Skip to content

feat(ci): add feature branch creation and building containers on feat/*#2998

Draft
nv-dmendoza wants to merge 3 commits into
NVIDIA:mainfrom
nv-dmendoza:feature-branch-ci
Draft

feat(ci): add feature branch creation and building containers on feat/*#2998
nv-dmendoza wants to merge 3 commits into
NVIDIA:mainfrom
nv-dmendoza:feature-branch-ci

Conversation

@nv-dmendoza

Copy link
Copy Markdown
Collaborator

Adds running CI on feature branches and /feature-request command to create properly formatted feature branches as well as containers.

Feature branch containers

  • Adds /feat/* to CI branch triggers
  • No push logic changes needed, the existing push: ${{!contains(github.ref, 'pull-request/')}} condition already handles non-PR refs.
  • Adds a CI check that validates the first parent tag contains feat-, ensuring feature branches are created correctly through the /feature-branch issue command
  • note the rest-ci.yml workflow already handles versioning using branches

/feature-request <branch name> command

Used in issue comments to create a fresh feature branch off main using <branch name>. After creation, immediately adds an empty commit referencing back to the request as well as tag the base commit of the branch for proper version generation. A commit is needed here to not affect the versions autogenerated in main.

main:       A --- B --- C
                   \
feat/add-X:         E --- F 
  • B - head of main when /feature-request was run (ex. v2.0.0-pr-473-g69492bf5b)
  • E - empty commit with tag (ex. tagged as v2.0.0-pr-473-feat-x)
  • F - commit added to feature branch for testing, (ex. version v2.0.0-pr-473-feat-x-1-g2e6dff7`
  • C - commit on main unaffected ( ex. ex. v2.0.0-pr-474-g191d2a35b`)

Related issues

#2869

Type of Change

  • Add - New feature or capability
  • Change - Changes in existing functionality
  • Fix - Bug fixes
  • Remove - Removed features or deprecated functionality
  • Internal - Internal changes (refactoring, tests, docs, etc.)

Breaking Changes

  • This PR contains breaking changes

Testing

  • Unit tests added/updated
  • Integration tests added/updated
  • Manual testing performed
  • No testing required (docs, internal refactor, etc.)

Additional Notes

@copy-pr-bot

copy-pr-bot Bot commented Jun 29, 2026

Copy link
Copy Markdown

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b3711152-2822-462d-9873-5f0d5167cf0f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

git commit --allow-empty -m "${COMMIT_MSG}"

git tag "${TAG}"
git push origin "${FULL_BRANCH}" "${TAG}"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current Github ruleset setting blocks GITHUB_TOKEN from creating feat/*: only repository admins and copy-pr-bot can bypass it. We may need to create a GitHub Actions App and update the ruleset to bypass the rule.

run: |
set -euo pipefail

BRANCH_NAME=$(echo "${COMMENT_BODY}" | sed 's|^/feature-branch ||' | tr -d '[:space:]')

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to strictly validate the branch name here instead of only stripping whitespace? Git refs may contain shell special characters, and this value later becomes VERSION and is interpolated directly into run: scripts, which can lead to command injection on self-hosted runners. maybe a bounded, single-segment slug such as ^[a-z0-9]+(-[a-z0-9]+)*$ would prevent shell inject and ensure compatibility with the downstream version and Helm workflows.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants