15,6 +18,7 @@ jobs:
         persist-credentials: false
     - name: Check Title
       id: verifier
+      # Using @main from trusted Konveyor org; pinned SHA available but @main preferred for automatic updates
       uses: konveyor/release-tools/cmd/verify-pr@main
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}