Backend Fix: Detekt on Build Failure (#2801)

3 files changed, 49 insertions, 11 deletions

diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml
index bb08afbba..f4251d798 100644
--- a/.github/workflows/detekt.yml
+++ b/.github/workflows/detekt.yml
@@ -16,6 +16,8 @@ jobs:
         runs-on: ubuntu-latest
         permissions:
             contents: read
+        outputs:
+            sarif_exists: ${{ steps.check_sarif.outputs.exists }}
         steps:
             -   name: Checkout PR code
                 uses: actions/checkout@v4
@@ -26,13 +28,21 @@ jobs:
             -   name: Run detekt main (w/ typing analysis)
                 run: |
                   ./gradlew detektMain --stacktrace
+            -   name: Check if SARIF file exists
+                id: check_sarif
+                run: |
+                    if [ -f "versions/1.8.9/build/reports/detekt/main.sarif" ]; then
+                        echo "exists=true" >> $GITHUB_OUTPUT
+                    else
+                        echo "exists=false" >> $GITHUB_OUTPUT
+                    fi
             -   name: Annotate detekt failures
-                if: ${{ !cancelled() }}
+                if: ${{ !cancelled() && steps.check_sarif.outputs.exists == 'true' }}
                 run: |
                     chmod +x .github/scripts/process_detekt_sarif.sh
                     ./.github/scripts/process_detekt_sarif.sh versions/1.8.9/build/reports/detekt/main.sarif | tee detekt_output.txt
             -   name: Upload detekt output as artifact
-                if: always()
+                if: ${{ steps.check_sarif.outputs.exists == 'true' }}
                 uses: actions/upload-artifact@v4
                 with:
                     name: detekt-output
@@ -42,7 +52,7 @@ jobs:
         name: Comment detekt failures on PR
         runs-on: ubuntu-latest
         needs: detekt
-        if: ${{ failure() }}
+        if: ${{ needs.detekt.outputs.sarif_exists == 'true' && failure() }}
         permissions:
             pull-requests: write
         steps:
diff --git a/.github/workflows/detekt_beta.yml b/.github/workflows/detekt_beta.yml
index f019ae841..cd8e38cc5 100644
--- a/.github/workflows/detekt_beta.yml
+++ b/.github/workflows/detekt_beta.yml
@@ -19,8 +19,16 @@ jobs:
             -   name: Run detekt main (w/ typing analysis)
                 run: |
                   ./gradlew detektMain --stacktrace
+            -   name: Check if SARIF file exists
+                id: check_sarif
+                run: |
+                    if [ -f "versions/1.8.9/build/reports/detekt/main.sarif" ]; then
+                        echo "exists=true" >> $GITHUB_OUTPUT
+                    else
+                        echo "exists=false" >> $GITHUB_OUTPUT
+                    fi
             -   name: Annotate detekt failures
-                if: ${{ !cancelled() }}
+                if: ${{ !cancelled() && steps.check_sarif.outputs.exists == 'true' }}
                 run: |
-                  chmod +x .github/scripts/process_detekt_sarif.sh
-                  ./.github/scripts/process_detekt_sarif.sh versions/1.8.9/build/reports/detekt/main.sarif
+                    chmod +x .github/scripts/process_detekt_sarif.sh
+                    ./.github/scripts/process_detekt_sarif.sh versions/1.8.9/build/reports/detekt/main.sarif
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index 3daad1237..a28577b77 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -12,6 +12,9 @@ jobs:
         steps:
             -   name: Checkout code
                 uses: actions/checkout@v4
+                with:
+                    ref: ${{ github.event.pull_request.head.sha }}
+                    repository: ${{ github.event.pull_request.head.repo.full_name }}
 
             -   uses: ./.github/actions/setup-normal-workspace
 
@@ -39,8 +42,25 @@ jobs:
                     github_token: ${{ secrets.GITHUB_TOKEN }}
                     labels: 'Wrong Title/Changelog'
 
+            -   name: Check if this is the latest workflow run
+                id: check_latest
+                run: |
+                    PR_LATEST_SHA=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+                        "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}" \
+                        | jq -r '.head.sha')
+
+                    echo "Latest commit SHA from PR: $PR_LATEST_SHA"
+                    echo "Current workflow SHA: ${{ github.event.pull_request.head.sha }}"
+
+                    # Compare the SHAs and set a result variable
+                    if [[ "${PR_LATEST_SHA}" == "${{ github.event.pull_request.head.sha }}" ]]; then
+                        echo "is_latest=true" >> $GITHUB_ENV
+                    else
+                        echo "is_latest=false" >> $GITHUB_ENV
+                    fi
+
             -   name: Add comment to PR if changelog verification fails
-                if: failure()
+                if: ${{ failure() && env.is_latest == 'true' }}
                 uses: actions/github-script@v6
                 with:
                     github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -50,8 +70,8 @@ jobs:
                         const commentBody = `${test}`
                         
                         github.rest.issues.createComment({
-                          issue_number: context.issue.number,
-                          owner: context.repo.owner,
-                          repo: context.repo.repo,
-                          body: commentBody
+                            issue_number: context.issue.number,
+                            owner: context.repo.owner,
+                            repo: context.repo.repo,
+                            body: commentBody
                         })