Skip to content

Delete the source branch after doing the backport.#14062

Merged
comfyanonymous merged 1 commit into
masterfrom
comfyanonymous-patch-1
May 22, 2026
Merged

Delete the source branch after doing the backport.#14062
comfyanonymous merged 1 commit into
masterfrom
comfyanonymous-patch-1

Conversation

@comfyanonymous

Copy link
Copy Markdown
Member

No description provided.

@coderabbitai

coderabbitai Bot commented May 22, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This pull request adds a new cleanup step to the backport release workflow. After a successful release, the workflow now conditionally deletes the remote backport source branch on origin. The step includes safeguards: it refuses to delete branches matching the repository's default branch or the current release branch, verifies the branch still exists with the expected commit SHA, and only proceeds with deletion if those checks pass. If the branch is missing or has diverged since the release was authorized, the workflow exits without deleting, ensuring no accidental removal of important branches.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and directly describes the main change: adding functionality to delete the source branch after backport operations.
Description check ✅ Passed No description was provided, but this is acceptable given the clear and specific pull request title that adequately communicates the changeset's purpose.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/backport_release.yaml:
- Around line 483-494: The delete step has a TOCTOU race: git ls-remote reads
SOURCE_BRANCH tip but a concurrent push can replace it before git push origin
--delete runs; replace the unconditional delete with a lease-protected delete
that only removes refs/heads/${SOURCE_BRANCH} if it still matches SOURCE_COMMIT
by using git push with --force-with-lease against the branch ref and a delete
refspec, i.e. send a --force-with-lease for refs/heads/${SOURCE_BRANCH} keyed to
SOURCE_COMMIT and the delete refspec :refs/heads/${SOURCE_BRANCH}; ensure the
workflow checks runner git supports --force-with-lease before using it and keep
the same logging for success/failure.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b1e33b1f-6e8a-49b4-bc4b-553478cbff15

📥 Commits

Reviewing files that changed from the base of the PR and between 112fcd5 and 94307e6.

📒 Files selected for processing (1)
  • .github/workflows/backport_release.yaml
Comment on lines +483 to +494
current_tip="$(git ls-remote origin "refs/heads/${SOURCE_BRANCH}" | awk '{print $1}')"
if [[ -z "${current_tip}" ]]; then
echo "Source branch '${SOURCE_BRANCH}' no longer exists on origin; nothing to delete."
exit 0
fi
if [[ "${current_tip}" != "${SOURCE_COMMIT}" ]]; then
echo "::warning::Source branch '${SOURCE_BRANCH}' tip (${current_tip}) no longer matches released commit (${SOURCE_COMMIT}). Leaving it in place."
exit 0
fi

git push origin --delete "refs/heads/${SOURCE_BRANCH}"
echo "Deleted remote branch '${SOURCE_BRANCH}'."

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify Git on runner supports lease-protected delete refspec.
set -euo pipefail
git --version
git push -h | sed -n '/--force-with-lease/,+4p'

Repository: Comfy-Org/ComfyUI

Length of output: 80


Fix TOCTOU race in “Delete remote source branch”
git ls-remote checks ${SOURCE_BRANCH}’s tip, but the subsequent git push origin --delete can still delete a newly-pushed tip if a push happens between the check and the delete.

Suggested hardening
-          git push origin --delete "refs/heads/${SOURCE_BRANCH}"
+          git push \
+            --force-with-lease="refs/heads/${SOURCE_BRANCH}:${SOURCE_COMMIT}" \
+            origin \
+            ":refs/heads/${SOURCE_BRANCH}"
           echo "Deleted remote branch '${SOURCE_BRANCH}'."

Runner Git is 2.39.5; ensure git push --help includes --force-with-lease so the lease-protected delete refspec is accepted.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
current_tip="$(git ls-remote origin "refs/heads/${SOURCE_BRANCH}" | awk '{print $1}')"
if [[ -z "${current_tip}" ]]; then
echo "Source branch '${SOURCE_BRANCH}' no longer exists on origin; nothing to delete."
exit 0
fi
if [[ "${current_tip}" != "${SOURCE_COMMIT}" ]]; then
echo "::warning::Source branch '${SOURCE_BRANCH}' tip (${current_tip}) no longer matches released commit (${SOURCE_COMMIT}). Leaving it in place."
exit 0
fi
git push origin --delete "refs/heads/${SOURCE_BRANCH}"
echo "Deleted remote branch '${SOURCE_BRANCH}'."
current_tip="$(git ls-remote origin "refs/heads/${SOURCE_BRANCH}" | awk '{print $1}')"
if [[ -z "${current_tip}" ]]; then
echo "Source branch '${SOURCE_BRANCH}' no longer exists on origin; nothing to delete."
exit 0
fi
if [[ "${current_tip}" != "${SOURCE_COMMIT}" ]]; then
echo "::warning::Source branch '${SOURCE_BRANCH}' tip (${current_tip}) no longer matches released commit (${SOURCE_COMMIT}). Leaving it in place."
exit 0
fi
git push \
--force-with-lease="refs/heads/${SOURCE_BRANCH}:${SOURCE_COMMIT}" \
origin \
":refs/heads/${SOURCE_BRANCH}"
echo "Deleted remote branch '${SOURCE_BRANCH}'."
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/backport_release.yaml around lines 483 - 494, The delete
step has a TOCTOU race: git ls-remote reads SOURCE_BRANCH tip but a concurrent
push can replace it before git push origin --delete runs; replace the
unconditional delete with a lease-protected delete that only removes
refs/heads/${SOURCE_BRANCH} if it still matches SOURCE_COMMIT by using git push
with --force-with-lease against the branch ref and a delete refspec, i.e. send a
--force-with-lease for refs/heads/${SOURCE_BRANCH} keyed to SOURCE_COMMIT and
the delete refspec :refs/heads/${SOURCE_BRANCH}; ensure the workflow checks
runner git supports --force-with-lease before using it and keep the same logging
for success/failure.
@comfyanonymous comfyanonymous merged commit e75b739 into master May 22, 2026
16 checks passed
@comfyanonymous comfyanonymous deleted the comfyanonymous-patch-1 branch May 22, 2026 22:47
simonri pushed a commit to simonri/ComfyUI-flash-attention-3 that referenced this pull request May 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant