temporary scripts for branch maintenance#15488
Conversation
There was a problem hiding this comment.
Pull request overview
Adds Gradle-invokable maintenance automation for GitHub branch hygiene in apache/grails-core (protect release branches, delete stale branches) via two Groovy scripts executed from the root build.gradle.
Changes:
- Registers two new Gradle maintenance tasks:
deleteBranchesandprotectBranches. - Introduces
ProtectBranches.groovyto apply GitHub branch protection to a curated list of release branches. - Introduces
DeleteBranches.groovyto delete a curated list of merged/closed branches via the GitHub API.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| build.gradle | Adds Gradle tasks that execute the maintenance Groovy scripts via GroovyShell. |
| ProtectBranches.groovy | New script that calls GitHub’s branch protection API for listed branches. |
| DeleteBranches.groovy | New script that calls GitHub’s refs API to delete listed branches. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 3 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ProtectBranches.groovy
Outdated
| */ | ||
| import groovy.json.JsonBuilder | ||
|
|
||
| // --- Configuration --- |
There was a problem hiding this comment.
Codebase style guidance discourages section-separator/grouping comments like // --- ... ---. Please remove this header comment to align with the repository conventions (see AGENTS.md guidance).
| if (!githubToken) { | ||
| throw new IllegalStateException( | ||
| "GitHub token is required. Set the GITHUB_TOKEN environment variable." | ||
| ) |
There was a problem hiding this comment.
The exception text says only GITHUB_TOKEN is supported, but the script also reads System.getProperty('github.token') above. Update the message to mention -Dgithub.token as an alternative so users aren't misled when running locally/CI.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 3 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if (conn.responseCode in [200, 201, 204]) { | ||
| println "SUCCESS: ${conn.responseCode}" | ||
| } else { | ||
| def errorText = conn.errorStream?.text ?: "No error stream available" | ||
| throw new RuntimeException("HTTP ${conn.responseCode} - ${errorText}") | ||
| } |
There was a problem hiding this comment.
sendRequest currently treats a 404 as a hard failure. For branch protection maintenance, it’s common for some branches in the list to no longer exist; consider treating 404 as a skip (log and continue) so one missing branch doesn’t make the whole run fail.
| def githubToken = System.getenv('GITHUB_TOKEN') ?: System.getProperty('github.token') | ||
| def repoOwner = "apache" | ||
| def repoName = "grails-core" | ||
| def baseApiUrl = "https://api.github.com/repos/${repoOwner}/${repoName}" |
There was a problem hiding this comment.
The target repository is hardcoded to apache/grails-core. That makes it easy to accidentally run this from a fork/clone and still delete branches on the upstream repo if the token has access. Make repoOwner/repoName configurable (env/Gradle properties) and/or require an explicit confirmation that prints the resolved target before proceeding.
| if (conn.responseCode in [200, 201, 204]) { | ||
| println "SUCCESS: ${conn.responseCode}" | ||
| } else { | ||
| def errorText = conn.errorStream?.text ?: "No error stream available" | ||
| throw new RuntimeException("HTTP ${conn.responseCode} - ${errorText}") | ||
| } |
There was a problem hiding this comment.
sendRequest currently treats a 404 as a hard failure. For a branch-cleanup script, DELETE is typically intended to be idempotent (branch may already be gone), so consider treating 404 as a success/skip and continuing; otherwise the script can fail at the end due to already-deleted branches.
| def githubToken = System.getenv('GITHUB_TOKEN') ?: System.getProperty('github.token') | ||
| def repoOwner = "apache" | ||
| def repoName = "grails-core" | ||
| def baseApiUrl = "https://api.github.com/repos/${repoOwner}/${repoName}" |
There was a problem hiding this comment.
The target repository is hardcoded to apache/grails-core. That makes it easy to accidentally run this from a fork/clone and still change branch protection on the upstream repo if the token has access. Make repoOwner/repoName configurable (env/Gradle properties) and/or require an explicit confirmation that prints the resolved target before proceeding.
| conn.setRequestProperty("Authorization", "token ${token}") | ||
| conn.setRequestProperty("Accept", "application/vnd.github.v3+json") | ||
| if (body) { |
There was a problem hiding this comment.
GitHub’s REST API requires a User-Agent header on requests; DeleteBranches.groovy sets one but this script doesn’t. Add a User-Agent request header here to avoid 403/400 responses from the API.
Two tasks one to protect the release branches and another to delete stale branches