Skip to content

ci: add concurrency group to pr-review-trigger to prevent duplicate reviews#13890

Merged
glours merged 1 commit into
docker:mainfrom
derekmisler:fix/pr-review-trigger-concurrency
Jul 6, 2026
Merged

ci: add concurrency group to pr-review-trigger to prevent duplicate reviews#13890
glours merged 1 commit into
docker:mainfrom
derekmisler:fix/pr-review-trigger-concurrency

Conversation

@derekmisler

Copy link
Copy Markdown
Contributor

Adds a concurrency group keyed by PR number to pr-review-trigger.yml to prevent
triplicate reviews when simultaneous pull_request events fire for the same fork PR
(e.g., multiple review_requested events when several reviewers are added at once).

Also skips Bot-type senders (Dependabot, Renovate) early to save Actions minutes.

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟢 APPROVE

The concurrency group and bot-skip condition added in this PR are correct.

Concurrency group (line 15): Uses github.event.pull_request.number as the key. Both pull_request and pull_request_review_comment events include a pull_request object in their payload (unlike issue_comment), so the group key is always well-formed and will correctly deduplicate simultaneous events for the same PR without collapsing across unrelated PRs.

Bot-sender skip (line 21): github.event.sender.type != 'Bot' uses the correct capitalization ('Bot'), which matches GitHub's documented sender type values. Combined with the fork-repo guard (github.event.pull_request.head.repo.fork), the condition correctly gates execution to fork PRs from non-bot actors.

No bugs introduced by this PR were found.

@codecov

codecov Bot commented Jun 30, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

…eviews

Signed-off-by: Derek Misler <derek.misler@docker.com>
@derekmisler derekmisler force-pushed the fix/pr-review-trigger-concurrency branch from a278523 to a30b245 Compare June 30, 2026 16:20
@derekmisler derekmisler marked this pull request as ready for review June 30, 2026 16:32
@derekmisler derekmisler requested a review from a team as a code owner June 30, 2026 16:32

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟢 APPROVE

The PR correctly adds a concurrency group to deduplicate simultaneous pull_request events for fork PRs, and gates the job on fork == true plus a bot-sender check. No high- or medium-severity bugs were introduced.

Minor observations (not blocking):

  • The concurrency key pr-review-trigger-${{ github.event.pull_request.number }} would collapse to pr-review-trigger- if the PR number were ever absent (e.g., if the on: block were later extended to non-pull_request events). Consider including ${{ github.event_name }} in the key for robustness.
  • The github.event.pull_request.head.repo.fork boolean check silently skips same-repo PRs — this is intentional but may benefit from a comment in the YAML for future maintainers.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the GitHub Actions trigger workflow used to kick off PR reviews, reducing duplicate downstream review runs caused by multiple near-simultaneous pull_request events on the same PR, and avoiding unnecessary executions for bot-originated events.

Changes:

  • Added a workflow-level concurrency group keyed by PR number to deduplicate concurrent runs.
  • Added an early job if: guard to run only for fork PRs and to skip bot senders.

@thaJeztah

Copy link
Copy Markdown
Member

I'm guessing we need this one to prevent things like #13893 where it ran 5(!!!) times on a single push? Not sure how that one happened though 😂

Screenshot 2026-07-02 at 15 48 33

@derekmisler

Copy link
Copy Markdown
Contributor Author

I'm guessing we need this one to prevent things like #13893 where it ran 5(!!!) times on a single push? Not sure how that one happened though 😂

Screenshot 2026-07-02 at 15 48 33

yeah, it's a fork thing. forks are hard.

@thaJeztah thaJeztah left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@glours glours merged commit 81e4201 into docker:main Jul 6, 2026
42 of 44 checks passed
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Jul 9, 2026
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [docker/compose](https://github.com/docker/compose) | minor | `v5.1.4` → `v5.3.1` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>docker/compose (docker/compose)</summary>

### [`v5.3.1`](https://github.com/docker/compose/releases/tag/v5.3.1)

[Compare Source](docker/compose@v5.3.0...v5.3.1)

#### What's Changed

##### 🔧  Internal

- Ci: add concurrency group to pr-review-trigger to prevent duplicate reviews by [@&#8203;derekmisler](https://github.com/derekmisler) in [#&#8203;13890](docker/compose#13890)
- Fix grammar in Attestations field comment by [@&#8203;blackflytech](https://github.com/blackflytech) in [#&#8203;13891](docker/compose#13891)
- Ci: remove unused desktop-edge-test workflow by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13897](docker/compose#13897)
- Ci: zizmor workflow by [@&#8203;crazy-max](https://github.com/crazy-max) in [#&#8203;13901](docker/compose#13901)
- Ci: fix docs-upstream workflow by [@&#8203;crazy-max](https://github.com/crazy-max) in [#&#8203;13912](docker/compose#13912)
- CODEOWNERS: add compose-reviewers by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13913](docker/compose#13913)
- Ci: harden GitHub Actions workflows by [@&#8203;glours](https://github.com/glours) in [#&#8203;13896](docker/compose#13896)
- GHA: dependabot: group docker/\* actions updates by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13914](docker/compose#13914)

##### ⚙️ Dependencies

- Build(deps): bump github.com/moby/buildkit from `0.31.0` to `0.31.1` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13892](docker/compose#13892)
- Build(deps): bump github.com/moby/sys/user to `v0.4.1` by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13893](docker/compose#13893)
- Build(deps): bump go.yaml.in/yaml/v4 from `4.0.0-rc.4` to `4.0.0-rc.6` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13876](docker/compose#13876)
- Build(deps): bump github.com/docker/cli from `29.6.0+incompatible` to `29.6.1+incompatible` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13895](docker/compose#13895)
- Build(deps): bump actions/stale from `10.2.0` to `10.3.0` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13902](docker/compose#13902)
- Build(deps): bump the docker-actions group with 3 updates by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13916](docker/compose#13916)
- Build(deps): bump actions/upload-artifact from `7.0.0` to `7.0.1` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13908](docker/compose#13908)
- Build(deps): bump actions/setup-go from `6.3.0` to `6.5.0` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13907](docker/compose#13907)
- Build(deps): bump test-summary/action from `2.4` to `2.6` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13903](docker/compose#13903)
- Build(deps): bump mxschmitt/action-tmate from `3.23` to `3.24` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13910](docker/compose#13910)
- Build(deps): bump codecov/codecov-action from `5.5.3` to `7.0.0` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13904](docker/compose#13904)
- Build(deps): bump github/codeql-action/upload-sarif from `3.36.3` to `4.36.2` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13917](docker/compose#13917)
- Build(deps): bump actions/checkout from `6.0.2` to `7.0.0` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13911](docker/compose#13911)

#### New Contributors

- [@&#8203;blackflytech](https://github.com/blackflytech) made their first contribution in [#&#8203;13891](docker/compose#13891)

**Full Changelog**: <docker/compose@v5.3.0...v5.3.1>

### [`v5.3.0`](https://github.com/docker/compose/releases/tag/v5.3.0)

[Compare Source](docker/compose@v5.2.0...v5.3.0)

#### What's Changed

> ℹ️ This release introduces native support for init containers.

##### ✨ Improvements

- Pre start init containers by [@&#8203;glours](https://github.com/glours) in [#&#8203;13862](docker/compose#13862)

##### 🐛 Fixes

- Fix(oci): route authorizer token fetches through provided transport by [@&#8203;glours](https://github.com/glours) in [#&#8203;13873](docker/compose#13873)
- Fix(run): scope Running events to project.Services by [@&#8203;glours](https://github.com/glours) in [#&#8203;13883](docker/compose#13883)

