Skip to content

Posts dependency check results as PR comments#270

Draft
DigiLive wants to merge 7 commits intomainfrom
enhance-dependency-checker
Draft

Posts dependency check results as PR comments#270
DigiLive wants to merge 7 commits intomainfrom
enhance-dependency-checker

Conversation

@DigiLive
Copy link
Owner

@DigiLive DigiLive commented Nov 1, 2025
edited
Loading

Feature Pull Request

Thank you for contributing to the project!
Please fill out the following information to help us review your pull request.

Feature Summary

This feature enhances the dependency checker workflow by posting the results of the dependency check as comments directly on the pull request. This provides immediate feedback to the user about any dependency issues. Additionally, a blocked label will be added to the PR if the dependency check fails.

Motivation and Context

This feature is needed to provide more immediate and visible feedback on dependency issues within a pull request. Previously, the dependency check ran silently, and users had to navigate to the Actions tab to view the results. Posting comments directly on the PR streamlines the process, making it easier for developers to identify and resolve dependency problems.

List of Changes

  • Updates the dependency-check action to version v1.4.1.
  • Adds a new step to process the check result and post it as a comment on the PR.
  • Implements logic to add a "blocked" label to the PR if the dependency check fails, and remove the label if it passes.
  • Adds error handling to catch and report any exceptions during the workflow.
  • Creates a blocked label if it doesn't exist.

Documentation Updates

No documentation updates are required.

Agreements

Please confirm the following by inserting an x between the brackets:

  • My code adheres to the contribution guidelines of the project.
  • My changes generate no new warnings.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have made corresponding changes to the documentation.

Depends on #247

@DigiLive
Make dependency checker post PR comments
6c93884 
Replace the previous minimal dependency check workflow with an enhanced job that
runs a maintained dependencies action and posts a summarized comment on the PR.
It also manages a "blocked" label and fails the job when dependency issues are
detected.

This improves visibility of dependency problems directly in pull requests so
maintainers can quickly see and act on blocked PRs without inspecting CI logs.
@DigiLive
Make post-check step unconditional
79bccaa 
Removes the conditional guard on the post-check job so the processing
and result posting step always runs. Ensures post-check handling
executes regardless of prior step outcomes to avoid skipped reporting
and improve reliability of dependency check notifications.
@DigiLive
Make dependency-check result step always run
030180c 
Ensure the workflow always executes the post-check processing step so that
results are posted even when earlier steps fail. This prevents missing
reporting or stale status when the dependency check job encounters errors.
@DigiLive
Change trigger for testing purposes
972e4db
@DigiLive
Cut Actions core import
9dc2522 
The github-script action automatically provides core as a global variable, so we don't need to require it.
@DigiLive
Add synchronize trigger to PR dependency checker
b3f119f 
Adds the synchronize event to the pull request trigger so the dependency
check runs when commits are pushed to an existing PR. Ensures dependency
scans reflect the latest changes and reduces missed findings on updated
pull requests.
@DigiLive
Make dependency checker robust
91f8dc0 
Improve the PR dependency checker to provide reliable status and clearer
notifications when dependency analysis is incomplete or delayed.

Updates ensure the workflow reports a sensible outcome even if the check
run API doesn't return annotations, uses the step outcome as a fallback,
and avoids duplicate comments while keeping the PR labeled correctly.
This reduces false negatives, clarifies results for contributors, and
prevents stalled PRs due to missing check run data.
@github-actions github-actions bot added the blocked Resolving this issue or merging this PR is blocked by at least one other. label Nov 1, 2025
@github-actions
Copy link

github-actions bot commented Nov 1, 2025

Dependency Checker

Dependency check failed, but the detailed report is delayed. Please check the "Checks" tab for annotations.

Repository owner deleted a comment from github-actions bot Nov 1, 2025
@DigiLive DigiLive force-pushed the enhance-dependency-checker branch from 99150c8 to 91f8dc0 Compare November 1, 2025 12:46
@github-actions
Copy link

github-actions bot commented Nov 1, 2025

Dependency Checker

Dependency check failed, but a detailed report is not yet available. Please check the logs.

@DigiLive DigiLive self-assigned this Nov 1, 2025
@DigiLive DigiLive marked this pull request as draft November 1, 2025 12:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

@DigiLive DigiLive

Labels

blocked Resolving this issue or merging this PR is blocked by at least one other.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DigiLive