feat: Add lint-pr-title workflow

[gjtorikian]

Summary

• Add lint-pr-title.yml workflow using amannn/action-semantic-pull-request@v5 to enforce conventional commit PR titles
• Uses the SDK bot app token (generate_sdk_bot_token) for authentication, consistent with the release-please workflow
• Mirrors the same workflow added to workos-ruby

Test plan

• Open a PR with a non-conventional title (e.g. "update stuff") and verify the check fails
• Open a PR with a conventional title (e.g. "feat: Add new feature") and verify the check passes

🤖 Generated with Claude Code

[greptile-apps]

Greptile Overview

Greptile Summary

Adds a GitHub Actions workflow (.github/workflows/lint-pr-title.yml) that runs on pull_request_target events to enforce conventional-commit style PR titles using amannn/action-semantic-pull-request@v5. The workflow authenticates via a GitHub App token (same pattern as the existing release-please workflow) and reports a PR check result back to GitHub.

Main fix needed before merge: add explicit minimal permissions: to the workflow/job so token generation and status reporting are reliable when default GITHUB_TOKEN permissions are restricted.

Confidence Score: 4/5

• Safe to merge after adding explicit workflow/job permissions for reliability.
• Change is limited to a single GitHub Actions workflow. The only concrete issue is missing explicit permissions, which can cause the token-generation step to fail in repos/orgs with restricted default workflow token permissions.
• .github/workflows/lint-pr-title.yml

Important Files Changed

Filename	Overview
.github/workflows/lint-pr-title.yml	Adds a PR title lint workflow using semantic-pull-request and a GitHub App token; consider adding explicit job/workflow permissions for reliability under restricted default GITHUB_TOKEN permissions.

Sequence Diagram

sequenceDiagram
  actor Dev as PR Author
  participant GH as GitHub
  participant WF as Workflow
  participant A1 as Auth action
  participant A2 as Lint action

  Dev->>GH: PR event (open/edit/sync)
  GH-->>WF: Trigger
  WF->>A1: Authenticate
  A1-->>WF: Credentials
  WF->>A2: Validate title
  A2-->>GH: Check status

Loading

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Missing job permissions

This workflow generates an app installation token but the job doesn’t declare any permissions. On repositories/orgs with default workflow permissions set to read-only, actions/create-github-app-token@v1 can fail because it needs to create an installation access token via the API. Add explicit minimal permissions (e.g. permissions: { contents: read } is usually enough for token generation; if it still fails, grant pull-requests: read too) so this job is reliable across repos.