From 197cca824b2725b883e158a7e711f4a418277b06 Mon Sep 17 00:00:00 2001
From: Alex Lowe <alex.lowe@canonical.com>
Date: Mon, 30 Sep 2024 11:55:54 -0400
Subject: [PATCH] feat: policy check

---
 .github/workflows/corporate-policy.yaml | 11 +++++++++++
 .github/workflows/team-policy.yaml      | 18 ++++++++++++++++++
 README.md                               | 22 ++++++++++++++++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 .github/workflows/corporate-policy.yaml
 create mode 100644 .github/workflows/team-policy.yaml

diff --git a/.github/workflows/corporate-policy.yaml b/.github/workflows/corporate-policy.yaml
new file mode 100644
index 0000000..a12c9b0
--- /dev/null
+++ b/.github/workflows/corporate-policy.yaml
@@ -0,0 +1,11 @@
+name: Canonical policy checks
+on:
+  pull_request:
+  workflow_call:
+
+jobs:
+  cla-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if CLA signed
+        uses: canonical/has-signed-canonical-cla@v1
diff --git a/.github/workflows/team-policy.yaml b/.github/workflows/team-policy.yaml
new file mode 100644
index 0000000..890294f
--- /dev/null
+++ b/.github/workflows/team-policy.yaml
@@ -0,0 +1,18 @@
+name: Team policy checks
+on:
+  pull_request:
+  workflow_call:
+
+jobs:
+  conventional-commits:
+    name: Conventional Commits
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: conventional commits
+        uses: webiny/action-conventional-commits@v1.3.0
+        with:
+          allowed-commit-types: "build,chore,ci,docs,feat,fix,perf,refactor,style,test"
diff --git a/README.md b/README.md
index 8ddfd47..aac78a4 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,28 @@ Some of these automations are provided as [Reusable workflows](https://docs.gith
 For these workflows, you can embed them in a workflow you run at the `job` level.
 Examples are provided below.
 
+## Policy checkers
+
+Two reusable workflows combine to check that a commit matches Canonical and team
+policies for PRs to our repositories. Right now, these checks are:
+
+- [CLA check](https://github.com/canonical/has-signed-canonical-cla)
+- [Commit message styles](https://github.com/canonical/starbase/blob/main/HACKING.rst#commits).
+
+### Usage
+
+```
+name: Policy
+on: [pull_request]
+
+jobs:
+  company:
+    uses: canonical/starflow/.github/workflows/corporate-policy.yaml@main
+  team:
+    uses: canonical/starflow/.github/workflows/team-policy.yaml@main
+
+```
+
 ## Python security scanner
 
 The Python security scanner workflow uses several tools (trivy, osv-scanner) to scan a