[BUG] Duplicate report coments on GitHub actions if we use a custom CI bot token

[snitin315]

Describe the bug

Github-actions[bot] user id is hardcoded in the codebase:

danger-js/source/platforms/github/GitHubAPI.ts

Lines 133 to 139 in 47dfcfa

	const useGitHubActionsID = process.env["GITHUB_WORKFLOW"]
	if (useGitHubActionsID) {
	// This is the user.id of the github-actions app (https://github.com/apps/github-actions)
	// that is used to comment when using danger in a GitHub Action
	// with GITHUB_TOKEN (https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
	return 41898282
	}

So if we do not use Github-actions[bot] on CI we get duplicate comments as the following condition is always false:

danger-js/source/platforms/github/GitHubAPI.ts

Line 93 in 47dfcfa

.filter((comment) => comment.user.id === userID) // Does it have the right user ID?

As a result, we get duplicate comments on the PR.

We have a separate bot account on GitHub which we use to perform all the automation via GitHub actions, hence not using the default secrets.GITHUB_TOKEN on CI.

To Reproduce

Run dangerJS on GitHub actions with a token other than secrets.GITHUB_TOKEN

Expected behavior

It should edit the previous comment.

Screenshots

Your Environment

software	version
danger.js	11.2.1
node	18
npm	8
Operating System

Additional context

Allow a new env variable USE_CUSTOM_CI_TOKEN or something similar.

[orta]

I agree that your logic is pretty sound, but the thing that doesn't fit for me is that almost everywhere I use danger it's GitHub Actions + a custom token - for example here: DefinitelyTyped/DefinitelyTyped#63851 (comment)

I think it's likely you're not using DANGER_GITHUB_API_TOKEN which takes priority at a guess

[snitin315]

@orta So earlier I was using GITHUB_TOKEN: custom-token which I updated to DANGER_GITHUB_API_TOKEN: custom-token and I'm still seeing duplicate comments.

In the example you showed in DefinitelyTyped/DefinitelyTyped#63851 (comment), it seems to be using danger v10.1.1 whereas the above logic was introduced later. I updated the danger-js package on CI and was able to reproduce:

• ci: update dangerJS DefinitelyTyped/DefinitelyTyped#63854 (comment)
• ci: update dangerJS DefinitelyTyped/DefinitelyTyped#63854 (comment)

[mrclrchtr]

We have the same problem. We updated today from 11.1.4 to 11.2.1 and since then the bot writes new comments instead of editing old ones. We have always used DANGER_GITHUB_API_TOKEN.

[orta]

#1337 feels like the culprit to me

[snitin315]

@orta Should we revert the PR then?

[martinerko]

@orta I am experiencing the same issue, is there any plan to revert the problematic commit?

[orta]

I figured someone would have a think and see if my guess was correct - but I'm fine with just reverting it

[orta]

Alright, that's shipped

[snitin315]

@orta Thanks. I just updated to v11.2.2 and it has fixed the issue.