[cloclo] Fix locked error check: require 403 status AND locked message

[github-actions]

Summary

This PR fixes the locked resource error check logic to properly require BOTH a 403 status code AND a locked message before suppressing the error.

Problem

The previous logic in PR #15977 was incorrectly simplified:

// INCORRECT: This ignores ANY error with "locked" message, regardless of status
if ((is403Error && hasLockedMessage) || (!is403Error && hasLockedMessage)) {

This simplifies to just hasLockedMessage, which means errors like:

• 500 Internal Server Error: "Database locked"
• 502 Bad Gateway: "Upstream service locked"
• Any other error mentioning "locked"

Would all be silently suppressed, potentially masking real issues.

Solution

The correct logic requires BOTH conditions:

// CORRECT: Only ignore 403 errors that mention locked resources
if (is403Error && hasLockedMessage) {

This ensures we only suppress GitHub API 403 errors specifically related to locked conversations/issues/PRs.

Changes Made

Code Changes

• actions/setup/js/add_reaction.cjs: Fixed error check logic
• actions/setup/js/add_reaction_and_edit_comment.cjs: Fixed error check logic
• Updated comments to clarify BOTH conditions are required

Test Changes

• actions/setup/js/add_reaction.test.cjs: Updated test to verify non-403 locked errors fail
• actions/setup/js/add_reaction_and_edit_comment.test.cjs: Updated test to verify non-403 locked errors fail

Testing

✅ All tests passing:

• add_reaction.test.cjs: 27 tests passed
• add_reaction_and_edit_comment.test.cjs: 19 tests passed

Test Coverage

• ✅ 403 + locked message → suppressed (expected)
• ✅ 403 without locked message → fails (expected)
• ✅ Non-403 + locked message → fails (new behavior, correct)
• ✅ Other errors → fails (expected)

Why This Matters

Proper error handling is critical. We should only suppress errors we know are expected and safe to ignore. Suppressing all errors mentioning "locked" regardless of status code could hide:

• Database issues
• Service failures
• Unexpected API errors
• Security problems

Related

Fixes #15977
Based on feedback from @pelikhan

---

🤖 Generated with [Claude Code]((claude.com/redacted)

AI generated by /cloclo

• expires on Feb 17, 2026, 7:35 PM UTC

[Copilot]

Pull request overview

Fixes overly-broad “locked resource” error suppression in the reaction scripts so that errors are only ignored when they are both a 403 and contain a locked-related message—preventing non-403 “locked” failures from being silently swallowed.

Changes:

• Tighten the locked-resource suppression condition in both reaction handlers to is403Error && hasLockedMessage.
• Update unit tests to assert that non-403 errors mentioning “locked” correctly fail instead of being suppressed.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
actions/setup/js/add_reaction.cjs	Require both 403 status and locked message before suppressing the error.
actions/setup/js/add_reaction_and_edit_comment.cjs	Same tightened suppression logic for the reaction+comment flow.
actions/setup/js/add_reaction.test.cjs	Add coverage ensuring non-403 “locked” errors fail.
actions/setup/js/add_reaction_and_edit_comment.test.cjs	Add coverage ensuring non-403 “locked” errors fail in the combined flow.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.