diff --git a/.github/workflows/reusable-18-autofix.yml b/.github/workflows/reusable-18-autofix.yml index 089a6342e..d4d64636a 100644 --- a/.github/workflows/reusable-18-autofix.yml +++ b/.github/workflows/reusable-18-autofix.yml @@ -87,6 +87,11 @@ on: required: false default: '' type: string + suppress_comments: + description: 'Suppress PR comment posting (suppression guard)' + required: false + default: false + type: boolean secrets: service_bot_pat: description: 'PAT for SERVICE_BOT to trigger workflows on autofix commits' @@ -1292,7 +1297,7 @@ jobs: scripts-path: workflows-lib/scripts - name: Upsert consolidated PR comment - if: steps.guard.outputs.skip != 'true' && steps.build_comment.outputs.should-post == 'true' + if: steps.guard.outputs.skip != 'true' && steps.build_comment.outputs.should-post == 'true' && inputs.suppress_comments != true uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} @@ -1336,7 +1341,7 @@ jobs: } - name: Upsert clean-mode file summary comment - if: steps.guard.outputs.skip != 'true' && steps.clean_mode.outputs.enabled == 'true' && steps.fix_results.outputs.changed == 'true' + if: steps.guard.outputs.skip != 'true' && steps.clean_mode.outputs.enabled == 'true' && steps.fix_results.outputs.changed == 'true' && inputs.suppress_comments != true uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} @@ -1381,7 +1386,7 @@ jobs: } - name: Upsert safe sweep file summary comment - if: steps.guard.outputs.skip != 'true' && steps.clean_mode.outputs.enabled != 'true' && steps.fix_results.outputs.changed == 'true' + if: steps.guard.outputs.skip != 'true' && steps.clean_mode.outputs.enabled != 'true' && steps.fix_results.outputs.changed == 'true' && inputs.suppress_comments != true uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} diff --git a/scripts/generate_suppression_guard_comment.py b/scripts/generate_suppression_guard_comment.py old mode 100644 new mode 100755 index fa55062f5..e6aff874e --- a/scripts/generate_suppression_guard_comment.py +++ b/scripts/generate_suppression_guard_comment.py @@ -12,8 +12,9 @@ import yaml DEFAULT_WORKFLOWS = ( - pathlib.Path(".github/workflows/keepalive.yml"), + pathlib.Path(".github/workflows/agents-keepalive-loop.yml"), pathlib.Path(".github/workflows/autofix.yml"), + pathlib.Path(".github/workflows/reusable-18-autofix.yml"), ) SCRIPT_PATTERNS: tuple[tuple[re.Pattern[str], str], ...] = ( @@ -108,7 +109,12 @@ def _iter_posting_steps(workflow: dict[str, Any]) -> list[tuple[str, str, list[s hints.append(action_hint) step_if = step.get("if") step_if_str = step_if if isinstance(step_if, str) else "" - guarded = "should_post_review" in job_if_str or "should_post_review" in step_if_str + guarded = ( + "should_post_review" in job_if_str + or "should_post_review" in step_if_str + or "suppress_comments" in job_if_str + or "suppress_comments" in step_if_str + ) if hints and not guarded: findings.append((str(job_id), str(name), hints)) return findings diff --git a/tests/scripts/test_generate_suppression_guard_comment.py b/tests/scripts/test_generate_suppression_guard_comment.py index 741a84273..31063ef43 100644 --- a/tests/scripts/test_generate_suppression_guard_comment.py +++ b/tests/scripts/test_generate_suppression_guard_comment.py @@ -66,6 +66,30 @@ def test_build_comment_reports_unguarded_steps(tmp_path: Path) -> None: assert "post / Post comment" in comment +def test_build_comment_ignores_suppress_comments_guarded_steps( + tmp_path: Path, +) -> None: + workflow_path = tmp_path / "suppress.yml" + _write_yaml( + workflow_path, + """ + name: Suppress Comments Workflow + jobs: + post: + runs-on: ubuntu-latest + steps: + - name: Post comment + if: inputs.suppress_comments != true + run: github.rest.issues.createComment + """, + ) + + comment = build_comment([workflow_path]) + + assert "No unguarded PR comment/review posting steps detected" in comment + assert "post / Post comment" not in comment + + def test_build_comment_detects_octokit_aliases(tmp_path: Path) -> None: workflow_path = tmp_path / "octokit.yml" _write_yaml(