Recently, a wrong merge happened from main into 6.2.x, since the merge was a fast-forward it went unnoticed until a contributor reported it in https://github.com/spring-projects/spring-security/issues/15016. The result was that 6.2.x was synced with main.

We should prevent it from happening again, a few suggestions are:

  • A Gradle task that checks if we are in a branch that matches *.x and then compare it with the version in gradle.properties. The check task would depend on this new task.
  • A pre-commit hook that does the same as above
  • A CI task/workflow that does the same as above
  • Use no fast-forward option (--no-ff), this will create a merge commit even when a fast-forward is possible, making it easier to spot the mistake

Comment From: sjohnr

@marcusdacoregio I like the pre-commit hook idea as a possible solution. The issue with workflows is that it would be too late to prevent it, right? The gradle task is nice too but it's technically optional to run it locally and can be skipped.

Comment From: jzheaux

I believe what happened was that I accidentally merged main into 6.2.x and because there had been no commits to 6.2.x during the intervening time, there was no Merge branch 'main' into 6.2.x commit in the logs for me to notice the mistake.

Using --no-ff could address this issue since it would have created the Merge branch 'main' into 6.2.x commit and I (hopefully) would have noticed it, found it odd, and corrected the error. So +1 for that idea.

Another idea would be to introduce a git hook that considers whether a merge is valid. For example, it is always invalid to attempt to merge main into any other protected branch. We could add a script that would check for this and fail the merge.

Hypothetically, we could go further and introduce a script that would check for merging any branch "to the right", 6.2.x into 5.8.x, etc. Maybe this script could check feature branches too, and what protected branch they are based off of before merging.

Comment From: marcusdacoregio

Closed via https://github.com/spring-projects/spring-security/wiki/Working-with-Git-branches