Skip to content

Remove old review bot comments#2243

Merged
leonardomendix merged 1 commit into
mainfrom
chore/cleanup-review-stale-bot-comments
Jun 3, 2026
Merged

Remove old review bot comments#2243
leonardomendix merged 1 commit into
mainfrom
chore/cleanup-review-stale-bot-comments

Conversation

@leonardomendix
Copy link
Copy Markdown
Collaborator

@leonardomendix leonardomendix commented Jun 2, 2026

Pull request type

No code changes (changes to documentation, CI, metadata, etc.)

Description

Two changes made to .github/workflows/ClaudeReview.yml:

  1. --max-turns 15 → --max-turns 30 — the review was hitting the turn limit before finishing. 30 gives enough headroom for reading context files + running checks + writing the review.
  2. New "Minimize older bot comments" (thanks for the suggestion @r0b1n) step added before the Claude step — on each synchronized or reopened run, it fetches all github-actions[bot] comments on the PR and minimizes them as OUTDATED via GraphQL, so only
    the latest review is prominent. The || echo "..." ensures one failed minimize doesn't abort the whole step.

▎ Note on the sticky comment: use_sticky_comment: "true" already tries to update-in-place, but it only works if Claude's previous comment is still the last one. If another comment landed between runs (e.g., a human reviewer), the action creates a new one. The minimize step handles that edge case cleanly.

@leonardomendix leonardomendix requested a review from a team as a code owner June 2, 2026 13:42
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 2, 2026

AI Code Review

⚠️ Approved with suggestions — low-severity items only, safe to merge

What was reviewed

File Change
.github/workflows/ClaudeReview.yml Added "Minimize older bot comments" step; bumped --max-turns from 15 → 30

Skipped (out of scope): dist/, pnpm-lock.yaml

CI checks were still in progress at review time — "Check SHA in GH Actions", Snyk, and labeler checks all passed ✅. E2E, lint, and the Claude review job were still running.

Findings

⚠️ Low — GraphQL node IDs from gh pr view --json comments may not be mutation-compatible

File: .github/workflows/ClaudeReview.yml lines 52–54
Note: The gh pr view --json comments endpoint returns REST-derived comment IDs (integer-formatted strings), not the global GraphQL node IDs that minimizeComment(input: {subjectId: $id}) expects. The GraphQL mutation requires a node ID of the form IC_kwDO.... Using an integer string here will cause every minimizeComment call to fail silently (caught by || echo "...") and the step will appear to succeed without actually minimizing anything.

Fix: Fetch comments via GraphQL directly to get real node IDs:

- name: Minimize older bot comments
  env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  run: |
      NODE_IDS=$(gh api graphql -f query='
        query($owner: String!, $repo: String!, $number: Int!) {
          repository(owner: $owner, name: $repo) {
            pullRequest(number: $number) {
              comments(first: 100) {
                nodes { id author { login } }
              }
            }
          }
        }' \
        -f owner="${{ github.repository_owner }}" \
        -f repo="${{ github.event.repository.name }}" \
        -F number=${{ github.event.pull_request.number }} \
        --jq '.data.repository.pullRequest.comments.nodes[] | select(.author.login == "github-actions[bot]") | .id')

      if [ -z "$NODE_IDS" ]; then
        echo "No bot comments to minimize"
        exit 0
      fi

      for NODE_ID in $NODE_IDS; do
        echo "Minimizing comment: $NODE_ID"
        gh api graphql -f query='
          mutation($id: ID!) {
            minimizeComment(input: {subjectId: $id, classifier: OUTDATED}) {
              minimizedComment { isMinimized }
            }
          }' -f id="$NODE_ID" || echo "Failed to minimize $NODE_ID, continuing..."
      done

⚠️ Low — issue_comment trigger with no author_association guard in auto-review job

File: .github/workflows/ClaudeReview.yml (existing, not changed in this PR)
Note: The auto-review job's if: condition filters by repo name and user login but does not guard against the issue_comment event path — however the job's if: already filters github.event_name == 'pull_request' so this is not an active issue. Just noting it is already correctly scoped. Not a new problem introduced by this PR.

Positives

  • The || echo "..." fallback on each minimizeComment call is good defensive practice — a single failed minimize won't abort the whole step.
  • The concurrency group with cancel-in-progress: true correctly scopes to the PR number, preventing stacked review runs from piling up.
  • All action references (actions/checkout, aws-actions/configure-aws-credentials, anthropics/claude-code-action) are SHA-pinned with version comments — exactly as required.
  • The auto-review job correctly guards against fork PRs via head.repo.full_name == 'mendix/web-widgets'.
  • The interactive job restricts @claude mentions to MEMBER, COLLABORATOR, and OWNER associations, preventing external contributors from triggering privileged workflows.
  • timeout-minutes: 15 is set on both jobs.
  • --max-turns 30 is a reasonable headroom increase given the documented turn-limit problem; it matches the new step count (context read + checks + minimize + review write).

@leonardomendix leonardomendix enabled auto-merge June 3, 2026 14:08
@leonardomendix leonardomendix merged commit 0beb076 into main Jun 3, 2026
16 checks passed
@leonardomendix leonardomendix deleted the chore/cleanup-review-stale-bot-comments branch June 3, 2026 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r0b1n r0b1n r0b1n approved these changes

@samuelreichert samuelreichert samuelreichert approved these changes

Assignees

No one assigned

Labels

workflows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@leonardomendix @r0b1n @samuelreichert