Skip to content

Commit 271bb7a

Browse files
fix(validate-pr): Use app-slug from create-github-app-token for idempotence
The previous code called github.rest.apps.getAuthenticated() to resolve the bot login, but that endpoint requires JWT auth — our github client is authenticated with an installation access token, so the call always failed. The catch handler then left botLogin null, the idempotence check was skipped, and re-runs of the workflow could produce duplicate comments. Pass the app slug via env var from create-github-app-token's app-slug output (added in v2 of that action) and construct the bot login as "<slug>[bot]" directly. No API call needed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent a576c10 commit 271bb7a

2 files changed

Lines changed: 21 additions & 17 deletions

File tree

validate-pr/action.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,8 @@ runs:
2323
- name: Validate PR
2424
id: validate
2525
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
26+
env:
27+
APP_SLUG: ${{ steps.app-token.outputs.app-slug }}
2628
with:
2729
github-token: ${{ steps.app-token.outputs.token }}
2830
script: |

validate-pr/scripts/validate-pr.js

Lines changed: 19 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -236,26 +236,28 @@ module.exports = async ({ github, context, core }) => {
236236
}
237237

238238
// --- Step 5: Validation failed — post one warm comment (idempotent) ---
239-
let botLogin = null;
240-
try {
241-
const { data: app } = await github.rest.apps.getAuthenticated();
242-
botLogin = `${app.slug}[bot]`;
243-
} catch (e) {
244-
core.warning(
245-
`Could not resolve bot login (${e.message}); duplicate-comment guard disabled for this run.`
239+
// The bot's GitHub login is `${app.slug}[bot]`. We get the slug from the
240+
// composite action via the APP_SLUG env var (sourced from
241+
// create-github-app-token's `app-slug` output) — calling
242+
// apps.getAuthenticated() here would fail because it requires JWT auth
243+
// and the github client is authenticated with an installation token.
244+
const appSlug = process.env.APP_SLUG;
245+
if (!appSlug) {
246+
core.setFailed(
247+
'APP_SLUG env var is not set. The validate-pr composite action must pass app-slug from create-github-app-token to the script.'
246248
);
249+
return;
247250
}
251+
const botLogin = `${appSlug}[bot]`;
248252

249-
if (botLogin) {
250-
const existing = await github.paginate(github.rest.issues.listComments, {
251-
...repo,
252-
issue_number: pullRequest.number,
253-
per_page: 100,
254-
});
255-
if (existing.some((c) => c.user?.login === botLogin)) {
256-
core.info(`Bot ${botLogin} already commented on this PR. Skipping.`);
257-
return;
258-
}
253+
const existing = await github.paginate(github.rest.issues.listComments, {
254+
...repo,
255+
issue_number: pullRequest.number,
256+
per_page: 100,
257+
});
258+
if (existing.some((c) => c.user?.login === botLogin)) {
259+
core.info(`Bot ${botLogin} already commented on this PR. Skipping.`);
260+
return;
259261
}
260262

261263
const commentBody = [

0 commit comments

Comments
 (0)