BCR PR reviewer: Verify the PR isn't updated before approval/merge (#2312)

commit: d02475c2d1483c6eb5dc9c804e306e671ccfe89c [log] [tgz]
author: Yun Peng <pcloudy@google.com> Fri May 23 15:01:47 2025 +0200
committer: GitHub <noreply@github.com> Fri May 23 15:01:47 2025 +0200
tree: c46099252ab5a275fe34e922b386e463a9209065
parent: c055431b973343cb2323ba751255819b441cd155 [diff]
diff --git a/actions/bcr-pr-reviewer/index.js b/actions/bcr-pr-reviewer/index.js
index 49cb597..2ae4cb7 100644
--- a/actions/bcr-pr-reviewer/index.js
+++ b/actions/bcr-pr-reviewer/index.js

@@ -333,6 +333,20 @@
   const prAuthor = prInfo.data.user.login;
   const allModulesApproved = await checkIfAllModifiedModulesApproved(modifiedModules, maintainersMap, approvers, prAuthor);
 
+  // Re-fetch PR information to check if new commits were pushed since analysis started
+  const initialHeadSha = prInfo.data.head.sha;
+  const latestPrInfoForShaCheck = await octokit.rest.pulls.get({
+    owner,
+    repo,
+    pull_number: prNumber,
+  });
+  const currentHeadSha = latestPrInfoForShaCheck.data.head.sha;
+
+  if (initialHeadSha !== currentHeadSha) {
+    console.log(`PR #${prNumber} has been updated since the review process began. Initial SHA: ${initialHeadSha}, Current SHA: ${currentHeadSha}. Aborting approval/merge actions as the analysis may be stale.`);
+    return; // Exit reviewPR for this PR to prevent actions on stale data
+  }
+
   const { data } = await octokit.rest.users.getAuthenticated();
   const myLogin = data.login;
commit	d02475c2d1483c6eb5dc9c804e306e671ccfe89c	[log] [tgz]
author	Yun Peng <pcloudy@google.com>	Fri May 23 15:01:47 2025 +0200
committer	GitHub <noreply@github.com>	Fri May 23 15:01:47 2025 +0200
tree	c46099252ab5a275fe34e922b386e463a9209065
parent	c055431b973343cb2323ba751255819b441cd155 [diff]