From bc085cc2a15a65866d731813088b52250c1fc9cd Mon Sep 17 00:00:00 2001 From: David Gageot Date: Wed, 13 May 2026 15:47:01 +0200 Subject: [PATCH 1/2] ci: move concurrency dedup from trigger to review workflow defer PR comment cancellation to the expensive review job instead of the cheap trigger run, eliminating cosmetic CI failures when multiple PR events land close together --- .github/workflows/pr-review-trigger.yml | 4 ---- .github/workflows/pr-review.yml | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-review-trigger.yml b/.github/workflows/pr-review-trigger.yml index 1efcce44c..c17602025 100644 --- a/.github/workflows/pr-review-trigger.yml +++ b/.github/workflows/pr-review-trigger.yml @@ -5,10 +5,6 @@ on: pull_request_review_comment: types: [created] -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} - cancel-in-progress: true - permissions: {} jobs: diff --git a/.github/workflows/pr-review.yml b/.github/workflows/pr-review.yml index ddd9184a1..6b3a7e296 100644 --- a/.github/workflows/pr-review.yml +++ b/.github/workflows/pr-review.yml @@ -6,6 +6,10 @@ on: workflows: ["PR Review - Trigger"] types: [completed] +concurrency: + group: pr-review-${{ github.event.issue.number || github.event.workflow_run.pull_requests[0].number || github.run_id }} + cancel-in-progress: true + permissions: contents: read # Required at top-level to give `issue_comment` events access to the secrets below. From b38515ae85e13d8cd73305e0772f80fa3f5cff7d Mon Sep 17 00:00:00 2001 From: David Gageot Date: Wed, 13 May 2026 16:44:15 +0200 Subject: [PATCH 2/2] fix: exempt pr-review-trigger.yml from concurrency check The pr-review-trigger workflow intentionally runs all events to completion (it's cheap, just saves context). Deduplication happens downstream in pr-review.yml where the expensive AI review runs. This updates the linter to skip the concurrency check for pr-review-trigger.yml, resolving the failing lint check. See PR #2789 for the rationale behind moving concurrency control from the trigger to the review workflow. --- scripts/workflow-lint.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/scripts/workflow-lint.sh b/scripts/workflow-lint.sh index b60831f8e..ff1ca9ee9 100755 --- a/scripts/workflow-lint.sh +++ b/scripts/workflow-lint.sh @@ -6,7 +6,9 @@ # # 1. concurrency: every PR-triggered workflow declares a # concurrency: group (AGENTS.md § -# GitHub Actions); +# GitHub Actions), EXCEPT pr-review-trigger.yml +# which intentionally runs all events to completion +# (see PR #2789); # # 2. pinned-by-sha: every third-party `uses:` reference is # pinned by a 40-char SHA, not a tag/branch @@ -64,8 +66,18 @@ note() { # yq-based so it runs in the lint job without extra deps; the # trade-off is a false positive if `pull_request` appears in a # comment, which we accept. +# +# EXCEPTION: pr-review-trigger.yml is exempt from this check because +# it intentionally runs all events to completion (the workflow is cheap, +# and deduplication happens downstream in pr-review.yml). See PR #2789. for f in "$WORKFLOWS_DIR"/*.yml "$WORKFLOWS_DIR"/*.yaml; do [ -e "$f" ] || continue + + # Skip pr-review-trigger.yml + if [[ "$f" == *"pr-review-trigger.yml" ]]; then + continue + fi + if grep -qE '\bpull_request\b' "$f"; then if ! grep -qE '^\s*concurrency:' "$f"; then note "$f" "PR-triggered workflow has no concurrency: block (AGENTS.md § GitHub Actions)"