diff --git a/.github/workflows/pr-sous-chef.lock.yml b/.github/workflows/pr-sous-chef.lock.yml index 795b5062a0e..f0f2e98790f 100644 --- a/.github/workflows/pr-sous-chef.lock.yml +++ b/.github/workflows/pr-sous-chef.lock.yml @@ -412,6 +412,7 @@ jobs: mkdir -p /tmp/gh-aw/agent candidate_file=/tmp/gh-aw/agent/pr-sous-chef-candidates.json eligible_file=/tmp/gh-aw/agent/pr-sous-chef-eligible.json + sous_chef_nudge_marker='' filtered_checks_pending=0 filtered_last_comment_from_sous_chef=0 @@ -446,10 +447,9 @@ jobs: --jq ' if length == 0 then false else ( - ((.[0].user.login // "" | ascii_downcase | contains("pr-sous-chef")) or - ((.[0].body // "" | ascii_downcase | contains("pr-sous-chef"))) + ((.[0].body // "" | contains($marker))) ) end - ' 2>/dev/null || echo "false" + ' --arg marker "$sous_chef_nudge_marker" 2>/dev/null || echo "false" )" if [ "$last_comment_is_sous_chef" = "true" ]; then filtered_last_comment_from_sous_chef=$((filtered_last_comment_from_sous_chef + 1)) @@ -1596,4 +1596,3 @@ jobs: /tmp/gh-aw/safe-output-items.jsonl /tmp/gh-aw/temporary-id-map.json if-no-files-found: ignore - diff --git a/.github/workflows/pr-sous-chef.md b/.github/workflows/pr-sous-chef.md index 6a199ba791f..cf510cbeefb 100644 --- a/.github/workflows/pr-sous-chef.md +++ b/.github/workflows/pr-sous-chef.md @@ -34,6 +34,7 @@ steps: mkdir -p /tmp/gh-aw/agent candidate_file=/tmp/gh-aw/agent/pr-sous-chef-candidates.json eligible_file=/tmp/gh-aw/agent/pr-sous-chef-eligible.json + sous_chef_nudge_marker='' filtered_checks_pending=0 filtered_last_comment_from_sous_chef=0 @@ -68,10 +69,9 @@ steps: --jq ' if length == 0 then false else ( - ((.[0].user.login // "" | ascii_downcase | contains("pr-sous-chef")) or - ((.[0].body // "" | ascii_downcase | contains("pr-sous-chef"))) - ) end - ' 2>/dev/null || echo "false" + ((.[0].body // "" | contains($marker))) + ) end + ' --arg marker "$sous_chef_nudge_marker" 2>/dev/null || echo "false" )" if [ "$last_comment_is_sous_chef" = "true" ]; then filtered_last_comment_from_sous_chef=$((filtered_last_comment_from_sous_chef + 1)) @@ -152,9 +152,9 @@ Before any nudge for a PR: - If any check is `queued`, `in_progress`, or `pending`, skip this PR. 2. **Skip when the latest PR comment is from pr-sous-chef itself** - - Candidate prefilter already removes PRs when latest comment author/body indicates `pr-sous-chef`. + - Candidate prefilter already removes PRs when latest comment body includes the hidden marker ``. - Inspect PR comments ordered by recency. - - Treat a comment as from pr-sous-chef when the latest comment body contains `pr-sous-chef`. + - Treat a comment as from pr-sous-chef only when the latest comment body contains exactly ``. - If true, skip to avoid repetitive nudges. ## Required nudges for eligible PRs @@ -168,6 +168,7 @@ For each PR that is not skipped: 2. **Nudge unresolved review feedback** - Check pull request review threads/comments. - If unresolved or active review feedback exists, add a PR comment that includes: + - `` as a hidden marker line. - @copilot review all comments - a short sentence asking Copilot to address unresolved review feedback. @@ -176,6 +177,7 @@ For each PR that is not skipped: - refresh branch and rerun checks, - summarize remaining blockers, - or post a completion plan for unresolved items. + - Include `` in the comment body. - Keep comments brief and actionable. ## Run summary @@ -197,7 +199,7 @@ Given one PR number and compact metadata: 1. Check skip conditions in this order: - checks/actions running - - latest comment from pr-sous-chef marker + - latest comment contains `` 2. If skipped, return `skip_reason` only. 3. If not skipped, return: - whether branch update should be attempted diff --git a/pkg/workflow/safe_jobs_threat_detection_test.go b/pkg/workflow/safe_jobs_threat_detection_test.go index 62675c6ee49..fd5791cac6a 100644 --- a/pkg/workflow/safe_jobs_threat_detection_test.go +++ b/pkg/workflow/safe_jobs_threat_detection_test.go @@ -429,7 +429,6 @@ Test workflow content } } - func TestIsThreatDetectionExplicitlyDisabledInConfigs(t *testing.T) { tests := []struct { name string