chore(backport): Add backport GH workflow to Scanner repo#3403
Conversation
📝 WalkthroughSummary by CodeRabbit
WalkthroughAdds a GitHub Actions workflow that runs the pinned ChangesBackport workflow
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
/retest |
ae95651 to
9ca626a
Compare
There was a problem hiding this comment.
🧹 Nitpick comments (2)
.github/workflows/backport-pr.yaml (2)
24-24: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winUpdate
tibdex/backporttov3to fix the Node 16 deprecation warning.
tibdex/backport@v2.0.4runs on Node 16, which is deprecated in GitHub Actions and generates warnings. Version 3 runs on Node 20 and resolves this issue.Since your repository uses
ratchetto pin SHAs, you can update the line to@v3and then run yourratchettooling to resolve and pin the new exact SHA.♻️ Proposed update
- - uses: tibdex/backport@9565281eda0731b1d20c4025c43339fb0a23812e # ratchet:tibdex/backport@v2.0.4 + - uses: tibdex/backport@v3 # ratchet:tibdex/backport@v3🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/backport-pr.yaml at line 24, Update the tibdex/backport action in the workflow from v2.0.4 to v3, then run the repository’s ratchet tooling to replace the tag with the corresponding exact commit SHA while preserving the existing ratchet annotation.
14-22: 🚀 Performance & Scalability | 🔵 Trivial | ⚡ Quick winPrevent workflow from running on all merged PRs.
The current condition triggers the backport job for every single merged PR, regardless of whether it requires backporting. For PRs without a backport label,
tibdex/backportgracefully exits, but it still consumes CI minutes and litters the Actions history.You can filter the
closedevent to only run if a backport label is already present by joining the PR's label names.⚡ Proposed optimization
if: > github.event.pull_request.merged && ( - github.event.action == 'closed' - || ( + ( + github.event.action == 'closed' + && contains(join(github.event.pull_request.labels.*.name, ','), 'backport') + ) || ( github.event.action == 'labeled' && contains(github.event.label.name, 'backport') ) )🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/backport-pr.yaml around lines 14 - 22, Update the workflow trigger condition around the backport job so the merged pull request’s closed-event path also requires a backport label, using the pull request label names for the check. Preserve the existing labeled-event behavior and merged-status requirement, while preventing unlabeled merged PRs from starting the workflow.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In @.github/workflows/backport-pr.yaml:
- Line 24: Update the tibdex/backport action in the workflow from v2.0.4 to v3,
then run the repository’s ratchet tooling to replace the tag with the
corresponding exact commit SHA while preserving the existing ratchet annotation.
- Around line 14-22: Update the workflow trigger condition around the backport
job so the merged pull request’s closed-event path also requires a backport
label, using the pull request label names for the check. Preserve the existing
labeled-event behavior and merged-status requirement, while preventing unlabeled
merged PRs from starting the workflow.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 1e1c3bc5-a819-43d9-8837-c41f0695e1d4
📒 Files selected for processing (1)
.github/workflows/backport-pr.yaml
|
/retest scanner-on-push |
|
@github-actions[bot]: The Use DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
BradLugo
left a comment
There was a problem hiding this comment.
LGTM. One more note: we need to create the labels in the format the tibdex/backport action is expecting.
Copied from
stackrox/stackroxhttps://github.com/stackrox/stackrox/blob/943c70ededfe015e7397037d59fcaf09539975ed/.github/workflows/backport-pr.yamlAdding a backport label to a PR, once merged, will yield a backport PR against the target branch.
Assumes secret
RHACS_BOT_GITHUB_TOKENis setup at the org level (currently not setup at the repo level)Will test / iterate as needed once merged.