ci: rule to fail PRs that add a new manual commit (#27928) Manual commits are frequent source of bugs, confusions or undefined behaviour. All new manual commits should be explcitly ignored with explanation on why it's added. This will only fail for new additions. Existing ones need to be cleaned up manually.

commit: 06b426e9c3d898242ffb3c44b7f223ba0e3d496d [log] [tgz]
author: Ankush Menat <ankush@iwebnotes.com> Tue Oct 12 23:01:37 2021 +0530
committer: GitHub <noreply@github.com> Tue Oct 12 23:01:37 2021 +0530
tree: 8a1a64c14836a6078fbb4d8a6483ff7467696a96
parent: b6da7ff1b1d2ab3c5c606507ca09e5b6e9837933 [diff]
diff --git a/.github/helper/semgrep_rules/frappe_correctness.yml b/.github/helper/semgrep_rules/frappe_correctness.yml
index d9603e8..166e98a 100644
--- a/.github/helper/semgrep_rules/frappe_correctness.yml
+++ b/.github/helper/semgrep_rules/frappe_correctness.yml

@@ -131,3 +131,21 @@
       key `$X` is uselessly assigned twice. This could be a potential bug.
   languages: [python]
   severity: ERROR
+
+
+- id: frappe-manual-commit
+  patterns:
+    - pattern: frappe.db.commit()
+    - pattern-not-inside: |
+        try:
+          ...
+        except ...:
+          ...
+  message: |
+    Manually commiting a transaction is highly discouraged. Read about the transaction model implemented by Frappe Framework before adding manual commits: https://frappeframework.com/docs/user/en/api/database#database-transaction-model If you think manual commit is required then add a comment explaining why and `// nosemgrep` on the same line.
+  paths:
+      exclude:
+        - "**/patches/**"
+        - "**/demo/**"
+  languages: [python]
+  severity: ERROR
commit	06b426e9c3d898242ffb3c44b7f223ba0e3d496d	[log] [tgz]
author	Ankush Menat <ankush@iwebnotes.com>	Tue Oct 12 23:01:37 2021 +0530
committer	GitHub <noreply@github.com>	Tue Oct 12 23:01:37 2021 +0530
tree	8a1a64c14836a6078fbb4d8a6483ff7467696a96
parent	b6da7ff1b1d2ab3c5c606507ca09e5b6e9837933 [diff]