From 2ced468ab69c6dded5d3aeb47c7296f47ba2f736 Mon Sep 17 00:00:00 2001 From: Luke Mino-Altherr Date: Wed, 27 May 2026 16:14:15 -0700 Subject: [PATCH] Address CodeRabbit review feedback - Support both main and master branches (ComfyUI uses master) - Dynamically detect branch from push context instead of hardcoding - Fix approval check to use latest review per reviewer (handles dismissed reviews) - Add UNREVIEWED_MERGES_TOKEN validation before use - Add concurrency control to prevent duplicate issues - Fix version comment: v7 -> v7.1.0 Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/detect-unreviewed-merge.yml | 34 +++++++++++++++---- 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/.github/workflows/detect-unreviewed-merge.yml b/.github/workflows/detect-unreviewed-merge.yml index cc0237939..a2cd10d48 100644 --- a/.github/workflows/detect-unreviewed-merge.yml +++ b/.github/workflows/detect-unreviewed-merge.yml @@ -2,7 +2,11 @@ name: Detect Unreviewed Merge on: push: - branches: [main] + branches: [main, master] + +concurrency: + group: detect-unreviewed-merge + cancel-in-progress: false permissions: contents: read @@ -13,13 +17,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Check for unreviewed merge - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 env: UNREVIEWED_MERGES_TOKEN: ${{ secrets.UNREVIEWED_MERGES_TOKEN }} with: script: | const sha = context.sha; const { owner, repo } = context.repo; + const branch = context.ref.replace('refs/heads/', ''); // Find the PR associated with this merge commit const { data: prs } = await github.rest.repos.listPullRequestsAssociatedWithCommit({ @@ -28,7 +33,7 @@ jobs: commit_sha: sha, }); - const pr = prs.find(p => p.merged_at && p.base.ref === 'main'); + const pr = prs.find(p => p.merged_at && p.base.ref === branch); if (!pr) { core.info('No merged PR found for this commit — skipping.'); return; @@ -36,14 +41,26 @@ jobs: core.info(`Found PR #${pr.number}: ${pr.title}`); - // Check for approving reviews + // Determine effective approval state using latest review per reviewer const reviews = await github.paginate(github.rest.pulls.listReviews, { owner, repo, pull_number: pr.number, }); - if (reviews.some(r => r.state === 'APPROVED')) { + const latestByReviewer = new Map(); + for (const r of reviews) { + if (!r.user || r.state === 'COMMENTED') continue; + const prev = latestByReviewer.get(r.user.login); + if (!prev || new Date(r.submitted_at) > new Date(prev.submitted_at)) { + latestByReviewer.set(r.user.login, r); + } + } + + const hasApproval = Array.from(latestByReviewer.values()).some( + r => r.state === 'APPROVED' + ); + if (hasApproval) { core.info('PR has an approving review — no action needed.'); return; } @@ -94,7 +111,7 @@ jobs: `| **Author** | @${pr.user.login} |`, `| **Merged by** | @${mergedBy} |`, `| **Merged at** | ${pr.merged_at} |`, - '| **Branch** | main |', + `| **Branch** | ${branch} |`, ]; const policyRef = [ @@ -139,6 +156,11 @@ jobs: } // Create issue in the tracking repo with the dedicated PAT + if (!process.env.UNREVIEWED_MERGES_TOKEN) { + core.setFailed('UNREVIEWED_MERGES_TOKEN secret is not configured'); + return; + } + const { getOctokit } = require('@actions/github'); const tracking = getOctokit(process.env.UNREVIEWED_MERGES_TOKEN);