Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .github/workflows/pr-review-trigger.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,17 @@ on:

permissions: {}

# Deduplicate simultaneous pull_request events for the same fork PR.
# When reviewers are requested at the same time, GitHub fires multiple
# review_requested events. Without this group each event triggers a
# separate review via workflow_run, producing duplicate reviews.
concurrency:
group: pr-review-trigger-${{ github.event.pull_request.number }}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[MEDIUM] Concurrency group key may resolve to empty string for pull_request_review_comment events

The group key is pr-review-trigger-${{ github.event.pull_request.number }}. The workflow also triggers on pull_request_review_comment events. Whether github.event.pull_request is populated for that event type is a critical question: GitHub's webhook docs show a pull_request field in the pull_request_review_comment payload, which would mean the key resolves correctly. However, if for any reason the field is absent or empty at runtime, all comment-triggered runs would share the group key pr-review-trigger- and cancel-in-progress: true would cause them to cancel each other across different PRs.

Consider using a safer fallback expression to guarantee uniqueness:

group: pr-review-trigger-${{ github.event.pull_request.number || github.event.issue.number }}

Or include the event name for an extra layer of scoping:

group: pr-review-trigger-${{ github.event_name }}-${{ github.event.pull_request.number }}

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull_request_review_comment webhook payload includes a pull_request field with number populated per GitHub's documentation. The concurrency group key will always resolve to a valid PR number for both event types. The docker-agent APPROVE review (submitted first) confirmed the expressions are correct.

cancel-in-progress: true

jobs:
save-context:
if: github.event.pull_request.head.repo.fork
runs-on: ubuntu-latest
steps:
- name: Save event context
Expand Down