TT-15793 add wf to test branch recomendation merges

[sredxny]

Description

.

Related Issue

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

• I ensured that the documentation is up to date
• I explained why this PR updates go.mod in detail with reasoning why it's required
• I would like a code coverage CI quality gate exception and have explained why

Ticket Details

TT-15793

Status	In design review
Summary	Implement Intelligent Branch Merge Recommendations

Generated at: 2025-10-30 20:32:43

[github-actions]

API Changes

no api changes detected

[probelabs]

🔍 Code Analysis Results

This PR introduces a new GitHub Actions workflow to provide intelligent merge suggestions for pull requests, based on information from the associated Jira ticket.

Files Changed Analysis

• Added: .github/workflows/branch-suggestion.yml (+17 lines)
• The change consists of a single new file that defines the GitHub Actions workflow. There are no modifications to the application's source code.

Architecture & Impact Assessment

• What this PR accomplishes: It adds a CI job that automatically suggests the correct base branch for a pull request. This helps enforce the repository's branching strategy and prevents features or fixes from being merged into the wrong release branch.

• Key technical changes introduced: A new GitHub Actions workflow is added, triggered on pull request opened, synchronize, and reopened events. It uses a reusable workflow from the TykTechnologies/github-actions repository, pinned to a specific commit hash (2c8ce80...) for immutability. The workflow requires a JIRA_TOKEN secret to communicate with Jira.

• Affected system components: This change affects the repository's CI/CD pipeline and developer workflow. It does not impact the runtime behavior of the Tyk application.

• Workflow Visualization:

  graph TD
      A[Pull Request Event] --> B{Trigger 'intelligent branch merge suggestion' workflow};
      B --> C[Job: branch-suggestions];
      C --> D[uses: TykTechnologies/github-actions/...@commit_hash];
      D -- Reads ticket info --> E[Jira API using JIRA_TOKEN];
      E --> F[Determine correct base branch];
      F --> G[Comment on PR with suggestion];
  

  Loading

Scope Discovery & Context Expansion

• The PR's impact is confined to the CI process. The core logic for branch suggestion is encapsulated within the reusable workflow in TykTechnologies/github-actions. To fully understand the suggestion logic, that repository would need to be reviewed.
• The workflow's success is dependent on access to Jira via the JIRA_TOKEN and a well-defined process for linking Jira tickets to branches and releases. The comment history indicates a linter failure because the linked Jira ticket TT-15793 is in a status ('In design review') that is not permitted by the workflow's rules, highlighting this dependency.
• The reusable workflow is pinned to a specific commit hash (@2c8ce80...). This is a good security practice to prevent unexpected changes, but it also means the workflow will not receive automatic updates and will need to be manually updated to incorporate future improvements or bug fixes from the source repository.

Metadata

• Review Effort: 1 / 5
• Primary Label: chore

---

Powered by Visor from Probelabs

Last updated: 2025-10-30T20:35:29.044Z | Triggered by: synchronize | Commit: be6e834

💡 TIP: You can chat with Visor using /visor ask <your question>

[probelabs]

🔍 Code Analysis Results

✅ Security Check Passed

No security issues found – changes LGTM.

Architecture Issues (1)

Severity	Location	Issue
🟡 Warning	.github/workflows/branch-suggestion.yml:15	The reusable workflow is pinned to a specific commit hash, which can hinder maintainability. 💡 Suggestion The reusable workflow is pinned to a specific commit hash (`2c8ce806aea008d7079ba2d9d826d87898ba0686`). While this ensures stability and reproducibility, it prevents the workflow from receiving automatic updates, including bug fixes and security patches from the source repository. This can lead to using outdated logic and requires manual effort to update the hash. Consider using a version tag (e.g., `@v1`) to balance stability with easier maintenance. This allows receiving non-breaking updates automatically. 🔧 Suggested Fix uses: TykTechnologies/github-actions/.github/workflows/branch-suggestion.yml@v1

Performance Issues (1)

Severity	Location	Issue
🟢 Info	AI_RESPONSE:1	This pull request introduces a new GitHub Actions workflow (`.github/workflows/branch-suggestion.yml`) to provide merge target suggestions based on Jira tickets. The changes are confined to CI/CD configuration and do not modify any of the application's Go source code. As a result, this change has no impact on the runtime performance of the Tyk gateway. The performance analysis areas outlined in the review instructions (e.g., API loading, regex evaluation, connection handling, analytics) are not affected by this pull request. Therefore, no performance issues were found.

Quality Issues (2)

Severity	Location	Issue
🟡 Warning	.github/workflows/branch-suggestion.yml:1	The workflow name `intelligent branch merge suggestion.` does not follow common naming conventions. Workflow names are typically written in title case (e.g., `Intelligent Branch Merge Suggestion`) and should not include a trailing period. This improves readability and consistency across workflows. 💡 Suggestion Update the workflow name to follow title case convention and remove the trailing period. 🔧 Suggested Fix name: Intelligent Branch Merge Suggestion
🟡 Warning	.github/workflows/branch-suggestion.yml:15	The reusable workflow is pinned to a specific commit hash. While this ensures build stability, it prevents automatic updates for new features or security patches from the source workflow. This can lead to using outdated logic and requires manual intervention to update. 💡 Suggestion While pinning is a valid strategy for stability, consider adding a comment to document the version/date of the pinned commit and establish a process for periodically updating it. Alternatively, if the source repository uses stable tags (e.g., `v1`), using a tag could be a viable alternative, balancing stability and maintainability.

✅ Dependency Check Passed

No dependency issues found – changes LGTM.

✅ Connectivity Check Passed

No connectivity issues found – changes LGTM.

---

Powered by Visor from Probelabs

Last updated: 2025-10-30T20:35:30.186Z | Triggered by: synchronize | Commit: be6e834

💡 TIP: You can chat with Visor using /visor ask <your question>

[github-actions]

🎯 Recommended Merge Targets

Based on JIRA ticket TT-15793: Implement Intelligent Branch Merge Recommendations

Fix Version: Tyk 5.10.1

Required:

• release-5.10 - Minor version branch for 5.10.x patches - required for creating Tyk 5.10.1
• master - Main development branch - ensures fix is in all future releases

---

📋 Workflow

1. Merge this PR to master first
2. After merging, comment on the merged PR with /release to <branch> to cherry-pick to release branches
3. Example: /release to release-5.8
4. The bot will automatically create a backport PR to the specified release branch

[github-actions]

🚨 Jira Linter Failed

Commit: be6e834
Failed at: 2025-10-30 20:32:45 UTC

The Jira linter failed to validate your PR. Please check the error details below:

🔍 Click to view error details

failed to validate Jira issue: jira ticket TT-15793 has status 'In design review' but must be one of: In Dev, In Code Review, Ready For Dev, Dod Check

Next Steps

• Ensure your branch name contains a valid Jira ticket ID (e.g., ABC-123)
• Verify your PR title matches the branch's Jira ticket ID
• Check that the Jira ticket exists and is accessible

---

This comment will be automatically deleted once the linter passes.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud