Only dismiss reviews posted by this action (#14)

matej · claude · web-flow · commit 9e9539e61ea8 · 2026-02-04T16:21:28.000-05:00
## Summary Fixes a bug where `dismissStaleReviews()` would dismiss ALL bot reviews, including those from Dependabot, Renovate, or other important bot reviewers. ## Problem Previously, the code checked only: - `review.user.type === 'Bot'` - `review.state === 'APPROVED' || 'CHANGES_REQUESTED'` This meant any bot's approval (e.g., Dependabot security review) would be dismissed when our action posted a new review. ## Solution Added `isOwnReview()` function that checks the review body for our signature patterns: - "No issues found. Changes look good." - "Found X issues..." - "Please address the high-severity issues..." - "Consider addressing the suggestions..." - "Minor suggestions noted..." Only reviews matching these patterns will be dismissed. ## Test plan - [x] Updated test to include Dependabot/Renovate mock reviews - [x] Verified only our reviews (101, 102) are dismissed - [x] Verified other bot reviews (103, 104) are NOT dismissed - [x] All 17 tests pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
diff --git a/scripts/comment-pr-findings.bun.test.js b/scripts/comment-pr-findings.bun.test.js
@@ -849,7 +849,7 @@ describe('comment-pr-findings.js', () => {
   });
 
   describe('Stale Review Handling', () => {
-    test('should dismiss stale reviews when DISMISS_STALE_REVIEWS is true', async () => {
+    test('should only dismiss own bot reviews when DISMISS_STALE_REVIEWS is true', async () => {
       process.env.DISMISS_STALE_REVIEWS = 'true';
 
       const mockFindings = [{
@@ -863,10 +863,16 @@ describe('comment-pr-findings.js', () => {
       const mockPrFiles = [{ filename: 'test.py', patch: '@@ -10,1 +10,1 @@' }];
 
       const mockReviews = [
-        { id: 101, state: 'CHANGES_REQUESTED', user: { type: 'Bot' } },
-        { id: 102, state: 'APPROVED', user: { type: 'Bot' } },
-        { id: 103, state: 'COMMENTED', user: { type: 'Bot' } }, // Should not be dismissed
-        { id: 104, state: 'CHANGES_REQUESTED', user: { type: 'User' } } // Should not be dismissed
+        // Our reviews - should be dismissed
+        { id: 101, state: 'CHANGES_REQUESTED', user: { type: 'Bot' }, body: 'Found 3 security issues. Please address the high-severity issues before merging.' },
+        { id: 102, state: 'APPROVED', user: { type: 'Bot' }, body: 'No issues found. Changes look good.' },
+        // Other bot reviews - should NOT be dismissed
+        { id: 103, state: 'APPROVED', user: { type: 'Bot' }, body: 'Dependabot has approved this PR.' },
+        { id: 104, state: 'CHANGES_REQUESTED', user: { type: 'Bot' }, body: 'Renovate: This PR has conflicts.' },
+        // COMMENTED state - should NOT be dismissed
+        { id: 105, state: 'COMMENTED', user: { type: 'Bot' }, body: 'Found 1 security issue.' },
+        // User review - should NOT be dismissed
+        { id: 106, state: 'CHANGES_REQUESTED', user: { type: 'User' }, body: 'Please fix the typo.' }
       ];
 
       readFileSyncSpy.mockImplementation((path) => {
@@ -907,10 +913,14 @@ describe('comment-pr-findings.js', () => {
 
       await import('./comment-pr-findings.js');
 
+      // Only our reviews should be dismissed
       expect(dismissedReviews).toContain(101);
       expect(dismissedReviews).toContain(102);
-      expect(dismissedReviews).not.toContain(103); // COMMENTED state
-      expect(dismissedReviews).not.toContain(104); // User review
+      // Other bot reviews should NOT be dismissed
+      expect(dismissedReviews).not.toContain(103); // Dependabot
+      expect(dismissedReviews).not.toContain(104); // Renovate
+      expect(dismissedReviews).not.toContain(105); // COMMENTED state
+      expect(dismissedReviews).not.toContain(106); // User review
       expect(consoleLogSpy).toHaveBeenCalledWith('Dismissed stale review 101');
       expect(consoleLogSpy).toHaveBeenCalledWith('Dismissed stale review 102');
     });
diff --git a/scripts/comment-pr-findings.js b/scripts/comment-pr-findings.js
@@ -88,7 +88,31 @@ function addReactionsToReview(reviewId) {
   }
 }
 
-// Helper function to dismiss stale bot reviews
+// Check if a review was posted by this action
+function isOwnReview(review) {
+  if (!review.body) return false;
+
+  // Check for our review summary patterns
+  const ownPatterns = [
+    'No issues found. Changes look good.',
+    /^Found \d+ .+ issues?\./,
+    'Please address the high-severity issues before merging.',
+    'Consider addressing the suggestions in the comments.',
+    'Minor suggestions noted in comments.'
+  ];
+
+  for (const pattern of ownPatterns) {
+    if (pattern instanceof RegExp) {
+      if (pattern.test(review.body)) return true;
+    } else {
+      if (review.body.includes(pattern)) return true;
+    }
+  }
+
+  return false;
+}
+
+// Helper function to dismiss stale bot reviews from this action only
 function dismissStaleReviews() {
   try {
     const reviews = ghApi(`/repos/${context.repo.owner}/${context.repo.repo}/pulls/${context.issue.number}/reviews`);
@@ -101,8 +125,9 @@ function dismissStaleReviews() {
     for (const review of reviews) {
       const isDismissible = review.state === 'APPROVED' || review.state === 'CHANGES_REQUESTED';
       const isBot = review.user && review.user.type === 'Bot';
+      const isOwn = isOwnReview(review);
 
-      if (isBot && isDismissible) {
+      if (isBot && isDismissible && isOwn) {
         try {
           ghApi(
             `/repos/${context.repo.owner}/${context.repo.repo}/pulls/${context.issue.number}/reviews/${review.id}/dismissals`,
