From fc569cac31049e7992fcac0a1683f6cc9745e39f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20NEDJAR?= <sebastien@nedjar.com>
Date: Fri, 10 Apr 2026 10:57:08 +0200
Subject: [PATCH 1/2] ci: Validate PR title with commitlint and enforce
 trailing period.

---
 .github/workflows/check-commits.yml | 3 +++
 commitlint.config.js                | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/check-commits.yml b/.github/workflows/check-commits.yml
index 49388949..66b1c694 100644
--- a/.github/workflows/check-commits.yml
+++ b/.github/workflows/check-commits.yml
@@ -33,3 +33,6 @@ jobs:
 
       - name: "📜 Validate commit messages"
         run: npx --no-install commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose
+
+      - name: "📜 Validate PR title (used as squash commit message)"
+        run: echo "${{ github.event.pull_request.title }}" | npx --no-install commitlint --verbose
diff --git a/commitlint.config.js b/commitlint.config.js
index 25d70148..40324c31 100644
--- a/commitlint.config.js
+++ b/commitlint.config.js
@@ -7,7 +7,7 @@ module.exports = {
   },
   rules: {
     'subject-case': [0],
-    'subject-full-stop': [0],
+    'subject-full-stop': [2, 'always', '.'],
     'header-max-length': [2, 'always', 78],
     'scope-enum': [
       2,

From b2d9ed78c7894cd8fe7db7f265174599f96c55d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20NEDJAR?= <sebastien@nedjar.com>
Date: Fri, 10 Apr 2026 11:06:21 +0200
Subject: [PATCH 2/2] fix(ci): Pass PR title via env to avoid shell injection.

---
 .github/workflows/check-commits.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/check-commits.yml b/.github/workflows/check-commits.yml
index 66b1c694..2a910035 100644
--- a/.github/workflows/check-commits.yml
+++ b/.github/workflows/check-commits.yml
@@ -35,4 +35,6 @@ jobs:
         run: npx --no-install commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose
 
       - name: "📜 Validate PR title (used as squash commit message)"
-        run: echo "${{ github.event.pull_request.title }}" | npx --no-install commitlint --verbose
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: printf '%s\n' "$PR_TITLE" | npx --no-install commitlint --verbose