From 06b426e9c3d898242ffb3c44b7f223ba0e3d496d Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@iwebnotes.com>
Date: Tue, 12 Oct 2021 23:01:37 +0530
Subject: [PATCH] ci: rule to fail PRs that add a new manual commit (#27928)

Manual commits are frequent source of bugs, confusions or undefined
behaviour.

All new manual commits should be explcitly ignored with explanation on
why it's added. This will only fail for new additions. Existing ones
need to be cleaned up manually.
---
 .../semgrep_rules/frappe_correctness.yml       | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.github/helper/semgrep_rules/frappe_correctness.yml b/.github/helper/semgrep_rules/frappe_correctness.yml
index d9603e89aa..166e98a8a2 100644
--- a/.github/helper/semgrep_rules/frappe_correctness.yml
+++ b/.github/helper/semgrep_rules/frappe_correctness.yml
@@ -131,3 +131,21 @@ rules:
       key `$X` is uselessly assigned twice. This could be a potential bug.
   languages: [python]
   severity: ERROR
+
+
+- id: frappe-manual-commit
+  patterns:
+    - pattern: frappe.db.commit()
+    - pattern-not-inside: |
+        try:
+          ...
+        except ...:
+          ...
+  message: |
+    Manually commiting a transaction is highly discouraged. Read about the transaction model implemented by Frappe Framework before adding manual commits: https://frappeframework.com/docs/user/en/api/database#database-transaction-model If you think manual commit is required then add a comment explaining why and `// nosemgrep` on the same line.
+  paths:
+      exclude:
+        - "**/patches/**"
+        - "**/demo/**"
+  languages: [python]
+  severity: ERROR