From eafa8314d481c69bc73defc148a61a415990c0d9 Mon Sep 17 00:00:00 2001
From: Guillaume Nodet <gnodet@gmail.com>
Date: Tue, 10 Mar 2026 10:31:30 +0100
Subject: [PATCH 1/2] chore(ci): prevent duplicate container upgrade PRs

The check-container-versions workflow was creating duplicate PRs for the
same container upgrade because:
1. The branch name included the workflow run number, making each run unique
2. There was no check for existing open PRs before creating a new one

Fix by:
- Removing the run number from branch names so the same upgrade always
  maps to the same branch
- Checking for existing open PRs (by branch name and by property name)
  before creating a new one

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/check-container-versions.yml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/check-container-versions.yml b/.github/workflows/check-container-versions.yml
index a2cebd46466d4..61091229fc08c 100644
--- a/.github/workflows/check-container-versions.yml
+++ b/.github/workflows/check-container-versions.yml
@@ -276,12 +276,26 @@ jobs:
           EOF
           )
 
-            # Generate unique branch name
-            BRANCH_NAME="automated/upgrade-$(echo "$PROPERTY_NAME" | tr '.' '-' | tr '_' '-')-${NEW_VERSION}-${{ github.run_number }}"
+            # Generate branch name (deterministic per property+version, no run number)
+            BRANCH_NAME="automated/upgrade-$(echo "$PROPERTY_NAME" | tr '.' '-' | tr '_' '-')-${NEW_VERSION}"
 
             echo "Creating PR: $PR_TITLE"
             echo "Branch: $BRANCH_NAME"
 
+            # Check for existing open PR for the same property upgrade
+            EXISTING_PR=$(gh pr list --state open --head "$BRANCH_NAME" --json number --jq '.[0].number' 2>/dev/null || echo "")
+            if [[ -n "$EXISTING_PR" ]]; then
+              echo "⏭️  Skipping $PROPERTY_NAME $NEW_VERSION — open PR #$EXISTING_PR already exists"
+              continue
+            fi
+
+            # Also check if there is any open PR updating the same property (even to a different version)
+            EXISTING_PROPERTY_PR=$(gh pr list --state open --label "container-images" --search "upgrade $PROPERTY_NAME" --json number,title --jq '.[0].number' 2>/dev/null || echo "")
+            if [[ -n "$EXISTING_PROPERTY_PR" ]]; then
+              echo "⏭️  Skipping $PROPERTY_NAME $NEW_VERSION — open PR #$EXISTING_PROPERTY_PR already exists for this property"
+              continue
+            fi
+
             # Configure git
             git config user.name "github-actions[bot]"
             git config user.email "github-actions[bot]@users.noreply.github.com"

From 7cbaddf7d2e0c22c71f92c7188a86929b05f8615 Mon Sep 17 00:00:00 2001
From: Guillaume Nodet <gnodet@gmail.com>
Date: Tue, 10 Mar 2026 10:33:30 +0100
Subject: [PATCH 2/2] chore(ci): close stale container PRs when a newer version
 is available

Instead of skipping when an open PR exists for the same property,
close the stale PR (with a comment) and create a new one for the
newer version.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/check-container-versions.yml | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/check-container-versions.yml b/.github/workflows/check-container-versions.yml
index 61091229fc08c..73747dc84eb21 100644
--- a/.github/workflows/check-container-versions.yml
+++ b/.github/workflows/check-container-versions.yml
@@ -282,18 +282,20 @@ jobs:
             echo "Creating PR: $PR_TITLE"
             echo "Branch: $BRANCH_NAME"
 
-            # Check for existing open PR for the same property upgrade
+            # Check for existing open PR for the exact same property+version upgrade
             EXISTING_PR=$(gh pr list --state open --head "$BRANCH_NAME" --json number --jq '.[0].number' 2>/dev/null || echo "")
             if [[ -n "$EXISTING_PR" ]]; then
               echo "⏭️  Skipping $PROPERTY_NAME $NEW_VERSION — open PR #$EXISTING_PR already exists"
               continue
             fi
 
-            # Also check if there is any open PR updating the same property (even to a different version)
-            EXISTING_PROPERTY_PR=$(gh pr list --state open --label "container-images" --search "upgrade $PROPERTY_NAME" --json number,title --jq '.[0].number' 2>/dev/null || echo "")
-            if [[ -n "$EXISTING_PROPERTY_PR" ]]; then
-              echo "⏭️  Skipping $PROPERTY_NAME $NEW_VERSION — open PR #$EXISTING_PROPERTY_PR already exists for this property"
-              continue
+            # Check if there is an open PR for the same property but an older version — close it
+            STALE_PR=$(gh pr list --state open --label "container-images" --search "upgrade $PROPERTY_NAME" --json number,headRefName --jq '.[0]' 2>/dev/null || echo "")
+            if [[ -n "$STALE_PR" && "$STALE_PR" != "null" ]]; then
+              STALE_PR_NUMBER=$(echo "$STALE_PR" | jq -r '.number')
+              STALE_BRANCH=$(echo "$STALE_PR" | jq -r '.headRefName')
+              echo "🔄 Closing stale PR #$STALE_PR_NUMBER for $PROPERTY_NAME (superseded by $NEW_VERSION)"
+              gh pr close "$STALE_PR_NUMBER" --comment "Superseded by a newer version ($NEW_VERSION)." --delete-branch 2>/dev/null || true
             fi
 
             # Configure git