Skip to content

feat: consolidate PR sticky comments into a single aggregated summary #415

Description

@bedatty

Problem

The go-pr-validation umbrella currently produces 3 separate sticky PR comments — one per component (PR Validation, Security Scan, Lerian Lib Version). Each job runs in parallel and posts its own comment independently, resulting in a noisy PR thread.

Current state (3 comments):

  • <!-- pr-validation-report --> — PR Validation Summary
  • <!-- security-scan-{repo} --> — Security Scan Results
  • <!-- lerian-lib-version-check --> — Lerian Library Version Check

Desired state (1 comment):

<!-- go-pr-summary -->
## PR Validation Summary
...
---
## Security Scan Results
...
---
## Lerian Library Version Check
...

Proposed Architecture

Add an aggregator job (pr-summary) to go-pr-validation.yml that runs after all parallel jobs complete and posts a single combined comment.

go-pr-validation.yml
├── pr-validation (job) → uploads report artifact
├── security (job)      → uploads report artifact
├── lib-version (job)   → uploads report artifact
│
└── pr-summary (job, always(), needs: [pr-validation, security, lib-version])
      → downloads all 3 artifacts
      → combines into 1 comment (sections separated by logical markers)
      → upserts comment with shared marker <!-- go-pr-summary -->

Required Changes

Each commenting composite (3 composites)

  • Add post-comment input (boolean, default true)
  • When post-comment: false, skip the actions/github-script upsert step but still write the report to $RUNNER_TEMP/report.md
  • Add an actions/upload-artifact step (conditional on a new upload-report input or always when called from umbrella)

go-pr-validation.yml

  • Pass post-comment: false (or equivalent) to each component job
  • Add new pr-summary job:
    • needs: [changes, pr-validation, security, lib-version]
    • if: always() && github.event_name == 'pull_request'
    • Downloads report artifacts from all upstream jobs
    • Concatenates with --- separators
    • Upserts single comment using actions/github-script with marker <!-- go-pr-summary -->

Affected Workflows / Composites

  • .github/workflows/go-pr-validation.yml
  • src/validate/lerian-lib-version/action.yml
  • src/scan/pr-security-scan composite (or equivalent)
  • src/validate/pr-blocking-collect / PR validation report composite

Notes

  • Each section should still have its own internal sub-marker so partial updates (re-runs of individual jobs) remain correct
  • The aggregator must handle missing artifacts gracefully (job skipped or failed before writing report)
  • This is additive — callers that use individual components directly (not via umbrella) are unaffected
  • Do not merge into go-pr-validation.yml umbrella PR (feat: add Go PR validation and service release umbrella workflows #406) scope; ship as a follow-up feat

Priority

Low — cosmetic/UX improvement. Core functionality works correctly with 3 separate comments.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or improvement request

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions