Skip to content

Comments repeated when multiple workflows have same PR target #537

New issue
New issue
Open
Bug
Open
Comments repeated when multiple workflows have same PR target#537
Bug
Assignees
maxrake
Labels
bugSomething isn't workingneeds triageUsed to indicate that an issue hasn't been reviewed
@maxrake

Description

@maxrake
maxrake
opened on Feb 28, 2025

Describe the bug

PR comments are repeated when new commits are added that do not update any dependencies. This appears to happen when multiple Phylum analysis workflows are in use. Each workflow points to the same PR target but the project name may be different in each one. This kind of a setup has been observed in a monorepo environment.

To Reproduce

Steps to reproduce the behavior:

  1. Create a repo with three different directories containing dependency files
  2. Create a workflow for each of the different directories where Phylum analysis happens
  3. Ensure that each workflow makes use of a different project name: Alpha, Bravo, and Charlie
  4. Ensure that each workflow has the same PR target configured
  5. Make a commit that updates the dependency files in the three directories
  6. Create a PR and see that there are three different comments, one for each project
  7. Add another commit that does not change any dependency file
  8. See that there are repeated comments for each of the three projects

Expected behavior

Comments for the same project/org/group/label combination should not be repeated if the most recent Phylum comment for that same combination contains the same content.

Screenshots

N/A

Additional context

The content for each set of three comments is repeated for each commit due to the multiple workflows. Each workflow performs it's own check for "the most recent Phylum comment" and finds one...just not the one related to that project/group/label combination, so it writes a duplicate comment.
It looks something like this:

---commit that changes dependency files---

---comment 1 for project Alpha---
---comment 1 for project Bravo---
---comment 1 for project Charlie---

---another commit that does not change any dependency file---

---repeat of comment 1 for project Alpha---
---repeat of comment 1 for project Bravo---
---repeat of comment 1 for project Charlie---

It should be possible to change the search to look for Phylum comments that match the project/group/label combination of the running workflow. For instance, in this example the group (sample-group) and label (GitHub-Actions_PR#_) are the same for all three workflows, but the project is different (Alpha, Bravo, and Charlie). These three pieces of information come together to form the URL that gets included in the PR comment and therefore could be used to search for the most recent comment.

It is also possible to write the unique pieces of information in a hidden comment within the markdown (e.g., <!-- HIDDEN COMMENT -->)

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingneeds triageUsed to indicate that an issue hasn't been reviewed

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions