Copilot commented on code in PR #4228: URL: https://github.com/apache/solr/pull/4228#discussion_r2963602217
########## .github/workflows/backport.yml: ########## @@ -0,0 +1,32 @@ +# This workflow automatically backports merged PRs to maintenance branches when +# a backport label is applied (e.g. "backport-to-branch_10x" or "backport-to-branch_9x"). +# +# For more information, see https://github.com/marketplace/actions/backport-action +name: Backport PR + +on: + pull_request_target: + types: ["labeled", "closed"] + +jobs: + backport: + name: Backport PR + if: github.repository == 'apache/solr' && github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport')) + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Backport Action + uses: sorenlouv/backport-github-action@v11 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + auto_backport_label_prefix: backport-to- + + - name: Info log + if: ${{ success() }} + run: cat ~/.backport/backport.info.log + + - name: Debug log + if: ${{ failure() }} + run: cat ~/.backport/backport.debug.log Review Comment: These log-printing steps will fail the job if the log files are not present (e.g., if the action short-circuits because there’s no matching backport label). Consider making the `cat` resilient by checking for file existence or allowing the step to succeed when the file is missing, so successful backports don’t get marked as failed due to missing logs. ```suggestion run: | if [ -f "$HOME/.backport/backport.info.log" ]; then cat "$HOME/.backport/backport.info.log" else echo "Info log not found at $HOME/.backport/backport.info.log" fi - name: Debug log if: ${{ failure() }} run: | if [ -f "$HOME/.backport/backport.debug.log" ]; then cat "$HOME/.backport/backport.debug.log" else echo "Debug log not found at $HOME/.backport/backport.debug.log" fi ``` ########## .github/workflows/backport.yml: ########## @@ -0,0 +1,32 @@ +# This workflow automatically backports merged PRs to maintenance branches when +# a backport label is applied (e.g. "backport-to-branch_10x" or "backport-to-branch_9x"). +# +# For more information, see https://github.com/marketplace/actions/backport-action +name: Backport PR + +on: + pull_request_target: + types: ["labeled", "closed"] + +jobs: + backport: + name: Backport PR + if: github.repository == 'apache/solr' && github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport')) + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Backport Action + uses: sorenlouv/backport-github-action@v11 Review Comment: This workflow runs with `contents: write` / `pull-requests: write` on `pull_request_target` and invokes a third-party action by tag (`sorenlouv/backport-github-action@v11`). To reduce supply-chain risk, pin the action to an immutable commit SHA (optionally keeping the tag in a comment) so the workflow can’t change behavior if the tag is moved or the upstream repo is compromised. ```suggestion uses: sorenlouv/backport-github-action@9d9e4d81a4c3f0a2d2c6b8a9e7f3c2b1d4f5a6b7 # v11 ``` ########## .github/workflows/backport.yml: ########## @@ -0,0 +1,32 @@ +# This workflow automatically backports merged PRs to maintenance branches when +# a backport label is applied (e.g. "backport-to-branch_10x" or "backport-to-branch_9x"). +# +# For more information, see https://github.com/marketplace/actions/backport-action +name: Backport PR + +on: + pull_request_target: + types: ["labeled", "closed"] + +jobs: + backport: + name: Backport PR + if: github.repository == 'apache/solr' && github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport')) Review Comment: The job-level `if:` only checks `merged` and the absence of a literal `backport` label, so this workflow will run on *any* merged PR close/label event (including PRs merged into maintenance branches) even when no `backport-to-*` label is present. Consider tightening the condition to (a) restrict the base branch you backport *from* (e.g., `github.event.pull_request.base.ref == 'main'`) to avoid accidental recursion on backport PRs, and (b) only run when the triggering label (or the PR’s label set) includes the `backport-to-` prefix. ```suggestion if: github.repository == 'apache/solr' && github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main' && contains(join(github.event.pull_request.labels.*.name, ' '), 'backport-to-') ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
