Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent incorrect merges between branches #15028

Closed
marcusdacoregio opened this issue May 8, 2024 · 3 comments
Closed

Prevent incorrect merges between branches #15028

marcusdacoregio opened this issue May 8, 2024 · 3 comments
Assignees
@marcusdacoregio
Labels
type: task A general task

Comments

@marcusdacoregio
Copy link
Contributor

marcusdacoregio commented May 8, 2024
edited
Loading

Recently, a wrong merge happened from main into 6.2.x, since the merge was a fast-forward it went unnoticed until a contributor reported it in #15016. The result was that 6.2.x was synced with main.

We should prevent it from happening again, a few suggestions are:

  • A Gradle task that checks if we are in a branch that matches *.x and then compare it with the version in gradle.properties. The check task would depend on this new task.
  • A pre-commit hook that does the same as above
  • A CI task/workflow that does the same as above
  • Use no fast-forward option (--no-ff), this will create a merge commit even when a fast-forward is possible, making it easier to spot the mistake
@marcusdacoregio marcusdacoregio added the type: task A general task label May 8, 2024
@marcusdacoregio marcusdacoregio changed the title Prevent newer branches to be merged into old branches Prevent incorrect merges between branches May 8, 2024
@sjohnr
Copy link
Member

sjohnr commented May 9, 2024

@marcusdacoregio I like the pre-commit hook idea as a possible solution. The issue with workflows is that it would be too late to prevent it, right? The gradle task is nice too but it's technically optional to run it locally and can be skipped.

@jzheaux
Copy link
Contributor

jzheaux commented May 29, 2024

I believe what happened was that I accidentally merged main into 6.2.x and because there had been no commits to 6.2.x during the intervening time, there was no Merge branch 'main' into 6.2.x commit in the logs for me to notice the mistake.

Using --no-ff could address this issue since it would have created the Merge branch 'main' into 6.2.x commit and I (hopefully) would have noticed it, found it odd, and corrected the error. So +1 for that idea.

Another idea would be to introduce a git hook that considers whether a merge is valid. For example, it is always invalid to attempt to merge main into any other protected branch. We could add a script that would check for this and fail the merge.

Hypothetically, we could go further and introduce a script that would check for merging any branch "to the right", 6.2.x into 5.8.x, etc. Maybe this script could check feature branches too, and what protected branch they are based off of before merging.

@marcusdacoregio marcusdacoregio self-assigned this Jun 4, 2024
@marcusdacoregio marcusdacoregio moved this to In Progress in Spring Security Team Jun 11, 2024
marcusdacoregio added a commit that referenced this issue Jun 11, 2024
@marcusdacoregio
Add pre-push hook
0e90f76 
Issue gh-15028
@marcusdacoregio
Copy link
Contributor Author

Closed via https://github.com/spring-projects/spring-security/wiki/Working-with-Git-branches

@marcusdacoregio marcusdacoregio moved this from In Progress to Done in Spring Security Team Jun 11, 2024
@marcusdacoregio marcusdacoregio mentioned this issue Jun 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
type: task A general task
Projects
Spring Security Team
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jzheaux @sjohnr @marcusdacoregio