Protect spring-cherry-pick against pushing commit to itself

artembilan · artembilan · commit d064ff6f8f28 · 2024-12-17T15:51:26.000-05:00
The `Auto-cherry-pick` commit may be pushed into a branch
for which the cherry-pick is supposed to happen.
So, check in loop for `$branches` if requested branch is not exactly same where the commit has been just pushed.

* Fix typos and some sentence in the `README.md` according to the current state of things.
diff --git a/.github/workflows/spring-cherry-pick.yml b/.github/workflows/spring-cherry-pick.yml
@@ -39,15 +39,18 @@ jobs:
           branches=$(echo "$COMMIT_MESSAGE" | grep "$CHERRY_PICK_TOKEN" | grep -o1 -E "([0-9]+\.[0-9]+\.x)")
           for branch in $branches
           do 
-            git checkout "$branch"
-            if git cherry-pick ${{ github.sha }} -x
+            if [ "$branch" != '${{ github.ref_name }}' ]
             then
-              echo "::notice title=Commit cherry-picked::${{ github.sha }} to branch $branch"
-            else
-              echo "::error title=Cannot cherry-pick::${{ github.sha }} to branch $branch. Manual procedure required"
-              exit 1
+              git checkout "$branch"
+              if git cherry-pick ${{ github.sha }} -x
+              then
+                echo "::notice title=Commit cherry-picked::${{ github.sha }} to branch $branch"
+              else
+                echo "::error title=Cannot cherry-pick::${{ github.sha }} to branch $branch. Manual procedure required"
+                exit 1
+              fi
+              branchCommitMessage=$(git log -1 --pretty=%B | grep -v "$CHERRY_PICK_TOKEN")
+              git commit --amend -o -m "$branchCommitMessage"  
+              git push origin $branch    
             fi
-            branchCommitMessage=$(git log -1 --pretty=%B | grep -v "$CHERRY_PICK_TOKEN")
-            git commit --amend -o -m "$branchCommitMessage"  
-            git push origin $branch
           done
diff --git a/README.md b/README.md
@@ -1,6 +1,7 @@
 # GitHub Actions Workflows for Spring Projects
 
-This project containers reusable GitHub Actions Workflows to build Spring projects with Gradle or Maven.
+This project contains reusable GitHub Actions Workflows to build Spring projects with Gradle or Maven.
+And provides some other useful utilities to perform from GitHub Actions, such a Dependabot auto-merge, or automatic back-port issue creation.  
 The workflows are designed for specific tasks and can be reused individually or in combinations in the target projects.
 
 To use these workflows in your project a set of organization secrets must be granted to the repository:
@@ -19,13 +20,13 @@ GPG_PASSPHRASE
 GPG_PRIVATE_KEY
 ```
 
-The Develocity secret is optional: not used by Maven and Gradle project might not be enrolled for the service.  
+The Develocity secret is optional: mostly not used by Maven and Gradle project might not be enrolled for the service.  
 The `SPRING_RELEASE_CHAT_WEBHOOK_URL` secret is also optional: probably you don't want to notify Google Space about your release, or it is not available for GitHub organization.
 As well as `OSSRH_*` secret, since not all releases might go to Maven Central, e.g. private (commercial) repositories only.
 
 The mentioned secrets must be passed explicitly since these reusable workflows might be in different GitHub org than target project.
 
-The SNAPSHOT and Release workflows uses JFrog Artifactory plugin to publish artifacts into Artifactory.
+The SNAPSHOT and Release workflows uses [spring-io/artifactory-deploy-action](https://github.com/spring-io/artifactory-deploy-action) to publish artifacts into Artifactory.
 
 ## Build SNAPSHOT and Pull Request Workflows
 
@@ -42,8 +43,8 @@ https://github.com/spring-io/spring-github-workflows/blob/78b29123a17655f019d800
 You can add more branches to react for pull request events.
 
 The SNAPSHOT workflows ([spring-artifactory-gradle-snapshot.yml](.github/workflows/spring-artifactory-gradle-snapshot.yml) and [spring-artifactory-maven-snapshot.yml](.github/workflows/spring-artifactory-maven-snapshot.yml), respectively) are also that simple.
-They use JFrog Artifactory plugin to be able to publish artifacts into `libs-snapshot-local` (by default) repository.
-The Gradle workflow can be supplied with Gradle Enterprise secrets.
+They publish artifacts into `libs-snapshot-local` (by default) repository.
+The Gradle workflow can be supplied with Develocity secret.
 
 #### Gradle SNAPSHOT caller workflow:
 https://github.com/spring-io/spring-github-workflows/blob/78b29123a17655f019d800690cc906d692f836a9/samples/ci-snapshot-gradle.yml#L1-L18
