Inherit secrets

[jmle]

Summary by CodeRabbit

• Chores
  • Updated CI workflow to inherit required secrets for the post-merge cherry-pick job, improving automation reliability and reducing intermittent failures during backporting.
  • Enhances consistency of the release process and maintenance tasks without altering application behavior.
  • No user-facing changes; functionality and performance remain unchanged.

[coderabbitai]

Walkthrough

The GitHub Actions workflow .github/workflows/pr-closed.yaml was updated to add secrets: inherit to the cherry-pick job executed when a pull request is merged. The conditional execution logic remains unchanged.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/pr-closed.yaml	Added secrets: inherit to the cherry-pick job for merged PRs; no other logic or conditions changed.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GH as GitHub
  participant WF as pr-closed Workflow
  participant Job as cherry-pick Job
  participant Sec as Inherited Secrets

  Dev->>GH: Close PR (merged)
  GH-->>WF: Trigger on PR closed (merged)
  WF->>Job: Start cherry-pick job
  Note right of Job: Job now runs with<br/>secrets: inherit
  Job->>Sec: Access required secrets
  Job-->>WF: Complete cherry-pick process
  WF-->>GH: Report job status

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I hop through YAML fields at night,
A secret stream now flows just right.
Cherry picks in moonlit queue,
Keys inherit, tasks pursue.
With silent paws and tidy gleam,
The workflow hums—automate the dream.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "Inherit secrets" succinctly describes the primary change of enabling secrets inheritance for the cherry-pick job, making it clear, concise, and directly relevant to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/pr-closed.yaml (1)

16-16: Limit the secrets you forward to the reusable workflow

secrets: inherit hands every repo/environment secret to the reusable workflow. That makes a compromise in konveyor/release-tools/.github/workflows/cherry-pick.yml@main or any action it pulls in far more damaging. Prefer forwarding only the specific secrets that job actually needs so you keep the blast radius minimal.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 73433c6 and 711eea9.

📒 Files selected for processing (1)

• .github/workflows/pr-closed.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build tackle2-addon-analyzer