Update artifact triggers and concurrency rules (#11327)

* update trigger * fix concurrency * remove duplicate counts and check lt gt not eq
dbt-labs · Feb 19, 2025 · 7bdf27a · 7bdf27a
1 parent e60b41d
commit 7bdf27a
Showing 1 changed file with 18 additions and 13 deletions.
diff --git a/.github/workflows/artifact-reviews.yml b/.github/workflows/artifact-reviews.yml
@@ -16,12 +16,12 @@ on:
     types: [opened, synchronize, reopened, edited]
   # retrigger check on review events
   pull_request_review:
-    types: [submitted, dismissed]
+    types: [submitted, edited, dismissed]
 
 # only run this once per PR at a time
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: false  # wait for in-progress runs to complete to prevent race condition
 
 env:
     required_approvals: 2
@@ -38,11 +38,13 @@ jobs:
       - name: "Dismiss previous workflow runs"
         run: |
           # Get all check runs for this PR's SHA
-          checks=$(gh api repos/${{ github.repository }}/commits/${{ github.event.pull_request.head.sha }}/check-runs \
+          cleanup_checks=$(gh api repos/${{ github.repository }}/commits/${{ github.event.pull_request.head.sha }}/check-runs \
+            --jq '.check_runs[] | select(.name == "Cleanup Previous Runs")')
+          review_checks=$(gh api repos/${{ github.repository }}/commits/${{ github.event.pull_request.head.sha }}/check-runs \
             --jq '.check_runs[] | select(.name == "Validate Additional Reviews")')
 
           # For each check run from this workflow (except current), dismiss it
-          echo "$checks" | jq -r '. | select(.id != ${{ github.run_id }}) | .id' | \
+          { echo "$cleanup_checks"; echo "$review_checks"; } | jq -r '. | select(.id != ${{ github.run_id }}) | .id' | \
           while read -r check_id; do
             echo "Dismissing check $check_id"
             gh api repos/${{ github.repository }}/check-runs/$check_id \
@@ -109,14 +111,17 @@ jobs:
 
             # Get all reviews
             REVIEWS=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews)
-
-            # Count approved reviews from core team members
+            # Count approved reviews from core team members (only most recent review per user)
             CORE_APPROVALS=0
             while IFS= read -r member; do
-              echo "$member"
-              echo "$user"
-              APPROVED=$(echo "$REVIEWS" | jq --arg user "$member" \
-                '.[] | select(.user.login == $user and .state == "APPROVED") | .user.login' | wc -l)
+              echo "member: $member"
+              APPROVED=$(echo "$REVIEWS" | jq --arg user "$member" '
+                group_by(.user.login) |
+                map(select(.[0].user.login == $user) |
+                    sort_by(.submitted_at) |
+                    last) |
+                map(select(.state == "APPROVED")) |
+                length')
               CORE_APPROVALS=$((CORE_APPROVALS + APPROVED))
             done <<< "${{ steps.core_members.outputs.membership }}"
 
@@ -126,15 +131,15 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: "Notify and fail if not enough approvals"
-        if: ${{ steps.artifact_files_changed.outputs.artifact_changes == 'true' && steps.check_approvals.outputs.CORE_APPROVALS != env.required_approvals }}
+        if: ${{ steps.artifact_files_changed.outputs.artifact_changes == 'true' && steps.check_approvals.outputs.CORE_APPROVALS < fromJSON(env.required_approvals) }}
         run: |
           title="PR Approval Requirements Not Met"
           message="Changes to artifact directory files requires at least ${{ env.required_approvals }} approvals from core team members. Current number of core team approvals: ${{ steps.check_approvals.outputs.CORE_APPROVALS }} "
           echo "::error title=$title::$message"
           exit 1
 
       - name: "Notify of sufficient approvals"
-        if: ${{ steps.artifact_files_changed.outputs.artifact_changes == 'true' && steps.check_approvals.outputs.CORE_APPROVALS >= env.required_approvals }}
+        if: ${{ steps.artifact_files_changed.outputs.artifact_changes == 'true' && steps.check_approvals.outputs.CORE_APPROVALS >= fromJSON(env.required_approvals) }}
         run: |
           title="Extra requirements met"
           message="Changes to artifact directory files requires at least ${{ env.required_approvals }} approvals from core team members. Current number of core team approvals: ${{ steps.check_approvals.outputs.CORE_APPROVALS }} "