fix(ci): stop pr-review-poster from spamming REQUEST_CHANGES on every push

Branch protection rules block the GITHUB_TOKEN from dismissing reviews (HTTP 403), so every push added another undismissable REQUEST_CHANGES review. PR #27004 accumulated 12 identical blocking reviews. Switch to COMMENT-only reviews. Findings still show inline on the diff but don't create blocking reviews that require manual maintainer dismissal. The CI check status (pass/fail) gates merging, not the review state. Also enable CMAKE_TESTING=ON in the clang-tidy build so test files get proper include paths in compile_commands.json. Without this, clang-tidy-diff runs on test files from the PR diff but can't resolve gtest headers, producing false positives. Fixes #27004 Signed-off-by: Ramon Roche <mrpollo@gmail.com>
2026-05-22 00:27:35 +08:00 · 2026-04-10 13:53:13 -07:00
parent c0a45cef70
commit c515f81298
3 changed files with 33 additions and 18 deletions
@@ -60,7 +60,7 @@ jobs:
      if: always() && github.event_name == 'pull_request'
      run: |
        mkdir -p pr-review
-        git diff -U0 origin/${{ github.base_ref }}...HEAD \
+        git diff -U0 origin/${{ github.base_ref }}...HEAD -- ':!*/test/*' \
          | clang-tidy-diff-18.py -p1 \
              -path build/px4_sitl_default-clang \
              -export-fixes pr-review/fixes.yml \
@@ -78,7 +78,7 @@ jobs:
          --pr-number "${{ github.event.pull_request.number }}" \
          --commit-sha "${{ github.event.pull_request.head.sha }}" \
          --out-dir pr-review \
-          --event REQUEST_CHANGES
+          --event COMMENT

    - name: Upload pr-review artifact
      if: always() && github.event_name == 'pull_request'
@@ -25,9 +25,11 @@ name: PR Review Poster
 #   2. `pr_number` is validated to be a positive integer before use.
 #      `marker` is validated to be printable ASCII only before use.
 #      `commit_sha` is validated to be 40 lowercase hex characters.
-#      `event` is validated against an allowlist of `COMMENT` and
-#      `REQUEST_CHANGES`. `APPROVE` is intentionally forbidden so a bot
-#      cannot approve a pull request. Validation happens inside
+#      `event` is validated against an allowlist of `COMMENT` only.
+#      `APPROVE` and `REQUEST_CHANGES` are intentionally forbidden:
+#      bots should not approve PRs, and REQUEST_CHANGES reviews cannot
+#      be dismissed by the GITHUB_TOKEN under branch protection rules.
+#      Validation happens inside
 #      Tools/ci/pr-review-poster.py which is checked out from the base
 #      branch, not from the artifact.
 #
@@ -71,7 +73,7 @@ name: PR Review Poster
 #     {
 #       "pr_number":  12345,                                      // required, int > 0
 #       "marker":     "<!-- pr-review-poster:clang-tidy -->",     // required, printable ASCII
-#       "event":      "REQUEST_CHANGES",                          // required, "COMMENT" | "REQUEST_CHANGES"
+#       "event":      "COMMENT",                                   // required, "COMMENT" only
 #       "commit_sha": "0123456789abcdef0123456789abcdef01234567", // required, 40 hex chars
 #       "summary":    "Optional review summary text"              // optional
 #     }