Integrate bot for cherry-picking / backporting commits to release branches

[karthikvetrivel]

Usage

Add a /cherry-pick comment to your PR specifying target release branches:

/cherry-pick release-25.3
/cherry-pick release-24.9

When to add the comment:

• Before merge: Bot acknowledges and automatically backports after PR is merged
• After merge: Bot immediately starts backporting

What Happens

1. ✅ Bot creates a new PR for each target branch
2. 🏷️ Applies labels: backport + auto-backport (clean) or needs-manual-resolution (conflicts)
3. 💬 Posts a comment with link to each backport PR

Example

Example of a PR where you specify the target release branch:

Example of new PR opened:

Conflict Handling

If cherry-pick has conflicts:

• PR is created in draft mode with needs-manual-resolution label
• Follow instructions in the backport PR description to resolve conflicts

Branch Naming

Release branches must follow the pattern: release-X.Y

Examples: release-25.3, release-24.9.1, release-23.9

Example

Original PR #1234 merged to main
  ↓
/cherry-pick release-25.3 comment
  ↓
Bot creates PR #1235: [release-25.3] Original PR title

[cdesiniotis]

Made a quick first pass. This is a great start!

[cdesiniotis]

Question -- is grabbing a github issue number (the RHS of the conditional statement) necessary / correct here?

[karthikvetrivel]

Yes, I believe so. I found that when the workflow is triggered by someone commenting / cherry-pick on a PR, GitHub's API doesn't populate context.payload.pull_request. Instead, the PR information is in context.payload.issue. The fallback ensures we get the PR number in both trigger scenarios.

[cdesiniotis]

I am not quite following this. Could you explain what this is doing and why searching the PR body is required? From a quick glance I would assume that searching through the PR comments, as is done below, would suffice.

[karthikvetrivel]

I added this in the case that the PR author knows upfront which branches need the backport and wants to declare it in the PR description, rather than needing to add a separate comment later. If you don't believe that this is a useful case, I can remove it--let me know

[cdesiniotis]

nit: what about a more descriptive git username? nv-cherrypick-bot?

[karthikvetrivel]

Agreed, will update.

EDIT: updated

[cdesiniotis]

👀

[karthikvetrivel]

Yes! I was following the convention of some other fun workflow bots and add the eyes reaction to the comment

[cdesiniotis]

@tariq1890 this will cherry-pick the merge commits as opposed to the individual commits that are part of the PR. This differs from our current process of backporting individual commits (not merge commits). Do you have any objections to backporting the merge commits instead?

[tariq1890]

I strongly prefer the backport of the individual commits over merge commits. It is way more UI friendly when comparing git branches

[tariq1890]

Can't we retrieve the commits from a PR ID?

[karthikvetrivel]

I can look into this, it should be possible.

[tariq1890]

Thanks @karthikvetrivel !

[karthikvetrivel]

Done. Updated the PR message too now to reflect showing each individual commit.

[ArangoGutierrez]

Awesome initiative! left some comments

[ArangoGutierrez]

Let's rename the file to a more proper name, like cherrypick.yml or something

[karthikvetrivel]

Updated!

[ArangoGutierrez]

Cherry-Pick, all our workflow files follow a short name approach

[karthikvetrivel]

Updated.

[ArangoGutierrez]

Does this mean that the cherry-pick will happen before the PR is approved and merged?

[karthikvetrivel]

No. The PR must be merged before doing any cherry-picks (lines 118-144). If someone comments /cherry-pick on an unmerged PR, the bot just acknowledges it with 👀 and says it will backport after merge. The actual cherry-pick only happens once the PR is merged.

Generally, It's a convenience add—you can say "this needs to go to release-X.Y" while reviewing, and it'll happen when the PR merges.

[tariq1890]

This JS script has a lot of lines. It's better to move them to a file instead of keeping them inline in the yaml file

[karthikvetrivel]

Addressed, moved to seperated Javascript files.

[karthikvetrivel]

@tariq1890 Updated the backport bot to cherry-pick individual commits instead of merge commits. Tested with a 2-commit PR to verify it handles multiple commits correctly.

[ArangoGutierrez]

Can we have a Licence Header

[karthikvetrivel]

Updated.

[ArangoGutierrez]

Double end of file line

[ArangoGutierrez]

Licence header

[karthikvetrivel]

Updated.

[ArangoGutierrez]

Double end of file line

[karthikvetrivel]

Updated.

[ArangoGutierrez]

Not a JS expert, just a few comments from what I can remember from my early days with JS

[ArangoGutierrez]

Suggested change

	uses: actions/github-script@v7
	uses: actions/github-script@v8

[karthikvetrivel]

Updated.

