CNTRLPLANE-2915: Add HyperShift backport skill and command for Claude Code#7870
CNTRLPLANE-2915: Add HyperShift backport skill and command for Claude Code#7870jparrill wants to merge 1 commit intoopenshift:mainfrom
Conversation
|
Pipeline controller notification For optional jobs, comment This repository is configured in: LGTM mode |
|
@jparrill: This pull request references CNTRLPLANE-2915 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/valid-reference
WalkthroughAdds HyperShift Backport documentation: a new skill definition, command reference, and workflow conventions covering backport invocation, cherry-pick process, branch/PR naming, Jira integration, conflict resolution, CI/Prow interactions, and required tooling and error handling. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant User as User
participant CLI as gh/git CLI
participant Repo as GitHub Repo
participant CI as Prow/CI
participant Jira as Jira
participant Local as Local Workspace
User->>CLI: invoke /hypershift-backport (PR#, target branches)
CLI->>Repo: fetch PR, verify merged state
Repo-->>CLI: PR metadata (commits, merge SHA)
CLI->>Jira: extract/create OCPBUGS issues per target branch
CLI->>Local: checkout target branch, create bp<version>/<JIRA-ID> branch
Local->>Local: apply cherry-pick(s), detect conflicts
alt conflicts
User->>Local: resolve conflicts, commit, sign if required
end
Local->>Repo: push branch
Repo->>CI: trigger Prow/CI jobs for backport PR
CI-->>Repo: test/build results
Repo->>User: create backport PR(s) and report status
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
openshift-ci
bot
added
area/ai
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jparrill The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
@jparrill: This pull request references CNTRLPLANE-2915 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.claude/commands/hypershift-backport.md:
- Around line 208-212: The script's final checkout ("git checkout
\"$ORIGINAL_BRANCH\"") can be skipped on early exits; add a cleanup trap that
always restores ORIGINAL_BRANCH on EXIT and ensure the trap is installed early
(after ORIGINAL_BRANCH is set) and removed or disabled only after the flow
completes successfully; target the shell flow that defines ORIGINAL_BRANCH and
the final step (the checkout at Step 6) so the trap runs on errors, interrupts,
or exits and still allows explicit successful completion to skip/cleanup the
trap.
- Around line 153-163: Add language identifiers "bash" to the fenced code blocks
that contain shell/git commands (e.g., the block with "git add <resolved-files>"
/ "git cherry-pick --continue" and the block with 'git push -u
"$GIT_FORK_REMOTE" "bp${VERSION_SHORT}/${JIRA_ID}"' and the Assisted-by text) so
the opening ``` becomes ```bash for each affected fence to satisfy markdownlint
MD040.
- Around line 121-127: The checkout of TARGET_BRANCH assumes a local branch
exists and can fail on fresh clones; change the sequence so after fetching
GIT_UPSTREAM_REMOTE you create or reset a local branch that tracks the remote
branch (use the remote ref GIT_UPSTREAM_REMOTE/$TARGET_BRANCH) instead of a
plain git checkout "$TARGET_BRANCH", e.g. fetch the remote then create or
force-update the local TARGET_BRANCH to point at the upstream ref
(ORIGINAL_BRANCH and GIT_UPSTREAM_REMOTE remain the same) and then perform the
pull --rebase from the upstream remote.
In @.claude/skills/hypershift-backport/SKILL.md:
- Around line 14-16: The fenced code blocks containing the examples
"bp<version>/<JIRA-ID>" and "OCPBUGS-XXXXX: <original PR title>" are missing
language identifiers and trigger markdownlint MD040; update those backtick
fences from ``` to ```text so each fenced block begins with ```text to mark them
as plain text (locate the blocks shown in the diff and replace the opening ```
with ```text).
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: cb24a278-7f38-4f85-94d4-f519ad3f3c75
📒 Files selected for processing (3)
.claude/SKILLS.md.claude/commands/hypershift-backport.md.claude/skills/hypershift-backport/SKILL.md
| ```bash | ||
| ORIGINAL_BRANCH=$(git rev-parse --abbrev-ref HEAD) | ||
|
|
||
| git fetch "$GIT_UPSTREAM_REMOTE" | ||
| git checkout "$TARGET_BRANCH" | ||
| git pull --rebase "$GIT_UPSTREAM_REMOTE" "$TARGET_BRANCH" | ||
| ``` |
There was a problem hiding this comment.
Use a remote-tracking checkout to avoid failures on fresh clones.
git checkout "$TARGET_BRANCH" assumes the branch already exists locally. On first-time backports, this step can fail even when the remote branch exists.
Proposed fix
ORIGINAL_BRANCH=$(git rev-parse --abbrev-ref HEAD)
git fetch "$GIT_UPSTREAM_REMOTE"
-git checkout "$TARGET_BRANCH"
-git pull --rebase "$GIT_UPSTREAM_REMOTE" "$TARGET_BRANCH"
+git checkout -B "$TARGET_BRANCH" "$GIT_UPSTREAM_REMOTE/$TARGET_BRANCH"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/commands/hypershift-backport.md around lines 121 - 127, The checkout
of TARGET_BRANCH assumes a local branch exists and can fail on fresh clones;
change the sequence so after fetching GIT_UPSTREAM_REMOTE you create or reset a
local branch that tracks the remote branch (use the remote ref
GIT_UPSTREAM_REMOTE/$TARGET_BRANCH) instead of a plain git checkout
"$TARGET_BRANCH", e.g. fetch the remote then create or force-update the local
TARGET_BRANCH to point at the upstream ref (ORIGINAL_BRANCH and
GIT_UPSTREAM_REMOTE remain the same) and then perform the pull --rebase from the
upstream remote.
| ### Step 6: Return to original state | ||
|
|
||
| ```bash | ||
| git checkout "$ORIGINAL_BRANCH" | ||
| ``` |
There was a problem hiding this comment.
The “always returns to original branch” safety claim is not guaranteed by the shown flow.
If the process exits early (validation, cherry-pick, push/PR errors), Line 211 may never run. The safety guarantee should be implemented with cleanup trapping in the executable flow.
Proposed fix
ORIGINAL_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+cleanup() {
+ git checkout "$ORIGINAL_BRANCH" >/dev/null 2>&1 || true
+}
+trap cleanup EXITAlso applies to: 296-302
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/commands/hypershift-backport.md around lines 208 - 212, The script's
final checkout ("git checkout \"$ORIGINAL_BRANCH\"") can be skipped on early
exits; add a cleanup trap that always restores ORIGINAL_BRANCH on EXIT and
ensure the trap is installed early (after ORIGINAL_BRANCH is set) and removed or
disabled only after the flow completes successfully; target the shell flow that
defines ORIGINAL_BRANCH and the final step (the checkout at Step 6) so the trap
runs on errors, interrupts, or exits and still allows explicit successful
completion to skip/cleanup the trap.
| ``` | ||
| bp<version>/<JIRA-ID> | ||
| ``` |
There was a problem hiding this comment.
Add language identifiers to fenced code blocks.
Both code fences are missing a language, which triggers markdownlint MD040.
Proposed fix
-```
+```text
bp<version>/<JIRA-ID>...
- +text
OCPBUGS-XXXXX:
Also applies to: 29-31
🧰 Tools
🪛 markdownlint-cli2 (0.21.0)
[warning] 14-14: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/skills/hypershift-backport/SKILL.md around lines 14 - 16, The fenced
code blocks containing the examples "bp<version>/<JIRA-ID>" and "OCPBUGS-XXXXX:
<original PR title>" are missing language identifiers and trigger markdownlint
MD040; update those backtick fences from ``` to ```text so each fenced block
begins with ```text to mark them as plain text (locate the blocks shown in the
diff and replace the opening ``` with ```text).
|
For reference, The plan is to use it during a backport process, refine it and then got it merged. After that, test this skill during some time within the team in order to refine it more and more. Finally put a PR against the ai-helpers |
jparrill
force-pushed
the
CNTRLPLANE-2915
branch
from
1dee59d to
026e4b6
Compare
|
Sample of Backport: openshift/hypershift-oadp-plugin#197 |
Add a new Claude Code command `/hypershift-backport` that automates backporting merged PRs to release branches. The command handles the full workflow: Jira integration via `/jira backport`, automatic cherry-pick detection, manual cherry-pick with conflict resolution, build/test/verify validation, and PR creation. Includes scope verification to ensure backports only contain changes from the original PR, preventing unrelated modifications from being introduced during conflict resolution. Signed-off-by: Juan Manuel Parrilla Madrid <jparrill@redhat.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Juan Manuel Parrilla Madrid <jparrill@redhat.com>
|
@jparrill: This pull request references CNTRLPLANE-2915 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
jparrill
force-pushed
the
CNTRLPLANE-2915
branch
from
026e4b6 to
c9481b5
Compare
Updated behavior: Scope verification for backportsAfter testing, I found the backport skill could introduce changes unrelated to the original PR during conflict resolution. This update adds multiple guardrails to prevent that: Changes
Safety featuresAdded "Scope verification" to the documented safety features list. |
|
@jparrill: This pull request references CNTRLPLANE-2915 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
There was a problem hiding this comment.
♻️ Duplicate comments (2)
.claude/commands/hypershift-backport.md (2)
265-269:⚠️ Potential issue | 🟠 MajorBranch restoration safety guarantee is not fully implemented.
Line 268 (
git checkout "$ORIGINAL_BRANCH") only executes if the entire flow completes successfully. If the process exits early due to validation errors, cherry-pick failures, or push/PR errors, the user remains on the backport branch, contradicting the "Always returns to original branch" safety claim at line 361.🛡️ Proposed fix using cleanup trap
Add this after capturing the original branch:
ORIGINAL_BRANCH=$(git rev-parse --abbrev-ref HEAD) +cleanup() { + git checkout "$ORIGINAL_BRANCH" >/dev/null 2>&1 || true +} +trap cleanup EXIT git fetch "$GIT_UPSTREAM_REMOTE"This ensures the original branch is restored on any exit (error, interrupt, or success).
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.claude/commands/hypershift-backport.md around lines 265 - 269, The script's guarantee to "Always returns to original branch" is broken because git checkout "$ORIGINAL_BRANCH" only runs on successful completion; capture the current branch into ORIGINAL_BRANCH early (e.g., via git rev-parse --abbrev-ref HEAD) and install a cleanup trap that runs on EXIT to restore it (use trap to run git checkout "$ORIGINAL_BRANCH" and any necessary cleanup on ERR/INT/EXIT), so the original branch is checked out regardless of early exits, errors, or interrupts; update mentions of git checkout "$ORIGINAL_BRANCH" and any existing cleanup logic to rely on this trap.
131-136:⚠️ Potential issue | 🟠 MajorUse remote-tracking checkout to avoid failures on fresh clones.
The command
git checkout "$TARGET_BRANCH"assumes a local branch already exists. On first-time backports or fresh clones, this will fail even when the remote branch exists, causing the workflow to abort unexpectedly.🔧 Proposed fix
ORIGINAL_BRANCH=$(git rev-parse --abbrev-ref HEAD) git fetch "$GIT_UPSTREAM_REMOTE" -git checkout "$TARGET_BRANCH" -git pull --rebase "$GIT_UPSTREAM_REMOTE" "$TARGET_BRANCH" +git checkout -B "$TARGET_BRANCH" "$GIT_UPSTREAM_REMOTE/$TARGET_BRANCH"This creates or resets the local branch to track the remote, eliminating the need for a separate pull operation.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.claude/commands/hypershift-backport.md around lines 131 - 136, The script assumes a local branch exists when running git checkout "$TARGET_BRANCH", which fails on fresh clones; update the sequence that uses ORIGINAL_BRANCH, GIT_UPSTREAM_REMOTE and TARGET_BRANCH to create or reset a local branch that tracks the remote branch instead of a plain checkout and separate pull—use a remote-tracking checkout (e.g., create/reset local TARGET_BRANCH from GIT_UPSTREAM_REMOTE/TARGET_BRANCH via git checkout -B or git switch --track equivalent) so the local branch always exists and is up-to-date without a separate pull.
🧹 Nitpick comments (3)
.claude/commands/hypershift-backport.md (2)
62-68: Add language identifiers to error example code blocks.The fenced code blocks containing error messages are missing language identifiers, which triggers markdownlint MD040. Use
textfor plain error message examples.📝 Proposed fix
-``` +```text ERROR: PR `#7730` is not merged (current state: OPEN). Backports can only be created from merged PRs.-
+text
ERROR: Branch 'release-4.99' does not exist in remote.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.claude/commands/hypershift-backport.md around lines 62 - 68, Add the missing Markdown language identifiers to the two fenced code blocks that show plain error messages so markdownlint MD040 is satisfied: locate the blocks containing the error strings "ERROR: PR `#7730` is not merged (current state: OPEN). Backports can only be created from merged PRs." and "ERROR: Branch 'release-4.99' does not exist in remote." and change their opening fences from ``` to ```text (i.e., prefix each code fence with the language identifier "text").
274-336: Add language identifiers to output example code blocks.The three fenced code blocks containing expected output examples (lines 274, 297, 321) are missing language identifiers, which triggers markdownlint MD040. Use
textfor plain output examples.📝 Proposed fix
### All auto cherry-picks succeeded: -``` +```text ============================================ BACKPORT COMPLETE ...Some manual cherry-picks needed:
-
+textBACKPORT COMPLETE
...### Failure: -``` +```text ============================================ BACKPORT FAILED ...</details> <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In @.claude/commands/hypershift-backport.md around lines 274 - 336, Update the
three fenced output example blocks in .claude/commands/hypershift-backport.md
(the blocks under the "BACKPORT COMPLETE", "Some manual cherry-picks needed",
and "BACKPORT FAILED" sections) to include a language identifier of text (change
totext) so markdownlint MD040 is satisfied; locate the fenced blocks by
the visible headings and the sample output content and add the identifier to
each opening fence.</details> </blockquote></details> <details> <summary>.claude/SKILLS.md (1)</summary><blockquote> `184-187`: **Add language identifier to the fenced code block.** The code fence containing usage examples is missing a language identifier, which triggers markdownlint MD040. Use `bash` since these are shell command invocations. <details> <summary>📝 Proposed fix</summary> ```diff -``` +```bash /hypershift-backport 7730 release-4.21 /hypershift-backport 7730 release-4.21,release-4.20 ``` ``` </details> <details> <summary>🤖 Prompt for AI Agents</summary>Verify each finding against the current code and only fix it if needed.
In @.claude/SKILLS.md around lines 184 - 187, Update the fenced code block that
currently contains the two example commands "/hypershift-backport 7730
release-4.21" and "/hypershift-backport 7730 release-4.21,release-4.20" in
.claude/SKILLS.md to include the language identifier "bash" (i.e., change the
opening fence fromtobash) so the snippet is recognized as shell
commands and satisfies markdownlint MD040.</details> </blockquote></details> </blockquote></details> <details> <summary>🤖 Prompt for all review comments with AI agents</summary>Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.claude/commands/hypershift-backport.md:
- Around line 265-269: The script's guarantee to "Always returns to original
branch" is broken because git checkout "$ORIGINAL_BRANCH" only runs on
successful completion; capture the current branch into ORIGINAL_BRANCH early
(e.g., via git rev-parse --abbrev-ref HEAD) and install a cleanup trap that runs
on EXIT to restore it (use trap to run git checkout "$ORIGINAL_BRANCH" and any
necessary cleanup on ERR/INT/EXIT), so the original branch is checked out
regardless of early exits, errors, or interrupts; update mentions of git
checkout "$ORIGINAL_BRANCH" and any existing cleanup logic to rely on this trap.- Around line 131-136: The script assumes a local branch exists when running git
checkout "$TARGET_BRANCH", which fails on fresh clones; update the sequence that
uses ORIGINAL_BRANCH, GIT_UPSTREAM_REMOTE and TARGET_BRANCH to create or reset a
local branch that tracks the remote branch instead of a plain checkout and
separate pull—use a remote-tracking checkout (e.g., create/reset local
TARGET_BRANCH from GIT_UPSTREAM_REMOTE/TARGET_BRANCH via git checkout -B or git
switch --track equivalent) so the local branch always exists and is up-to-date
without a separate pull.
Nitpick comments:
In @.claude/commands/hypershift-backport.md:
- Around line 62-68: Add the missing Markdown language identifiers to the two
fenced code blocks that show plain error messages so markdownlint MD040 is
satisfied: locate the blocks containing the error strings "ERROR: PR#7730is
not merged (current state: OPEN). Backports can only be created from merged
PRs." and "ERROR: Branch 'release-4.99' does not exist in remote." and change
their opening fences fromtotext (i.e., prefix each code fence with the
language identifier "text").- Around line 274-336: Update the three fenced output example blocks in
.claude/commands/hypershift-backport.md (the blocks under the "BACKPORT
COMPLETE", "Some manual cherry-picks needed", and "BACKPORT FAILED" sections) to
include a language identifier of text (changetotext) so markdownlint
MD040 is satisfied; locate the fenced blocks by the visible headings and the
sample output content and add the identifier to each opening fence.In @.claude/SKILLS.md:
- Around line 184-187: Update the fenced code block that currently contains the
two example commands "/hypershift-backport 7730 release-4.21" and
"/hypershift-backport 7730 release-4.21,release-4.20" in .claude/SKILLS.md to
include the language identifier "bash" (i.e., change the opening fence fromtobash) so the snippet is recognized as shell commands and satisfies
markdownlint MD040.</details> --- <details> <summary>ℹ️ Review info</summary> <details> <summary>⚙️ Run configuration</summary> **Configuration used**: Repository: openshift/coderabbit/.coderabbit.yaml **Review profile**: CHILL **Plan**: Pro **Run ID**: `cb10ffe9-1e9a-4696-adb9-9348c0f3fa9b` </details> <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between 1dee59dcfa2ac930534e200a04361f2108e297db and c9481b57340f089dabb09a70a96a20a72efb54ce. </details> <details> <summary>📒 Files selected for processing (3)</summary> * `.claude/SKILLS.md` * `.claude/commands/hypershift-backport.md` * `.claude/skills/hypershift-backport/SKILL.md` </details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
|
Stale PRs are closed after 21d of inactivity. If this PR is still relevant, comment to refresh it or remove the stale label. If this PR is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
lifecycle/stale
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@jparrill: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
I now have the complete picture. Let me compile the final report. Test Failure Analysis CompleteJob Information
Test Failure AnalysisErrorSummaryThe job never reached the Root CauseThe PR branch has not been rebased or updated since 2026-03-09 (over 5 weeks ago). In that time, several PRs landed on
PR #7870 also modifies The Prow CI job runs Recommendations
Evidence
|
3 participants
Summary
.claude/skills/hypershift-backport/) that auto-applies backport conventions (branch namingbp<ver>/<JIRA-ID>, PR title format, Jira integration, conflict resolution guidelines).claude/commands/hypershift-backport.md) that executes the full backport workflow: validates merged PR, posts/jira backport, waits for Prow CI, handles auto/manual cherry-picks with build+test verification.claude/SKILLS.mdto document both the skill and commandJira
Test plan
/hypershift-backportwith a merged PR and a release branch to verify the full workflowbp<ver>/<JIRA-ID>conventionOCPBUGS-XXXXX: <title>formatAssisted-by: Claude (via Claude Code)
Summary by CodeRabbit