ci: add concurrency group to pr-review-trigger to prevent duplicate reviews#13890
Conversation
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟢 APPROVE
The concurrency group and bot-skip condition added in this PR are correct.
Concurrency group (line 15): Uses github.event.pull_request.number as the key. Both pull_request and pull_request_review_comment events include a pull_request object in their payload (unlike issue_comment), so the group key is always well-formed and will correctly deduplicate simultaneous events for the same PR without collapsing across unrelated PRs.
Bot-sender skip (line 21): github.event.sender.type != 'Bot' uses the correct capitalization ('Bot'), which matches GitHub's documented sender type values. Combined with the fork-repo guard (github.event.pull_request.head.repo.fork), the condition correctly gates execution to fork PRs from non-bot actors.
No bugs introduced by this PR were found.
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
…eviews Signed-off-by: Derek Misler <derek.misler@docker.com>
a278523 to
a30b245
Compare
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟢 APPROVE
The PR correctly adds a concurrency group to deduplicate simultaneous pull_request events for fork PRs, and gates the job on fork == true plus a bot-sender check. No high- or medium-severity bugs were introduced.
Minor observations (not blocking):
- The concurrency key
pr-review-trigger-${{ github.event.pull_request.number }}would collapse topr-review-trigger-if the PR number were ever absent (e.g., if theon:block were later extended to non-pull_requestevents). Consider including${{ github.event_name }}in the key for robustness. - The
github.event.pull_request.head.repo.forkboolean check silently skips same-repo PRs — this is intentional but may benefit from a comment in the YAML for future maintainers.
There was a problem hiding this comment.
Pull request overview
This PR updates the GitHub Actions trigger workflow used to kick off PR reviews, reducing duplicate downstream review runs caused by multiple near-simultaneous pull_request events on the same PR, and avoiding unnecessary executions for bot-originated events.
Changes:
- Added a workflow-level
concurrencygroup keyed by PR number to deduplicate concurrent runs. - Added an early job
if:guard to run only for fork PRs and to skip bot senders.
|
I'm guessing we need this one to prevent things like #13893 where it ran 5(!!!) times on a single push? Not sure how that one happened though 😂
|
yeah, it's a fork thing. forks are hard. |
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [docker/compose](https://github.com/docker/compose) | minor | `v5.1.4` → `v5.3.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>docker/compose (docker/compose)</summary> ### [`v5.3.1`](https://github.com/docker/compose/releases/tag/v5.3.1) [Compare Source](docker/compose@v5.3.0...v5.3.1) #### What's Changed ##### 🔧 Internal - Ci: add concurrency group to pr-review-trigger to prevent duplicate reviews by [@​derekmisler](https://github.com/derekmisler) in [#​13890](docker/compose#13890) - Fix grammar in Attestations field comment by [@​blackflytech](https://github.com/blackflytech) in [#​13891](docker/compose#13891) - Ci: remove unused desktop-edge-test workflow by [@​thaJeztah](https://github.com/thaJeztah) in [#​13897](docker/compose#13897) - Ci: zizmor workflow by [@​crazy-max](https://github.com/crazy-max) in [#​13901](docker/compose#13901) - Ci: fix docs-upstream workflow by [@​crazy-max](https://github.com/crazy-max) in [#​13912](docker/compose#13912) - CODEOWNERS: add compose-reviewers by [@​thaJeztah](https://github.com/thaJeztah) in [#​13913](docker/compose#13913) - Ci: harden GitHub Actions workflows by [@​glours](https://github.com/glours) in [#​13896](docker/compose#13896) - GHA: dependabot: group docker/\* actions updates by [@​thaJeztah](https://github.com/thaJeztah) in [#​13914](docker/compose#13914) ##### ⚙️ Dependencies - Build(deps): bump github.com/moby/buildkit from `0.31.0` to `0.31.1` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13892](docker/compose#13892) - Build(deps): bump github.com/moby/sys/user to `v0.4.1` by [@​thaJeztah](https://github.com/thaJeztah) in [#​13893](docker/compose#13893) - Build(deps): bump go.yaml.in/yaml/v4 from `4.0.0-rc.4` to `4.0.0-rc.6` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13876](docker/compose#13876) - Build(deps): bump github.com/docker/cli from `29.6.0+incompatible` to `29.6.1+incompatible` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13895](docker/compose#13895) - Build(deps): bump actions/stale from `10.2.0` to `10.3.0` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13902](docker/compose#13902) - Build(deps): bump the docker-actions group with 3 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13916](docker/compose#13916) - Build(deps): bump actions/upload-artifact from `7.0.0` to `7.0.1` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13908](docker/compose#13908) - Build(deps): bump actions/setup-go from `6.3.0` to `6.5.0` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13907](docker/compose#13907) - Build(deps): bump test-summary/action from `2.4` to `2.6` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13903](docker/compose#13903) - Build(deps): bump mxschmitt/action-tmate from `3.23` to `3.24` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13910](docker/compose#13910) - Build(deps): bump codecov/codecov-action from `5.5.3` to `7.0.0` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13904](docker/compose#13904) - Build(deps): bump github/codeql-action/upload-sarif from `3.36.3` to `4.36.2` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13917](docker/compose#13917) - Build(deps): bump actions/checkout from `6.0.2` to `7.0.0` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13911](docker/compose#13911) #### New Contributors - [@​blackflytech](https://github.com/blackflytech) made their first contribution in [#​13891](docker/compose#13891) **Full Changelog**: <docker/compose@v5.3.0...v5.3.1> ### [`v5.3.0`](https://github.com/docker/compose/releases/tag/v5.3.0) [Compare Source](docker/compose@v5.2.0...v5.3.0) #### What's Changed > ℹ️ This release introduces native support for init containers. ##### ✨ Improvements - Pre start init containers by [@​glours](https://github.com/glours) in [#​13862](docker/compose#13862) ##### 🐛 Fixes - Fix(oci): route authorizer token fetches through provided transport by [@​glours](https://github.com/glours) in [#​13873](docker/compose#13873) - Fix(run): scope Running events to project.Services by [@​glours](https://github.com/glours) in [#​13883](docker/compose#13883) ##### 🔧 Internal - Chore: migrate cagent-action to docker-agent-action (v2.0.0) by [@​docker-agent](https://github.com/docker-agent) in [#​13869](docker/compose#13869) - Chore: migrate to docker-agent-action v2.0.1 by [@​docker-agent](https://github.com/docker-agent) in [#​13872](docker/compose#13872) - Fix(reconcile): hash resolved service refs to match executor by [@​glours](https://github.com/glours) in [#​13880](docker/compose#13880) - Fix(compose/port): show private port in portNotFoundError message by [@​vmphase](https://github.com/vmphase) in [#​13875](docker/compose#13875) - Fix(run): normalize --no-TTY flag to --no-tty by [@​nickjj](https://github.com/nickjj) in [#​13885](docker/compose#13885) ##### ⚙️ Dependencies - Bump compose-go to version v2.13.0 by [@​glours](https://github.com/glours) in [#​13886](docker/compose#13886) #### New Contributors - [@​docker-agent](https://github.com/docker-agent) made their first contribution in [#​13869](docker/compose#13869) - [@​vmphase](https://github.com/vmphase) made their first contribution in [#​13875](docker/compose#13875) - [@​nickjj](https://github.com/nickjj) made their first contribution in [#​13885](docker/compose#13885) **Full Changelog**: <docker/compose@v5.2.0...v5.3.0> ### [`v5.2.0`](https://github.com/docker/compose/releases/tag/v5.2.0) [Compare Source](docker/compose@v5.1.4...v5.2.0) #### What's Changed > ℹ️ This version introduces a new reconciliation algorithm between the observed state and the expected state. > > If you experience any issues with a Compose workload that was previously working, please open an issue. ##### ✨ Improvements - Reconciliation plan by [@​ndeloof](https://github.com/ndeloof) & [@​glours](https://github.com/glours) in [#​13830](docker/compose#13830) - Add `rawsetenv` message type for provider plugins by [@​rajyan](https://github.com/rajyan) in [#​13742](docker/compose#13742) ##### 🐛 Fixes - Fix(build): skip remote URL contexts from bake fs.read allowlist by [@​ndeloof](https://github.com/ndeloof) in [#​13816](docker/compose#13816) - Skip validation when extracting config variables by [@​scarab-systems](https://github.com/scarab-systems) in [#​13831](docker/compose#13831) - Fix(progress): probe stderr (not stdout) for TTY auto-detection by [@​glours](https://github.com/glours) in [#​13837](docker/compose#13837) - Fix(publish): honor env\_file required: false for missing files by [@​Ijtihed](https://github.com/Ijtihed) in [#​13848](docker/compose#13848) ##### 🔧 Internal - Docs: compose logs: add links for since/until flag descriptions by [@​thaJeztah](https://github.com/thaJeztah) in [#​13806](docker/compose#13806) - Ci: add Dependabot cooldown ([`2026060`](docker/compose@20260603)-170456) by [@​securityeng-bot](https://github.com/securityeng-bot)\[bot] in [#​13820](docker/compose#13820) - Docs(CLAUDE.md): note that commits must be signed off (DCO) by [@​ndeloof](https://github.com/ndeloof) in [#​13817](docker/compose#13817) - Refactor: replace Split in loops with more efficient SplitSeq and replace HasPrefix+TrimPrefix with CutPrefix by [@​caltechustc](https://github.com/caltechustc) in [#​13810](docker/compose#13810) - Chore: fix some comments to improve readability by [@​solunolab](https://github.com/solunolab) in [#​13823](docker/compose#13823) - GHA: update docs-upstream to pin workflows by sha by [@​thaJeztah](https://github.com/thaJeztah) in [#​13834](docker/compose#13834) - Docs: compose logs: add more links for flag descriptions by [@​thaJeztah](https://github.com/thaJeztah) in [#​13833](docker/compose#13833) - Fix/progress tty line overflow 13595 by [@​glours](https://github.com/glours) in [#​13840](docker/compose#13840) - Fix(publish): bypass Docker Desktop proxy for loopback registries by [@​ptrdom](https://github.com/ptrdom) in [#​13825](docker/compose#13825) - Watch: do not rebuild depends\_on services on file change by [@​ndeloof](https://github.com/ndeloof) in [#​13856](docker/compose#13856) - pkg/e2e: fix malformed JWT in fixtures by [@​thaJeztah](https://github.com/thaJeztah) in [#​13857](docker/compose#13857) - pkg/e2e: drop unused run param from getEnv by [@​glours](https://github.com/glours) in [#​13867](docker/compose#13867) - Docs: `ps --format json` outputs JSON Lines, not a JSON array by [@​glours](https://github.com/glours) in [#​13868](docker/compose#13868) ##### ⚙️ Dependencies - Build(deps): bump github.com/docker/cli from `29.5.1+incompatible` to `29.5.2+incompatible` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13802](docker/compose#13802) - Update to go `1.26.4` by [@​thaJeztah](https://github.com/thaJeztah) in [#​13828](docker/compose#13828) - Chore(deps): github.com/containerd/typeurl/v2 `v2.3.0` by [@​thaJeztah](https://github.com/thaJeztah) in [#​13829](docker/compose#13829) - Build(deps): bump golang.org/x/sync from `0.20.0` to `0.21.0` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13838](docker/compose#13838) - Chore(deps): github.com/docker/cli `v29.5.3`, github.com/docker/buildx `v0.34.1`, buildkit `v0.30.0` by [@​thaJeztah](https://github.com/thaJeztah) in [#​13841](docker/compose#13841) - Build(deps): bump golang.org/x/sys from `0.45.0` to `0.46.0` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13832](docker/compose#13832) - Chore(deps): golang.org/x/crypto `v0.53.0` by [@​thaJeztah](https://github.com/thaJeztah) in [#​13844](docker/compose#13844) - Build(deps): bump github.com/containerd/containerd/v2 from `2.2.3` to `2.2.4` in the go\_modules group across 1 directory by [@​dependabot](https://github.com/dependabot)\[bot] in [#​13804](docker/compose#13804) - Chore(deps): bump github.com/containerd/containerd/v2 to `v2.2.5` by [@​thaJeztah](https://github.com/thaJeztah) in [#​13855](docker/compose#13855) - Chore(deps): bump github.com/golang-jwt/jwt/v5 to `v5.3.1` by [@​thaJeztah](https://github.com/thaJeztah) in [#​13847](docker/compose#13847) - Chore(deps): github.com/docker/cli `v29.6.0`, github.com/docker/buildx `v0.35.0`, buildkit `v0.31.0` by [@​thaJeztah](https://github.com/thaJeztah) in [#​13842](docker/compose#13842) - Bump compose-go to version `v2.12.1` by [@​glours](https://github.com/glours) in [#​13865](docker/compose#13865) #### New Contributors - [@​securityeng-bot](https://github.com/securityeng-bot)\[bot] made their first contribution in [#​13820](docker/compose#13820) - [@​caltechustc](https://github.com/caltechustc) made their first contribution in [#​13810](docker/compose#13810) - [@​solunolab](https://github.com/solunolab) made their first contribution in [#​13823](docker/compose#13823) - [@​scarab-systems](https://github.com/scarab-systems) made their first contribution in [#​13831](docker/compose#13831) - [@​ptrdom](https://github.com/ptrdom) made their first contribution in [#​13825](docker/compose#13825) - [@​rajyan](https://github.com/rajyan) made their first contribution in [#​13742](docker/compose#13742) - [@​Ijtihed](https://github.com/Ijtihed) made their first contribution in [#​13848](docker/compose#13848) **Full Changelog**: <docker/compose@v5.1.4...v5.2.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNTYuMCIsInVwZGF0ZWRJblZlciI6IjQzLjI1Ni4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiLCJhdXRvbWF0aW9uOmJvdC1hdXRob3JlZCIsImRlcGVuZGVuY3ktdHlwZTo6bWlub3IiXX0=-->


Adds a concurrency group keyed by PR number to
pr-review-trigger.ymlto preventtriplicate reviews when simultaneous
pull_requestevents fire for the same fork PR(e.g., multiple
review_requestedevents when several reviewers are added at once).Also skips Bot-type senders (Dependabot, Renovate) early to save Actions minutes.