Copilot commented on code in PR #15488: URL: https://github.com/apache/grails-core/pull/15488#discussion_r2907172516
########## DeleteBranches.groovy: ########## @@ -0,0 +1,216 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +def githubToken = System.getenv('GITHUB_TOKEN') ?: System.getProperty('github.token') +def repoOwner = "apache" +def repoName = "grails-core" +def baseApiUrl = "https://api.github.com/repos/${repoOwner}/${repoName}"; + +if (!githubToken) { + throw new IllegalStateException( + "GitHub token is required. Set the GITHUB_TOKEN environment variable or the -Dgithub.token system property." + ) +} +def tableData = """ +| origin/GRAILS-6737-Groovy-1.7.5 | 2010-09-17 | CLOSED | +| origin/GRAILS-6278 | 2010-09-17 | CLOSED | +| origin/GRAILS-5087 | 2012-12-07 | CLOSED | +| origin/GRAILS-9997 | 2013-07-30 | CLOSED | +| origin/GRAILS-10533 | 2013-10-14 | CLOSED | +| origin/GRAILS-10512 | 2013-10-14 | CLOSED | +| origin/GRAILS-10613 | 2013-10-15 | CLOSED | +| origin/GRAILS-10660 | 2013-10-29 | CLOSED | +| origin/GRAILS-10631 | 2013-11-05 | CLOSED | +| origin/GRAILS-10728 | 2013-11-06 | CLOSED | +| origin/GRAILS-10448 | 2013-11-06 | CLOSED | +| origin/GRAILS-10780 | 2013-11-19 | CLOSED | +| origin/GRAILS-10813 | 2013-11-21 | CLOSED | +| origin/GRAILS-10838 | 2013-11-25 | CLOSED | +| origin/GRAILS-10826 | 2013-11-26 | CLOSED | +| origin/GRAILS-10835 | 2013-11-27 | CLOSED | +| origin/GRAILS-10853 | 2013-12-02 | CLOSED | +| origin/GRAILS-10868 | 2013-12-03 | CLOSED | +| origin/GRAILS-10871 | 2013-12-03 | CLOSED | +| origin/GRAILS-9664 | 2013-12-04 | CLOSED | +| origin/GRAILS-10882 | 2013-12-09 | CLOSED | +| origin/GRAILS-10852 | 2013-12-13 | CLOSED | +| origin/GRAILS-10910 | 2013-12-13 | CLOSED | +| origin/GRAILS-10908 | 2013-12-14 | CLOSED | +| origin/GRAILS-10683b | 2013-12-23 | CLOSED | +| origin/GRAILS-10897 | 2014-01-08 | CLOSED | +| origin/GRAILS-8426 | 2014-01-10 | CLOSED | +| origin/GRAILS-10973 | 2014-01-13 | CLOSED | +| origin/GRAILS-11003 | 2014-01-22 | CLOSED | +| origin/GRAILS-11011 | 2014-01-22 | CLOSED | +| origin/GRAILS-11075 | 2014-02-04 | CLOSED | +| origin/GRAILS-11093 | 2014-02-06 | CLOSED | +| origin/GRAILS-11104 | 2014-02-11 | CLOSED | +| origin/GRAILS-10683 | 2014-02-13 | CLOSED | +| origin/GRAILS-11145 | 2014-02-26 | CLOSED | +| origin/GRAILS-11197 | 2014-03-10 | CLOSED | +| origin/GRAILS-9686 | 2014-03-14 | CLOSED | +| origin/GRAILS-10031 | 2014-03-17 | CLOSED | +| origin/GRAILS-11222 | 2014-03-18 | CLOSED | +| origin/GRAILS-11238 | 2014-03-19 | CLOSED | +| origin/GRAILS-11242 | 2014-03-24 | CLOSED | +| origin/GRAILS-11204 | 2014-05-01 | CLOSED | +| origin/GRAILS-6766 | 2014-05-01 | CLOSED | +| origin/GRAILS-9996 | 2014-05-08 | CLOSED | +| origin/GRAILS-10905 | 2014-05-08 | CLOSED | +| origin/GRAILS-11448 | 2014-05-27 | CLOSED | +| origin/GRAILS-11453 | 2014-05-28 | CLOSED | +| origin/GRAILS-11462 | 2014-06-02 | CLOSED | +| origin/GRAILS-11129 | 2014-06-10 | CLOSED | +| origin/GRAILS-11505 | 2014-06-13 | CLOSED | +| origin/GRAILS-11505B | 2014-06-17 | CLOSED | +| origin/GRAILS-11505C | 2014-06-17 | CLOSED | +| origin/GRAILS-11585 | 2014-07-16 | CLOSED | +| origin/GRAILS-11576 | 2014-07-25 | CLOSED | +| origin/GRAILS-11625 | 2014-08-04 | CLOSED | +| origin/GRAILS-11543 | 2014-08-14 | CLOSED | +| origin/GRAILS-11666 | 2014-08-18 | CLOSED | +| origin/GRAILS-11661 | 2014-08-18 | CLOSED | +| origin/GRAILS-11686 | 2014-08-26 | CLOSED | +| origin/GRAILS-11680 | 2014-10-21 | CLOSED | +| origin/GRAILS-11791 | 2014-10-23 | CLOSED | +| origin/GRAILS-11748 | 2014-10-23 | CLOSED | +| origin/GRAILS-11806 | 2014-10-30 | CLOSED | +| origin/GRAILS-11638 | 2014-10-30 | CLOSED | +| origin/GRAILS-11976 | 2015-02-09 | CLOSED | +| origin/GRAILS-11973 | 2015-02-09 | CLOSED | +| origin/GRAILS-11958 | 2015-02-09 | CLOSED | +| origin/GRAILS-12112 | 2015-03-25 | CLOSED | +| origin/issue_9183 | 2015-08-13 | CLOSED | +| origin/issue10188 | 2016-10-27 | CLOSED | +| origin/issue10282 | 2016-11-19 | CLOSED | +| origin/GRAILS-10300-10315 | 2016-12-09 | CLOSED | +| origin/issue10423 | 2017-01-24 | CLOSED | +| origin/GRAILS-10392 | 2017-02-09 | CLOSED | +| origin/issue10502 | 2017-02-27 | CLOSED | +| origin/issue10600 | 2017-04-22 | CLOSED | +| origin/issue-10844 | 2018-02-26 | CLOSED | +| origin/issue-10844_take2 | 2020-11-05 | CLOSED | +| origin/feature/scaffolding-5.1.0 | 2024-09-11 | CLOSED | +| origin/renovate/major-jansi.version | 2024-10-24 | CLOSED | +| origin/renovate/major-javahamcrest-monorepo | 2024-10-24 | CLOSED | +| origin/add-grails-events-transform | 2024-12-23 | CLOSED | +| origin/renovate/alpine-3.x | 2024-12-27 | CLOSED | +| origin/renovate/actions-upload-artifact-4.x | 2025-02-21 | CLOSED | +| origin/renovate/com.gradle.develocity-3.x | 2025-02-25 | CLOSED | +| origin/renovate/io.micronaut.serde-micronaut-serde-jackson-2.x | 2025-03-03 | CLOSED | +| origin/renovate/io.micronaut-micronaut-http-client-4.x | 2025-03-13 | CLOSED | +| origin/issue-14804 | 2025-06-11 | CLOSED | +| origin/retry-build-step | 2025-06-18 | CLOSED | +| origin/renovate/micronautversion | 2025-07-12 | CLOSED | +| origin/addition-micronaut-feature-test | 2025-08-06 | CLOSED | +| origin/update-rest-transform-dependency | 2025-08-07 | CLOSED | +| origin/JavaExec-argsFile | 2025-09-22 | CLOSED | +| origin/java-25-support-test | 2025-09-24 | CLOSED | +| origin/fix-starter-published-dependencies | 2025-10-04 | CLOSED | +| origin/fix/null-constructor-arg-groovy4 | 2026-03-03 | CLOSED | +| origin/issue_8974 | 2015-03-23 | MERGE | +| origin/issue_610 | 2015-04-06 | MERGE | +| origin/issue-11211 | 2019-01-03 | MERGE | +| origin/patch-decouple-gradle | 2024-07-24 | MERGE | +| origin/web-profile-jar-artifact | 2025-10-08 | MERGE | +| origin/jrebelFeatureFix | 2025-10-29 | MERGE | +| origin/chore/gsp_and_gson_dependencies_and_apply | 2025-11-12 | MERGE | +| origin/fix/issue_15228-respond-errors | 2025-11-18 | MERGE | +| origin/banner-versions | 2025-11-19 | MERGE | +| origin/remove-webjars-locator-core-dep | 2025-11-26 | MERGE | +| origin/merge-back-7.0.5 | 2026-01-12 | MERGE | +| origin/invokeDynamicDisable | 2026-01-17 | MERGE | +| origin/deps/update-java-gradle-groovy-versions | 2026-01-27 | MERGE | +| origin/task/add-agents-md-15145 | 2026-01-30 | MERGE | +| origin/matrei-patch-1 | 2026-02-12 | MERGE | +| origin/fix/flaky-geb-tests | 2026-02-19 | MERGE | +| origin/refactor/centralize-groovydoc-plugin | 2026-02-19 | MERGE | +| origin/test/query-connection-routing | 2026-02-21 | MERGE | +| origin/micronaut-fixes-2 | 2026-02-21 | MERGE | +| origin/forgeReloadingChanges | 2026-02-23 | MERGE | +| origin/database-cleanup-feature | 2026-02-25 | MERGE | +| origin/fix-detachedcriteria-join-get-hibernate7 | 2026-02-25 | MERGE | +| origin/fix-detachedcriteria-join-get | 2026-02-25 | MERGE | +| origin/fix/where-query-bugs | 2026-02-26 | MERGE | +| origin/fix/async-promise-spec-read-timeout | 2026-03-03 | MERGE | +| origin/fix/groovy-joint-ci-stability | 2026-03-03 | MERGE | +""" + +def failedBranches = [] + +tableData.eachLine { line -> + if (!line.contains("|") || line.contains("---") || line.contains("Branch")) return null + + def parts = line.tokenize('|').collect { it.trim() } + if (parts.size() < 3) return null + + def branch = parts[0].replace("origin/", "") + def type = parts[2] + + if (type == "MERGE" || type == "CLOSED") { + try { + deleteBranch(baseApiUrl, githubToken, branch) + } catch (Exception e) { + println "CRITICAL ERROR processing ${branch}: ${e.message}" + failedBranches << branch + } + } else { + println "SKIPPING [${type}]: ${branch}" + } + return null +} + +if (failedBranches) { + throw new RuntimeException("Failed to delete the following branches: ${failedBranches.join(', ')}. Check logs for details.") +} + +/** + * Removes the branch from the remote. + */ +def deleteBranch(baseUrl, token, branch) { + println "DELETING: ${branch}" + def url = new URL("${baseUrl}/git/refs/heads/${branch}") + sendRequest(url, token, "DELETE", null) +} + +def sendRequest(url, token, method, body) { + HttpURLConnection conn = null + try { + conn = url.openConnection() as HttpURLConnection + conn.connectTimeout = 10_000 + conn.readTimeout = 30_000 + conn.requestMethod = method + conn.setRequestProperty("Authorization", "token ${token}") + conn.setRequestProperty("Accept", "application/vnd.github.v3+json") + conn.setRequestProperty("User-Agent", "DeleteBranchesScript/1.0") + if (body) { + conn.doOutput = true + conn.setRequestProperty("Content-Type", "application/json") + conn.outputStream.withWriter { it << body } + } + + if (conn.responseCode in [200, 201, 204]) { + println "SUCCESS: ${conn.responseCode}" + } else { + def errorText = conn.errorStream?.text ?: "No error stream available" + throw new RuntimeException("HTTP ${conn.responseCode} - ${errorText}") + } Review Comment: `sendRequest` currently treats a 404 as a hard failure. For a branch-cleanup script, DELETE is typically intended to be idempotent (branch may already be gone), so consider treating 404 as a success/skip and continuing; otherwise the script can fail at the end due to already-deleted branches. ########## ProtectBranches.groovy: ########## @@ -0,0 +1,148 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +import groovy.json.JsonBuilder + +def githubToken = System.getenv('GITHUB_TOKEN') ?: System.getProperty('github.token') +def repoOwner = "apache" +def repoName = "grails-core" +def baseApiUrl = "https://api.github.com/repos/${repoOwner}/${repoName}"; + +if (!githubToken || githubToken == "YOUR_PERSONAL_ACCESS_TOKEN") { + throw new IllegalStateException( + "GitHub token is required. Set the GITHUB_TOKEN environment variable or the -Dgithub.token system property." + ) +} + +def tableData = """ +| origin/1.1.x | 2009-11-26 | RELEASE | +| origin/1.3.0.RC2 | 2010-04-23 | RELEASE | +| origin/1.2.x | 2010-10-11 | RELEASE | +| origin/1.3.x | 2012-06-01 | RELEASE | +| origin/2.0.x | 2013-05-30 | RELEASE | +| origin/2.1.x | 2013-09-21 | RELEASE | +| origin/2.2.x | 2014-07-27 | RELEASE | +| origin/2.3.x | 2015-06-17 | RELEASE | +| origin/2.4.x | 2015-09-08 | RELEASE | +| origin/3.0.x | 2016-07-27 | RELEASE | +| origin/3.1.x | 2017-05-09 | RELEASE | +| origin/3.1.x-issue-9058 | 2017-05-23 | RELEASE | +| origin/3.2.x | 2019-10-10 | RELEASE | +| origin/master | 2021-11-24 | RELEASE | +| origin/4.0.x | 2022-06-03 | RELEASE | +| origin/5.1.x | 2022-10-13 | RELEASE | +| origin/5.0.x | 2022-11-25 | RELEASE | +| origin/5.2.x | 2023-02-13 | RELEASE | +| origin/2.5.x | 2023-12-17 | RELEASE | +| origin/3.3.x | 2024-01-09 | RELEASE | +| origin/4.1.x | 2024-01-26 | RELEASE | +| origin/5.3.x | 2024-01-26 | RELEASE | +| origin/6.1.x | 2024-02-27 | RELEASE | +| origin/6.0.x | 2024-04-09 | RELEASE | +| origin/5.4.x | 2024-09-11 | RELEASE | +| origin/6.2.x | 2025-01-03 | RELEASE | +| origin/gh-pages | 2025-01-07 | RELEASE | +| origin/7.0.x-hibernate6 | 2025-10-15 | RELEASE | +| origin/7.0.x-binding-error-14947-15147 | 2025-10-21 | RELEASE | +| origin/7.1.x-hibernate6 | 2025-12-03 | RELEASE | +| origin/7.1.x | 2026-02-27 | RELEASE | +| origin/8.0.x | 2026-02-28 | RELEASE | +| origin/8.0.x-hibernate7 | 2026-03-01 | RELEASE | +| origin/7.0.x | 2026-03-04 | RELEASE | +| origin/8.0.x-hibernate7-dev | 2026-03-05 | RELEASE | +""" + +def failedBranches = [] + +tableData.eachLine { line -> + if (!line.contains("|") || line.contains("---") || line.contains("Branch")) return null + + def parts = line.tokenize('|').collect { it.trim() } + if (parts.size() < 3) return null + + def branch = parts[0].replace("origin/", "") + def type = parts[2] + + // Skip the invalid 'origin' (no branch name) entry if it appears + if (branch == "origin" || !branch) return null + + if (type == "RELEASE") { + try { + protectBranch(baseApiUrl, githubToken, branch) + } catch (Exception e) { + println "CRITICAL ERROR processing ${branch}: ${e.message}" + failedBranches << branch + } + } else { + println "SKIPPING [${type}]: ${branch}" + } + return null +} + +if (failedBranches) { + throw new RuntimeException("Failed to protect the following branches: ${failedBranches.join(', ')}. Check logs for details.") +} + +/** + * Sets the branch to 'Protected' with required reviews. + * Does not require specific status checks (null) to avoid 'useless' empty list config. + */ +def protectBranch(baseUrl, token, branch) { + println "PROTECTING: ${branch}" + def url = new URL("${baseUrl}/branches/${branch}/protection") + def body = new JsonBuilder([ + enforce_admins : true, + required_status_checks : null, + required_pull_request_reviews: [ + required_approving_review_count: 1, + dismiss_stale_reviews : true + ], + restrictions : null, + allow_force_pushes : false, + allow_deletions : false, + lock_branch : false // Set to true only if you want the branch to be strictly read-only + ]).toString() + + sendRequest(url, token, "PUT", body) +} + +def sendRequest(url, token, method, body) { + HttpURLConnection conn = null + try { + conn = url.openConnection() as HttpURLConnection + conn.connectTimeout = 10_000 + conn.readTimeout = 30_000 + conn.requestMethod = method + conn.setRequestProperty("Authorization", "token ${token}") + conn.setRequestProperty("Accept", "application/vnd.github.v3+json") + if (body) { + conn.doOutput = true + conn.setRequestProperty("Content-Type", "application/json") + conn.outputStream.withWriter { it << body } + } + + if (conn.responseCode in [200, 201, 204]) { + println "SUCCESS: ${conn.responseCode}" + } else { + def errorText = conn.errorStream?.text ?: "No error stream available" + throw new RuntimeException("HTTP ${conn.responseCode} - ${errorText}") + } Review Comment: `sendRequest` currently treats a 404 as a hard failure. For branch protection maintenance, it’s common for some branches in the list to no longer exist; consider treating 404 as a skip (log and continue) so one missing branch doesn’t make the whole run fail. ########## ProtectBranches.groovy: ########## @@ -0,0 +1,148 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +import groovy.json.JsonBuilder + +def githubToken = System.getenv('GITHUB_TOKEN') ?: System.getProperty('github.token') +def repoOwner = "apache" +def repoName = "grails-core" +def baseApiUrl = "https://api.github.com/repos/${repoOwner}/${repoName}"; Review Comment: The target repository is hardcoded to apache/grails-core. That makes it easy to accidentally run this from a fork/clone and still change branch protection on the upstream repo if the token has access. Make repoOwner/repoName configurable (env/Gradle properties) and/or require an explicit confirmation that prints the resolved target before proceeding. ########## DeleteBranches.groovy: ########## @@ -0,0 +1,216 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +def githubToken = System.getenv('GITHUB_TOKEN') ?: System.getProperty('github.token') +def repoOwner = "apache" +def repoName = "grails-core" +def baseApiUrl = "https://api.github.com/repos/${repoOwner}/${repoName}"; Review Comment: The target repository is hardcoded to apache/grails-core. That makes it easy to accidentally run this from a fork/clone and still delete branches on the upstream repo if the token has access. Make repoOwner/repoName configurable (env/Gradle properties) and/or require an explicit confirmation that prints the resolved target before proceeding. ########## ProtectBranches.groovy: ########## @@ -0,0 +1,148 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +import groovy.json.JsonBuilder + +def githubToken = System.getenv('GITHUB_TOKEN') ?: System.getProperty('github.token') +def repoOwner = "apache" +def repoName = "grails-core" +def baseApiUrl = "https://api.github.com/repos/${repoOwner}/${repoName}"; + +if (!githubToken || githubToken == "YOUR_PERSONAL_ACCESS_TOKEN") { + throw new IllegalStateException( + "GitHub token is required. Set the GITHUB_TOKEN environment variable or the -Dgithub.token system property." + ) +} + +def tableData = """ +| origin/1.1.x | 2009-11-26 | RELEASE | +| origin/1.3.0.RC2 | 2010-04-23 | RELEASE | +| origin/1.2.x | 2010-10-11 | RELEASE | +| origin/1.3.x | 2012-06-01 | RELEASE | +| origin/2.0.x | 2013-05-30 | RELEASE | +| origin/2.1.x | 2013-09-21 | RELEASE | +| origin/2.2.x | 2014-07-27 | RELEASE | +| origin/2.3.x | 2015-06-17 | RELEASE | +| origin/2.4.x | 2015-09-08 | RELEASE | +| origin/3.0.x | 2016-07-27 | RELEASE | +| origin/3.1.x | 2017-05-09 | RELEASE | +| origin/3.1.x-issue-9058 | 