feat(link-backport-prs): link backport PRs to matching Linear sub-issue#157
Merged
Conversation
Piotr1215
added a commit
that referenced
this pull request
Jul 2, 2026
Review feedback on #157 flagged that the action's go.mod pinned an outdated Go (1.25.0) and go-github (v84) while newer releases are out. go-github v88 redesigned the client constructor: NewClient now returns (*Client, error) and takes functional options instead of an *http.Client. Switched to github.WithAuthToken, which authenticates directly and lets us drop the golang.org/x/oauth2 dependency entirely. Added a renovate gomod group rule for link-backport-prs so its Go toolchain and go-github version track upstream automatically, matching the existing linear-pr-commenter and linear-release-sync rules.
7b8ac9b to
d92e8c6
Compare
sydorovdmytro
approved these changes
Jul 3, 2026
Backport PRs opened by sorenlouv were not connected to the per-release-line
Linear sub-issues ("[0.34] Copy of ENG-x") that track each maintenance line.
The sub-issues stayed open after their backport merged, so patch-release
tracking drifted and had to be reconciled by hand (the Maintenance project
checklist in Notion).
This adds a step to the shared backport workflow that runs after the backports
are created and, for each backport target, resolves the source PR's Linear
issue (the parent) via attachmentsForURL, finds the sub-issue whose title
carries the release-line prefix, and appends "Fixes <id>" to that backport PR
so the right sub-issue closes on merge.
Matching is by title prefix ("[0.34]" / "[v0.34]"), not milestone: the
backport-copy sub-issues do not reliably carry a patch milestone and may live
in the parent's project, so the title is the dependable key (verified against
ENGCP-906 -> ENGCP-913/ENGCP-943).
The step is advisory and backward compatible: the new linear-token secret is
optional, the step is continue-on-error, and the action exits 0 (and no-ops
without a token), so existing backport callers are unaffected.
Closes DEVOPS-693
Review feedback on #157 flagged that the action's go.mod pinned an outdated Go (1.25.0) and go-github (v84) while newer releases are out. go-github v88 redesigned the client constructor: NewClient now returns (*Client, error) and takes functional options instead of an *http.Client. Switched to github.WithAuthToken, which authenticates directly and lets us drop the golang.org/x/oauth2 dependency entirely. Added a renovate gomod group rule for link-backport-prs so its Go toolchain and go-github version track upstream automatically, matching the existing linear-pr-commenter and linear-release-sync rules.
A reviewer read the optional linear-token as an oversight and expected it to be required. It is optional on purpose: the linking step is advisory and no-ops when the token is absent so callers can adopt the shared backport workflow before wiring up a Linear token. Spell that out in the input description so the next reader does not have to ask.
d92e8c6 to
c3e8c3b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Backport PRs opened by sorenlouv were never connected to the per-release-line Linear sub-issues (
[0.34] Copy of ENG-x) that track each maintenance line. Those sub-issues stayed open after their backport merged, so patch-release tracking drifted and had to be reconciled by hand.This adds a
link-backport-prscomposite action and wires it into the sharedbackport.yamlreusable workflow. After the backports are created, it links each one to the matching Linear sub-issue by addingFixes <id>to the backport PR body, so the right sub-issue closes when the backport merges.This implements the linking step described in Denise's comment on DEVOPS-693 (the authoritative spec) and step 6.1 of the "WIP: Patch Issue Management" Notion doc.
How it works
The trigger is the GitHub side, not Linear: the backport PR only exists after the source PR merges and sorenlouv runs, which a Linear webhook never sees. So the step runs inside
backport.yaml, in the same job that creates the PRs. For eachbackport-to-vX.Ylabel on the merged source PR:attachmentsForURL, falling back to aTEAM-123identifier parsed from the branch or body.head: backport/vX.Y/pr-<src>,base: vX.Y).[0.34]or[v0.34]).Fixes <sub-issue-id>to that backport PR's body, unless it already references the issue.Matching is by title prefix, not milestone: the backport-copy sub-issues do not reliably carry a patch milestone and can live in the parent's project, so the title is the dependable key. Verified end to end against a real family: vcluster#3993 -> parent ENGCP-906 -> ENGCP-913
[0.34]and ENGCP-943[0.35].Key Changes
.github/actions/link-backport-prsGo composite action (modeled onlinear-pr-commenter), with unit tests for the matching logic.backport.yaml: optionallinear-tokensecret and an advisory step that runs the action after sorenlouv.test-link-backport-prs, CI workflowtest-link-backport-prs.yaml, README entry, and regenerateddocs/workflows/backport.md.Backward compatibility
Strictly additive. The
linear-tokensecret is optional, the step iscontinue-on-error: true, and the action exits 0 and no-ops when no token is provided. Existing callers (e.g. vcluster on@backport/v1) are unaffected until the coordination tag is moved.Notes / dependencies
[X.Y] Copy of ...sub-issues are meant to be created by thelinear-webhook-serviceneeds-backport automation; that automation requires the issue to have a milestone and be in a patch-release project, and currently the copies are often created by hand. The linker works regardless of who created them, but its end-to-end value depends on the copies existing.attachmentsForURL; if Linear's schema differs in practice this is the first thing to validate against a live token.TODO before this takes effect in production
link-backport-prs/v1and move thebackport/v1coordination tag to this commit (the workflow references the action by@link-backport-prs/v1, following thenotify-release/release-notificationpattern).linear-token: ${{ secrets.LINEAR_API_TOKEN }}to enable linking.Closes DEVOPS-693