[ArangoGutierrez]

Suggested change

	execSync(`git checkout -b ${backportBranch} ${targetBranch}`, { stdio: 'inherit' });
	execSync(`git checkout ${backportBranch} || git checkout -b ${backportBranch} ${targetBranch}`, { stdio: 'inherit' });```

[karthikvetrivel]

Updated.

[ArangoGutierrez]

Suggested change

	const bodyMatches = prBody.matchAll(/\/cherry-pick\s+(release-\d+\.\d+(?:\.\d+)?)/g);
	// Strict ASCII, anchored; allow X.Y or X.Y.Z
	const bodyMatches = prBody.matchAll(/^\/cherry-pick\s+(release-\d+\.\d+(?:\.\d+)?)/gmi);

[karthikvetrivel]

Updated.

[elezar]

nit: Resolving the conflicts will most likely require a force push:

Suggested change

	4. Push the resolution: \`git push origin ${backportBranch}\`
	4. Push the resolution: \`git push -f origin ${backportBranch}\`

[karthikvetrivel]

Updated.

[elezar]

nit: I understand that this may be idiomatic, but looking for this : to differentiate between the two contents is not ideal.

[karthikvetrivel]

Updated.

[elezar]

Thanks @karthikvetrivel. This is great.

Is this something that we want to publish as an action at some point, or what options do we have to share this to other repos we own?

Maybe as a follow up: What does the landscape of available actions for doing this look like?

[ArangoGutierrez]

Thanks @karthikvetrivel. This is great.

Is this something that we want to publish as an action at some point, or what options do we have to share this to other repos we own?

++ To this, since @karthikvetrivel implementation is already in JS, we could have this JS code at k8s-test-infra and from there export it as a GitHub Action so we can reuse in all our repos

[karthikvetrivel]

@ArangoGutierrez @elezar thanks for the review! Regarding rollout, I see a few options.

1. As @ArangoGutierrez mentioned, we can host as reusable workflow in k8s-test-infra. Other repos can call it with something like this:

jobs: 
  cherrypick:
    uses: NVIDIA/k8s-test-infra/.github/workflows/cherrypick.yml@main

These seems the simplest to me.

2. Package as a composite action in k8s-test-infra. Repos would use it as a step:

  - uses: NVIDIA/k8s-test-infra/.github/actions/backport@main
    with:
      github-token: ${{ secrets.GITHUB_TOKEN }}

This gives repos more flexibility to add custom steps before/after, but our bot needs full job isolation for git operations (script will fail if initial starting state is incorrect), so option 1 seems better.

3. Build as a full JavaScript action with @vercel/ncc and publish to GitHub Marketplace. This would only makes sense if we want to open-source it for the broader community as it adds to build/release complexity.

4. Keep copy-paste approach (current state). Works but means updating multiple repos when we improve the logic.

It seems like option 1 is the best to me but would to leave hear your thoughts.

[rajathagasthya]

nit: just to be ultra-safe, I would recommend --force-with-lease instead of a plain -f.

[karthikvetrivel]

Great point, resolved.

[rajathagasthya]

Ditto.

[karthikvetrivel]

Updated as well.

[ArangoGutierrez]

@ArangoGutierrez @elezar thanks for the review! Regarding rollout, I see a few options.

1. As @ArangoGutierrez mentioned, we can host as reusable workflow in k8s-test-infra. Other repos can call it with something like this:

jobs: 
  cherrypick:
    uses: NVIDIA/k8s-test-infra/.github/workflows/cherrypick.yml@main

These seems the simplest to me.

2. Package as a composite action in k8s-test-infra. Repos would use it as a step:

  - uses: NVIDIA/k8s-test-infra/.github/actions/backport@main
    with:
      github-token: ${{ secrets.GITHUB_TOKEN }}

This gives repos more flexibility to add custom steps before/after, but our bot needs full job isolation for git operations (script will fail if initial starting state is incorrect), so option 1 seems better.

3. Build as a full JavaScript action with @vercel/ncc and publish to GitHub Marketplace. This would only makes sense if we want to open-source it for the broader community as it adds to build/release complexity.
4. Keep copy-paste approach (current state). Works but means updating multiple repos when we improve the logic.

It seems like option 1 is the best to me but would to leave hear your thoughts.

As you recommend option 1, lets go with that.

I think we can finish the review here and once we all agree with the implementation, we can talk about a centralized GitHub action so other repos can benefit from this tool

[karthikvetrivel]

@ArangoGutierrez Thanks!

@elezar @cdesiniotis @tariq1890 what do you think about the current plan? As next steps, we can:

1. Close this PR w/o merging once everyone is satisfied with the outlined functionality
2. Centralize backport workflow as a reusable component in k8s-test-infra & discuss target repos we'd like to have the action
3. Create PRs in target repos for initiating the action.