ci: Add check-commits action

[unknowIfGuestInDream]

Close: #2101

Fixes #

Proposed Changes

1. ...
2. ...
3. ...

Readiness Checklist

Author/Contributor

• If documentation is needed for this change, has that been included in this pull request

Reviewing Maintainer

• Label as either enhancement, bug, documentation or dependencies
• Verify design and implementation

Summary by Sourcery

Add a GitHub Actions workflow to check for problematic merge commits from release branches to the master branch

New Features:

• Added a commit merge validation mechanism to protect specific project files during merges

CI:

• Implemented a Groovy script to detect and prevent unintended changes from release branches being merged into master
• Created a GitHub Actions workflow to run commit merge checks on pull requests targeting the master branch

Summary by CodeRabbit

• 新功能
  • 新增自动化校验流程，在拉取请求合并到主分支（master）时，自动检测不规范的合并提交，并在发现问题时于PR中留言提示具体修复建议。

[naming-conventions-bot]

Thank you for following naming conventions! 😻

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
javafx-tool	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 1, 2025 11:40pm

[sourcery-ai]

Reviewer's Guide

This pull request introduces a new GitHub Actions workflow and a Groovy script to prevent accidental merges of specific documentation and configuration files from release branches into the master branch.

File-Level Changes

Change	Details	Files
Added a GitHub Actions workflow to check commits in pull requests targeting master.	Configured the workflow to trigger on 'pull_request' events. Included steps to checkout code, set up Java/Groovy, list PR commits, and execute the validation script. Added a step to comment on the PR with error details if the validation script fails.	.github/workflows/check-commits.yml
Implemented a Groovy script to detect disallowed file changes in specific merge scenarios.	Defined a list of monitored file paths that should not be merged from release branches. Implemented logic to identify merge commits from a release branch into master. Added checks to see if monitored files were modified in such merge commits. Included helper functions to execute git commands and parse their output. Configured the script to exit with an error code if a 'bad' merge is found.	.github/workflows/CheckBadMerge.groovy

Possibly linked issues

• [Feature Request] CheckBadCommit workflow #2101: The PR adds the check-commits workflow and script requested in issue [Feature Request] CheckBadCommit workflow #2101.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[quine-bot]

👋 Figuring out if a PR is useful is hard, hopefully this will help.

• @unknowIfGuestInDream has been on GitHub since 2019 and in that time has had 1219 public PRs merged
• Don't you recognize them? They've been here before 🎉
• Here's a good example of their work: javafxTool (Javafx scaffolding, built on JDK17 + JavaFX21 + controlsfx 11.x.x + Maven)
• From looking at their profile, they seem to be good with Java and HTML.

Their most recently public accepted PR is: #2117

[coderabbitai]

"""

Walkthrough

本次变更引入了一个新的 Groovy 脚本 CheckBadMerge.groovy，用于检测将 release 分支合并到 master 时，是否错误地包含了特定监控文件的更改。同时，新增了一个 GitHub Actions 工作流 check-commits.yml，在 PR 合并到 master 分支时自动触发，运行该脚本对 PR 的提交进行检查，并在发现问题时自动在 PR 下方评论告警信息。

Changes

文件/路径	变更摘要
.github/workflows/CheckBadMerge.groovy	新增 Groovy 脚本，用于检测不合规的合并提交，包含主逻辑与辅助方法。
.github/workflows/check-commits.yml	新增 GitHub Actions 工作流，自动运行 Groovy 脚本并根据结果反馈到 PR。

Sequence Diagram(s)

sequenceDiagram
    participant GitHub Actions
    participant Groovy Script
    participant PR Author

    GitHub Actions->>Groovy Script: 传入 PR 提交列表，执行检测
    Groovy Script->>Groovy Script: 检查每个合并提交
    alt 检测到违规合并
        Groovy Script-->>GitHub Actions: 非零退出码，输出修复建议
        GitHub Actions->>PR Author: 在 PR 下评论告警信息和修复建议
    else 未检测到违规
        Groovy Script-->>GitHub Actions: 正常退出
    end

Loading

Assessment against linked issues

Objective	Addressed	Explanation
实现 PR 检查工作流，检测不合规合并提交（#2101）	✅

Suggested labels

size/M

Suggested reviewers

• DreamAwakenFateBroke

Poem

兔子写脚本，Groovy 跳跃忙，
合并需谨慎，监控文件藏。
Actions 自动查，PR 留言响，
代码更安全，大家都欢畅！
🐇✨
"""

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 03388e0 and efaf17d.

📒 Files selected for processing (1)

• .github/workflows/CheckBadMerge.groovy (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/CheckBadMerge.groovy

⏰ Context from checks skipped due to timeout of 90000ms (9)

• GitHub Check: build (21, macos-latest, false)
• GitHub Check: build (17, ubuntu-latest, false)
• GitHub Check: build (21, windows-latest, false)
• GitHub Check: build (21, ubuntu-latest, false)
• GitHub Check: build (17, macos-latest, false)
• GitHub Check: build (17, windows-latest, false)
• GitHub Check: qodana
• GitHub Check: StepSecurity Harden-Runner
• GitHub Check: Summary

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[mergify]

@unknowIfGuestInDream
The current code is frozen, please wait for the unfreeze to merge.

[sourcery-ai]

Hey @unknowIfGuestInDream - I've reviewed your changes - here's some feedback:

• Consider making the list of monitored file paths configurable, perhaps via the workflow inputs or a separate configuration file, instead of hardcoding it in the script.
• Improve the robustness of the Groovy script by adding more specific error handling for potential failures when executing external git commands.

Here's what I looked at during the review

• 🟡 General issues: 3 issues found
• 🟢 Security: all looks good
• 🟢 Testing: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

.github/workflows/CheckBadMerge.groovy (1)

149-151: 使用 Groovy assert 作运行时断言在生产脚本里不可靠
Groovy 的 assert 无法关闭，但抛出的 AssertionError 信息欠清晰，并会携带大量堆栈，影响 CI 输出可读性。
建议显式抛出自定义异常或直接 System.err.println 后 System.exit(2)，以提供更友好的错误信息。

.github/workflows/check-commits.yml (1)

25-31: 缺少 apt-get update，安装 Groovy 可能失败
在 GitHub Actions 的 ubuntu-latest 镜像上直接 apt-get install groovy 偶尔会因软件包索引过期而失败。
建议先更新索引。

-      - name: Install Groovy
-        run: sudo apt-get install groovy
+      - name: Install Groovy
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y groovy

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c901a5b and e502ee9.

📒 Files selected for processing (2)

• .github/workflows/CheckBadMerge.groovy (1 hunks)
• .github/workflows/check-commits.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (9)

• GitHub Check: build (21, macos-latest, false)
• GitHub Check: build (21, windows-latest, false)
• GitHub Check: build (17, windows-latest, false)
• GitHub Check: build (17, ubuntu-latest, false)
• GitHub Check: build (21, ubuntu-latest, false)
• GitHub Check: build (17, macos-latest, false)
• GitHub Check: qodana
• GitHub Check: StepSecurity Harden-Runner
• GitHub Check: Summary

[github-actions]

Qodana Community for JVM

It seems all right 👌

No new problems were found according to the checks applied

💡 Qodana analysis was run in the pull request mode: only the changed files were checked
☁️ View the detailed Qodana report

Contact Qodana team

Contact us at qodana-support@jetbrains.com

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud