From 965832c966663e352e8dac0d557d4537a7b1230a Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 10 Dec 2025 11:45:51 +0100 Subject: [PATCH] feat: add cherry-pick command workflow - Add cherry-pick-command.yaml using plumbing reusable workflow - Enable /cherry-pick command for easier backports to release branches - Uses centralized cherry-pick logic from tektoncd/plumbing - Slash.yml already configured to use plumbing's slash routing Signed-off-by: Vincent Demeester --- .github/workflows/cherry-pick-command.yaml | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/cherry-pick-command.yaml diff --git a/.github/workflows/cherry-pick-command.yaml b/.github/workflows/cherry-pick-command.yaml new file mode 100644 index 000000000..71d58ee8c --- /dev/null +++ b/.github/workflows/cherry-pick-command.yaml @@ -0,0 +1,32 @@ +# Cherry Pick Command Workflow +# +# This workflow is triggered by the /cherry-pick slash command from the slash.yml workflow. +# It automatically cherry-picks merged PRs to the specified target branches. +# +# Usage: Comment `/cherry-pick [ ...]` on a merged pull request +# Example: `/cherry-pick release-v0.42.x` +# Example: `/cherry-pick release-v0.42.x release-v0.43.x` +# +# Security Notes: +# - Only users with "write" permission can trigger this command (enforced in slash.yml) +# - Works safely with PRs from forks because it only cherry-picks already-merged commits +# - Uses CHATOPS_TOKEN to create PRs and push to branches +# - The action creates a new branch from the target branch, not from the fork + +name: Cherry Pick Command + +on: + repository_dispatch: + types: [cherry-pick-command] + +permissions: + contents: write + pull-requests: write + issues: write + +jobs: + cherry-pick: + name: Cherry Pick Actions + uses: tektoncd/plumbing/.github/workflows/_cherry-pick-command.yaml@4b57443b85569e5bb7d9ee440bf5cae99cb642cb + secrets: + CHATOPS_TOKEN: ${{ secrets.CHATOPS_TOKEN }}