✨ Add cherry-pick bot action

[dymurray]

Summary by CodeRabbit

• Chores
  • Added a new CI workflow that runs when pull requests to the main branch are closed and merged, automating cherry-pick operations to streamline release management.
  • Grants minimal necessary permissions and inherits repository secrets to execute safely.
  • Integrates with shared release tooling for consistency across repositories.
  • No changes to user-facing features or app behavior.

[coderabbitai]

Walkthrough

Introduces a new GitHub Actions workflow that runs on pull_request_target upon PR closure to main. If the PR is merged, it invokes a reusable cherry-pick workflow from konveyor/release-tools, with appropriate permissions and inherited secrets.

Changes

Cohort / File(s)	Summary
CI workflow addition \.github/workflows/pr-closed.yaml	Adds pr-Closed workflow: triggers on pull_request_target to main when closed; conditionally runs if merged; grants write permissions to pull-requests and contents; inherits secrets; calls reusable cherry-pick workflow from konveyor/release-tools@main.

Sequence Diagram(s)

sequenceDiagram
  participant GH as GitHub
  participant PRWF as pr-Closed Workflow
  participant CPWF as Reusable Cherry-Pick Workflow
  participant Repo as Repository

  GH->>PRWF: pull_request_target (closed on main)
  PRWF->>PRWF: Check if PR was merged
  alt PR merged
    PRWF->>CPWF: Reuse workflow (with inherited secrets)
    CPWF->>Repo: Perform cherry-pick operations (write permissions)
    CPWF-->>PRWF: Status/result
  else PR not merged
    PRWF-->>GH: Skip job
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

A PR hops shut—thump! says the log,
My whiskers twitch: “Was it merged, dear cog?”
If yes, I cherry-pick with nimble feet,
Reusing tools to make it neat.
Carrots committed, branches aligned—
CI burrows hum, all checks refined. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "Add cherry-pick bot action" accurately describes the main change in the changeset, which adds a new GitHub Actions workflow for automated cherry-picking when pull requests are merged. While the title contains an emoji (✨ sparkles), which adds some noise, the core message clearly conveys that a cherry-pick automation action is being added. The title is concise and specific enough that a teammate would understand the primary purpose of this change when scanning the repository history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

• Public repositories are always opted into early access features.
• You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/pr-closed.yaml (1)

17-17: Consider pinning the workflow reference to a specific commit SHA.

Referencing the workflow with @main means any changes to the upstream workflow will automatically affect this repository. For better security and reproducibility, consider pinning to a specific commit SHA or at least a tagged release.

Example:

-    uses: konveyor/release-tools/.github/workflows/cherry-pick.yml@main
+    uses: konveyor/release-tools/.github/workflows/[email protected]  # or @abc123def (commit SHA)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0e3f474 and 154bb99.

📒 Files selected for processing (1)

• .github/workflows/pr-closed.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Run e2e test (ubuntu-22.04-arm, bash, ChatOpenAI, kai-test-generation)
• GitHub Check: Run e2e test (ubuntu-24.04, bash, ChatOpenAI, kai-test-generation)
• GitHub Check: Run e2e test (windows-latest, cmd, ChatOpenAI, kai-test-generation)
• GitHub Check: Run e2e test (macos-latest, bash, ChatOpenAI, kai-test-generation)
• GitHub Check: Run e2e test (macos-13, bash, ChatOpenAI, kai-test-generation)
• GitHub Check: Check Types on PR Runner (ubuntu-latest, 3.12, x64)

🔇 Additional comments (2)

.github/workflows/pr-closed.yaml (2)

3-8: LGTM! Appropriate trigger configuration for cherry-pick automation.

The use of pull_request_target is justified here since the cherry-pick operation requires write permissions and secrets access. The closed type combined with the merge check on line 15 ensures the workflow only processes merged PRs.

---

16-17: Fix the syntax order: uses must come before secrets.

In GitHub Actions reusable workflow syntax, the uses key must appear before secrets: inherit.

Apply this diff to fix the syntax error:

-    secrets: inherit
-    uses: konveyor/release-tools/.github/workflows/cherry-pick.yml@main
+    uses: konveyor/release-tools/.github/workflows/cherry-pick.yml@main
+    secrets: inherit

Likely an incorrect or invalid review comment.