##### 🔧  Internal

- Chore: migrate cagent-action to docker-agent-action (v2.0.0) by [@&#8203;docker-agent](https://github.com/docker-agent) in [#&#8203;13869](docker/compose#13869)
- Chore: migrate to docker-agent-action v2.0.1 by [@&#8203;docker-agent](https://github.com/docker-agent) in [#&#8203;13872](docker/compose#13872)
- Fix(reconcile): hash resolved service refs to match executor by [@&#8203;glours](https://github.com/glours) in [#&#8203;13880](docker/compose#13880)
- Fix(compose/port): show private port in portNotFoundError message by [@&#8203;vmphase](https://github.com/vmphase) in [#&#8203;13875](docker/compose#13875)
- Fix(run): normalize --no-TTY flag to --no-tty by [@&#8203;nickjj](https://github.com/nickjj) in [#&#8203;13885](docker/compose#13885)

##### ⚙️ Dependencies

- Bump compose-go to version v2.13.0 by [@&#8203;glours](https://github.com/glours) in [#&#8203;13886](docker/compose#13886)

#### New Contributors

- [@&#8203;docker-agent](https://github.com/docker-agent) made their first contribution in [#&#8203;13869](docker/compose#13869)
- [@&#8203;vmphase](https://github.com/vmphase) made their first contribution in [#&#8203;13875](docker/compose#13875)
- [@&#8203;nickjj](https://github.com/nickjj) made their first contribution in [#&#8203;13885](docker/compose#13885)

**Full Changelog**: <docker/compose@v5.2.0...v5.3.0>

### [`v5.2.0`](https://github.com/docker/compose/releases/tag/v5.2.0)

[Compare Source](docker/compose@v5.1.4...v5.2.0)

#### What's Changed

> ℹ️ This version introduces a new reconciliation algorithm between the observed state and the expected state.
>
> If you experience any issues with a Compose workload that was previously working, please open an issue.

##### ✨ Improvements

- Reconciliation plan by [@&#8203;ndeloof](https://github.com/ndeloof) & [@&#8203;glours](https://github.com/glours) in [#&#8203;13830](docker/compose#13830)
- Add `rawsetenv` message type for provider plugins by [@&#8203;rajyan](https://github.com/rajyan) in [#&#8203;13742](docker/compose#13742)

##### 🐛 Fixes

- Fix(build): skip remote URL contexts from bake fs.read allowlist by [@&#8203;ndeloof](https://github.com/ndeloof) in [#&#8203;13816](docker/compose#13816)
- Skip validation when extracting config variables by [@&#8203;scarab-systems](https://github.com/scarab-systems) in [#&#8203;13831](docker/compose#13831)
- Fix(progress): probe stderr (not stdout) for TTY auto-detection by [@&#8203;glours](https://github.com/glours) in [#&#8203;13837](docker/compose#13837)
- Fix(publish): honor env\_file required: false for missing files by [@&#8203;Ijtihed](https://github.com/Ijtihed) in [#&#8203;13848](docker/compose#13848)

##### 🔧  Internal

- Docs: compose logs: add links for since/until flag descriptions by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13806](docker/compose#13806)
- Ci: add Dependabot cooldown ([`2026060`](docker/compose@20260603)-170456) by [@&#8203;securityeng-bot](https://github.com/securityeng-bot)\[bot] in [#&#8203;13820](docker/compose#13820)
- Docs(CLAUDE.md): note that commits must be signed off (DCO) by [@&#8203;ndeloof](https://github.com/ndeloof) in [#&#8203;13817](docker/compose#13817)
- Refactor: replace Split in loops with more efficient SplitSeq and replace HasPrefix+TrimPrefix with CutPrefix by [@&#8203;caltechustc](https://github.com/caltechustc) in [#&#8203;13810](docker/compose#13810)
- Chore: fix some comments to improve readability by [@&#8203;solunolab](https://github.com/solunolab) in [#&#8203;13823](docker/compose#13823)
- GHA: update docs-upstream to pin workflows by sha by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13834](docker/compose#13834)
- Docs: compose logs: add more links for flag descriptions by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13833](docker/compose#13833)
- Fix/progress tty line overflow 13595 by [@&#8203;glours](https://github.com/glours) in [#&#8203;13840](docker/compose#13840)
- Fix(publish): bypass Docker Desktop proxy for loopback registries by [@&#8203;ptrdom](https://github.com/ptrdom) in [#&#8203;13825](docker/compose#13825)
- Watch: do not rebuild depends\_on services on file change by [@&#8203;ndeloof](https://github.com/ndeloof) in [#&#8203;13856](docker/compose#13856)
- pkg/e2e: fix malformed JWT in fixtures by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13857](docker/compose#13857)
- pkg/e2e: drop unused run param from getEnv by [@&#8203;glours](https://github.com/glours) in [#&#8203;13867](docker/compose#13867)
- Docs: `ps --format json` outputs JSON Lines, not a JSON array by [@&#8203;glours](https://github.com/glours) in [#&#8203;13868](docker/compose#13868)

