Skip to content

TT-15793 added workflow to Suggest target branches #7511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sredxny merged 2 commits into from
Nov 6, 2025
Merged

TT-15793 added workflow to Suggest target branches #7511

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
977dd2d
added wf to recomend target branches
Nov 5, 2025
b9880f1
Merge branch 'master' into TT-15793-integrate-intelligent-branch-reco…
sredxny Nov 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .github/workflows/intelligent-branch-recomendations.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: PR Merge Suggestions
on:
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review

permissions:
pull-requests: write
contents: read

jobs:
branch-suggestions:
uses: TykTechnologies/github-actions/.github/workflows/branch-suggestion.yml@main

Check warning on line 16 in .github/workflows/intelligent-branch-recomendations.yml

View check run for this annotation

probelabs / Visor: security

security Issue 

The reusable workflow is pinned to a mutable branch (`main`), which creates a supply chain risk. If the `main` branch of the source repository (`TykTechnologies/github-actions`) is compromised, malicious code could be executed. The risk is elevated because the workflow has `pull-requests: write` permissions and access to a `JIRA_TOKEN` secret.
Raw output 
Pin the reusable workflow to a specific commit SHA or a stable tag to ensure a trusted version is used. Example: `uses: TykTechnologies/github-actions/.github/workflows/branch-suggestion.yml@abcdef1234567890abcdef1234567890abcdef12`

Check warning on line 16 in .github/workflows/intelligent-branch-recomendations.yml

View check run for this annotation

probelabs / Visor: architecture

architecture Issue 

The reusable workflow is referenced using the `main` branch (`@main`), which can introduce instability and security risks. Any changes pushed to the `main` branch of `TykTechnologies/github-actions`, including breaking changes or potentially compromised code, would be automatically picked up. This can cause this workflow to fail unexpectedly without any changes being made in this repository.
Raw output 
To ensure deterministic and secure builds, pin the reusable workflow to a specific commit SHA, tag, or release version (e.g., `@v1.0.0`).

Check warning on line 16 in .github/workflows/intelligent-branch-recomendations.yml

View check run for this annotation

probelabs / Visor: quality

architecture Issue 

The reusable workflow `TykTechnologies/github-actions/.github/workflows/branch-suggestion.yml` is referenced using the `main` branch. This poses a stability risk, as breaking changes in the target workflow's `main` branch will be automatically used. It is recommended to pin the workflow to a specific version (e.g., a tag like `@v1` or a specific commit SHA) to ensure predictable behavior.
Raw output 
Replace `@main` with a specific tag (e.g., `@v1`) or a commit SHA to ensure the workflow's stability and prevent unexpected changes.
secrets:
JIRA_TOKEN: ${{ secrets.JIRA_TOKEN }}
Loading