Address CodeRabbit review feedback

- Support both main and master branches (ComfyUI uses master)
- Dynamically detect branch from push context instead of hardcoding
- Fix approval check to use latest review per reviewer (handles dismissed reviews)
- Add UNREVIEWED_MERGES_TOKEN validation before use
- Add concurrency control to prevent duplicate issues
- Fix version comment: v7 -> v7.1.0

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/workflows/detect-unreviewed-merge.yml

@@ -2,7 +2,11 @@ name: Detect Unreviewed Merge
 
 on:
   push:
-    branches: [main]
+    branches: [main, master]
+
+concurrency:
+  group: detect-unreviewed-merge
+  cancel-in-progress: false
 
 permissions:
   contents: read
@@ -13,13 +17,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check for unreviewed merge
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
         env:
           UNREVIEWED_MERGES_TOKEN: ${{ secrets.UNREVIEWED_MERGES_TOKEN }}
         with:
           script: |
             const sha = context.sha;
             const { owner, repo } = context.repo;
+            const branch = context.ref.replace('refs/heads/', '');
 
             // Find the PR associated with this merge commit
             const { data: prs } = await github.rest.repos.listPullRequestsAssociatedWithCommit({
@@ -28,7 +33,7 @@ jobs:
               commit_sha: sha,
             });
 
-            const pr = prs.find(p => p.merged_at && p.base.ref === 'main');
+            const pr = prs.find(p => p.merged_at && p.base.ref === branch);
             if (!pr) {
               core.info('No merged PR found for this commit — skipping.');
               return;
@@ -36,14 +41,26 @@ jobs:
 
             core.info(`Found PR #${pr.number}: ${pr.title}`);
 
-            // Check for approving reviews
+            // Determine effective approval state using latest review per reviewer
             const reviews = await github.paginate(github.rest.pulls.listReviews, {
               owner,
               repo,
               pull_number: pr.number,
             });
 
-            if (reviews.some(r => r.state === 'APPROVED')) {
+            const latestByReviewer = new Map();
+            for (const r of reviews) {
+              if (!r.user || r.state === 'COMMENTED') continue;
+              const prev = latestByReviewer.get(r.user.login);
+              if (!prev || new Date(r.submitted_at) > new Date(prev.submitted_at)) {
+                latestByReviewer.set(r.user.login, r);
+              }
+            }
+
+            const hasApproval = Array.from(latestByReviewer.values()).some(
+              r => r.state === 'APPROVED'
+            );
+            if (hasApproval) {
               core.info('PR has an approving review — no action needed.');
               return;
             }
@@ -94,7 +111,7 @@ jobs:
               `| **Author** | @${pr.user.login} |`,
               `| **Merged by** | @${mergedBy} |`,
               `| **Merged at** | ${pr.merged_at} |`,
-              '| **Branch** | main |',
+              `| **Branch** | ${branch} |`,
             ];
 
             const policyRef = [
@@ -139,6 +156,11 @@ jobs:
             }
 
             // Create issue in the tracking repo with the dedicated PAT
+            if (!process.env.UNREVIEWED_MERGES_TOKEN) {
+              core.setFailed('UNREVIEWED_MERGES_TOKEN secret is not configured');
+              return;
+            }
+
             const { getOctokit } = require('@actions/github');
             const tracking = getOctokit(process.env.UNREVIEWED_MERGES_TOKEN);