##### ⚙️ Dependencies

- Build(deps): bump github.com/docker/cli from `29.5.1+incompatible` to `29.5.2+incompatible` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13802](docker/compose#13802)
- Update to go `1.26.4` by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13828](docker/compose#13828)
- Chore(deps): github.com/containerd/typeurl/v2 `v2.3.0` by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13829](docker/compose#13829)
- Build(deps): bump golang.org/x/sync from `0.20.0` to `0.21.0` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13838](docker/compose#13838)
- Chore(deps): github.com/docker/cli `v29.5.3`, github.com/docker/buildx `v0.34.1`, buildkit `v0.30.0` by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13841](docker/compose#13841)
- Build(deps): bump golang.org/x/sys from `0.45.0` to `0.46.0` by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13832](docker/compose#13832)
- Chore(deps): golang.org/x/crypto `v0.53.0` by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13844](docker/compose#13844)
- Build(deps): bump github.com/containerd/containerd/v2 from `2.2.3` to `2.2.4` in the go\_modules group across 1 directory by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;13804](docker/compose#13804)
- Chore(deps): bump github.com/containerd/containerd/v2 to `v2.2.5` by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13855](docker/compose#13855)
- Chore(deps): bump github.com/golang-jwt/jwt/v5 to `v5.3.1` by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13847](docker/compose#13847)
- Chore(deps): github.com/docker/cli `v29.6.0`, github.com/docker/buildx `v0.35.0`, buildkit `v0.31.0` by [@&#8203;thaJeztah](https://github.com/thaJeztah) in [#&#8203;13842](docker/compose#13842)
- Bump compose-go to version `v2.12.1` by [@&#8203;glours](https://github.com/glours) in [#&#8203;13865](docker/compose#13865)

#### New Contributors

- [@&#8203;securityeng-bot](https://github.com/securityeng-bot)\[bot] made their first contribution in [#&#8203;13820](docker/compose#13820)
- [@&#8203;caltechustc](https://github.com/caltechustc) made their first contribution in [#&#8203;13810](docker/compose#13810)
- [@&#8203;solunolab](https://github.com/solunolab) made their first contribution in [#&#8203;13823](docker/compose#13823)
- [@&#8203;scarab-systems](https://github.com/scarab-systems) made their first contribution in [#&#8203;13831](docker/compose#13831)
- [@&#8203;ptrdom](https://github.com/ptrdom) made their first contribution in [#&#8203;13825](docker/compose#13825)
- [@&#8203;rajyan](https://github.com/rajyan) made their first contribution in [#&#8203;13742](docker/compose#13742)
- [@&#8203;Ijtihed](https://github.com/Ijtihed) made their first contribution in [#&#8203;13848](docker/compose#13848)

**Full Changelog**: <docker/compose@v5.1.4...v5.2.0>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNTYuMCIsInVwZGF0ZWRJblZlciI6IjQzLjI1Ni4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiLCJhdXRvbWF0aW9uOmJvdC1hdXRob3JlZCIsImRlcGVuZGVuY3ktdHlwZTo6bWlub3IiXX0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants