[ci] Added automated backport workflow#285
Conversation
📝 WalkthroughWalkthroughA new GitHub Actions workflow file is introduced to automate backporting of fixes to a stable branch. The workflow defines two execution paths: one that triggers on pushes to the master branch and another that responds to issue comments starting with Sequence DiagramNo sequence diagram generated. This change is primarily a configuration update for GitHub Actions and does not meet the criteria for visualization. Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 1 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/backport.yml:
- Around line 29-33: The condition using
github.event.issue.pull_request.merged_at in the backport workflow will never be
true for the issue_comment event because that payload only contains a PR stub;
update the job to either (A) keep the issue_comment trigger but call the REST
API GET /repos/{owner}/{repo}/pulls/{pull_number} to retrieve the full PR and
check its merged_at before proceeding (use github.rest.pulls.get and inspect
response.data.merged_at), or (B) change the workflow trigger to the pull_request
event with types: [closed] so the full PR payload (including merged_at) is
available and then use github.event.pull_request.merged_at directly. Ensure you
remove the invalid reference to github.event.issue.pull_request.merged_at and
implement one of these two approaches in the backport job.
- Line 21: The reusable workflow references currently use mutable refs
(`@master`); replace each occurrence of "uses:
openwisp/openwisp-utils/.github/workflows/reusable-backport.yml@master" with the
immutable commit SHA for the matching commit in the openwisp/openwisp-utils repo
(use the exact full 40-char SHA), and update both places where this reusable
workflow is referenced so the workflow is pinned to that specific commit SHA
rather than `@master`.
ℹ️ Review info
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/backport.yml
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (12)
- GitHub Check: Python==3.10 | django~=4.2.0
- GitHub Check: Python==3.13 | django~=4.2.0
- GitHub Check: Python==3.12 | django~=5.1.0
- GitHub Check: Python==3.12 | django~=5.2.0
- GitHub Check: Python==3.12 | django~=4.2.0
- GitHub Check: Python==3.13 | django~=5.2.0
- GitHub Check: Python==3.10 | django~=5.1.0
- GitHub Check: Python==3.13 | django~=5.1.0
- GitHub Check: Python==3.11 | django~=4.2.0
- GitHub Check: Python==3.11 | django~=5.2.0
- GitHub Check: Python==3.10 | django~=5.2.0
- GitHub Check: Python==3.11 | django~=5.1.0
🔇 Additional comments (1)
.github/workflows/backport.yml (1)
3-17: Workflow trigger and base guard scaffolding looks solid.The split between push-triggered and command-triggered backport paths is clear, and baseline permissions/concurrency are consistently defined.
| jobs: | ||
| backport-on-push: | ||
| if: github.event_name == 'push' | ||
| uses: openwisp/openwisp-utils/.github/workflows/reusable-backport.yml@master |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# First, check if the file exists and read its content
if [ -f ".github/workflows/backport.yml" ]; then
echo "=== File exists. Reading content with line numbers ==="
cat -n ".github/workflows/backport.yml"
else
echo "File not found: .github/workflows/backport.yml"
echo "Available workflow files:"
ls -la .github/workflows/ || echo "No .github/workflows directory"
fiRepository: openwisp/openwisp-network-topology
Length of output: 1756
🏁 Script executed:
#!/bin/bash
# Search for all occurrences of the reusable workflow reference
echo "=== Searching for reusable-backport.yml references ==="
rg -n 'reusable-backport.yml' .github/workflows/ || echo "No matches found"Repository: openwisp/openwisp-network-topology
Length of output: 1756
Pin reusable workflow references to immutable commit SHAs (not @master).
Using mutable refs like @master on lines 21 and 36 weakens supply-chain safety and introduces non-deterministic CI behavior. Pin each reference to a specific commit SHA from the openwisp/openwisp-utils repository.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/backport.yml at line 21, The reusable workflow references
currently use mutable refs (`@master`); replace each occurrence of "uses:
openwisp/openwisp-utils/.github/workflows/reusable-backport.yml@master" with the
immutable commit SHA for the matching commit in the openwisp/openwisp-utils repo
(use the exact full 40-char SHA), and update both places where this reusable
workflow is referenced so the workflow is pinned to that specific commit SHA
rather than `@master`.
| if: > | ||
| github.event_name == 'issue_comment' && | ||
| github.event.issue.pull_request && | ||
| github.event.issue.pull_request.merged_at != null && | ||
| github.event.issue.state == 'closed' && |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
GitHub Actions issue_comment event payload structure pull_request merged_at field
💡 Result:
For a GitHub Actions workflow triggered by issue_comment, the event payload does not include a full pull request object, so you won’t have github.event.pull_request.merged_at.
What issue_comment payload contains
issue_comment fires for comments on issues or pull requests and its webhook payload is shaped like:
action(created/edited/deleted)comment(the comment object)issue(the issue object the comment belongs to)- plus
repository,sender, etc. (docs.github.com)
How to tell it’s a PR comment
In Actions, PRs are treated as issues, so for PR comments you check:
github.event.issue.pull_request(present/truthy only for PRs) (docs.github.com)
Important: github.event.issue.pull_request here is not the PR itself; it’s a small stub/link to PR data (so it won’t have merged_at). (docs.github.com)
How to get merged_at
If you need the merge timestamp, you must fetch PR details separately (or use a different trigger):
- Fetch the PR via REST API (typical approach from
issue.number):
- Use the “Get a pull request” endpoint (
GET /repos/{owner}/{repo}/pulls/{pull_number}) and readmerged_atfrom the response. (docs.github.com)
- Or trigger on
pull_request(e.g.,types: [closed]) and use the PR payload there (but note GitHub’s Actions docs mention cases where thepull_requestpayload can be empty, such as some merged PRs / forks). (docs.github.com)
Citations:
- 1: https://docs.github.com/en/enterprise-cloud%40latest/webhooks/webhook-events-and-payloads
- 2: https://docs.github.com/actions/learn-github-actions/events-that-trigger-workflows?utm_source=openai
- 3: https://docs.github.com/actions/learn-github-actions/events-that-trigger-workflows?utm_source=openai
- 4: https://docs.github.com/en/rest/pulls/pulls
- 5: https://docs.github.com/actions/learn-github-actions/events-that-trigger-workflows?utm_source=openai
github.event.issue.pull_request.merged_at is unavailable in issue_comment events—this condition will never be satisfied.
The issue_comment event payload includes only a stub/reference object for pull_request (to identify if the comment is on a PR), not the full PR details. The merged_at field is not present in this context, so the backport job will never run.
To fix this, either:
- Fetch the PR details via REST API using
/repos/{owner}/{repo}/pulls/{pull_number}to checkmerged_at, or - Switch the trigger to
pull_requestevent withtypes: [closed]to access the full PR payload.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/backport.yml around lines 29 - 33, The condition using
github.event.issue.pull_request.merged_at in the backport workflow will never be
true for the issue_comment event because that payload only contains a PR stub;
update the job to either (A) keep the issue_comment trigger but call the REST
API GET /repos/{owner}/{repo}/pulls/{pull_number} to retrieve the full PR and
check its merged_at before proceeding (use github.rest.pulls.get and inspect
response.data.merged_at), or (B) change the workflow trigger to the pull_request
event with types: [closed] so the full PR payload (including merged_at) is
available and then use github.event.pull_request.merged_at directly. Ensure you
remove the invalid reference to github.event.issue.pull_request.merged_at and
implement one of these two approaches in the backport job.
1 participant
Checklist
Reference to Existing Issue
openwisp/openwisp-utils#501