2017-05-23 | RELEASE | +| origin/3.2.x | 2019-10-10 | RELEASE | +| origin/master | 2021-11-24 | RELEASE | +| origin/4.0.x | 2022-06-03 | RELEASE | +| origin/5.1.x | 2022-10-13 | RELEASE | +| origin/5.0.x | 2022-11-25 | RELEASE | +| origin/5.2.x | 2023-02-13 | RELEASE | +| origin/2.5.x | 2023-12-17 | RELEASE | +| origin/3.3.x | 2024-01-09 | RELEASE | +| origin/4.1.x | 2024-01-26 | RELEASE | +| origin/5.3.x | 2024-01-26 | RELEASE | +| origin/6.1.x | 2024-02-27 | RELEASE | +| origin/6.0.x | 2024-04-09 | RELEASE | +| origin/5.4.x | 2024-09-11 | RELEASE | +| origin/6.2.x | 2025-01-03 | RELEASE | +| origin/gh-pages | 2025-01-07 | RELEASE | +| origin/7.0.x-hibernate6 | 2025-10-15 | RELEASE | +| origin/7.0.x-binding-error-14947-15147 | 2025-10-21 | RELEASE | +| origin/7.1.x-hibernate6 | 2025-12-03 | RELEASE | +| origin/7.1.x | 2026-02-27 | RELEASE | +| origin/8.0.x | 2026-02-28 | RELEASE | +| origin/8.0.x-hibernate7 | 2026-03-01 | RELEASE | +| origin/7.0.x | 2026-03-04 | RELEASE | +| origin/8.0.x-hibernate7-dev | 2026-03-05 | RELEASE | +""" + +def failedBranches = [] + +tableData.eachLine { line -> + if (!line.contains("|") || line.contains("---") || line.contains("Branch")) return null + + def parts = line.tokenize('|').collect { it.trim() } + if (parts.size() < 3) return null + + def branch = parts[0].replace("origin/", "") + def type = parts[2] + + // Skip the invalid 'origin' (no branch name) entry if it appears + if (branch == "origin" || !branch) return null + + if (type == "RELEASE") { + try { + protectBranch(baseApiUrl, githubToken, branch) + } catch (Exception e) { + println "CRITICAL ERROR processing ${branch}: ${e.message}" + failedBranches << branch + } + } else { + println "SKIPPING [${type}]: ${branch}" + } + return null +} + +if (failedBranches) { + throw new RuntimeException("Failed to protect the following branches: ${failedBranches.join(', ')}. Check logs for details.") +} + +/** + * Sets the branch to 'Protected' with required reviews. + * Does not require specific status checks (null) to avoid 'useless' empty list config. + */ +def protectBranch(baseUrl, token, branch) { + println "PROTECTING: ${branch}" + def url = new URL("${baseUrl}/branches/${branch}/protection") + def body = new JsonBuilder([ + enforce_admins : true, + required_status_checks : null, + required_pull_request_reviews: [ + required_approving_review_count: 1, + dismiss_stale_reviews : true + ], + restrictions : null, + allow_force_pushes : false, + allow_deletions : false, + lock_branch : false // Set to true only if you want the branch to be strictly read-only + ]).toString() + + sendRequest(url, token, "PUT", body) +} + +def sendRequest(url, token, method, body) { + HttpURLConnection conn = null + try { + conn = url.openConnection() as HttpURLConnection + conn.connectTimeout = 10_000 + conn.readTimeout = 30_000 + conn.requestMethod = method + conn.setRequestProperty("Authorization", "token ${token}") + conn.setRequestProperty("Accept", "application/vnd.github.v3+json") + if (body) { Review Comment: GitHub’s REST API requires a `User-Agent` header on requests; `DeleteBranches.groovy` sets one but this script doesn’t. Add a `User-Agent` request header here to avoid 403/400 responses from the API. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
