Skip to content
Latchkey

peter-evans/create-or-update-comment

Create a new comment, or append to / replace an existing one, on an issue or pull request.

Community actionCategory: Pull Request AutomationLatest v5View on GitHub

What it does

peter-evans/create-or-update-comment creates a comment on an issue or PR when given issue-number, or updates an existing comment when given comment-id.

Updates default to appending; set edit-mode: replace to overwrite the body. It can also add reactions to the comment.

Usage

workflow (.yml)
on: pull_request
permissions:
  pull-requests: write
jobs:
  comment:
    runs-on: ubuntu-latest
    steps:
      - uses: peter-evans/create-or-update-comment@v5
        with:
          issue-number: ${{ github.event.pull_request.number }}
          body: |
            Build finished. :rocket:

Inputs

InputDescriptionDefaultRequired
tokenGITHUB_TOKEN or a repo scoped PAT.${{ github.token }}No
repositoryThe full name of the repository in which to create or update a comment.${{ github.repository }}No
issue-numberThe number of the issue or pull request in which to create a comment.-No
comment-idThe id of the comment to update.-No
bodyThe comment body. Cannot be used in conjunction with body-path.-No
body-pathThe path to a file containing the comment body. Cannot be used in conjunction with body.-No
edit-modeThe mode when updating a comment, "replace" or "append".appendNo
reactionsA comma or newline separated list of reactions to add to the comment.-No

Outputs

OutputDescription
comment-idThe id of the created comment.

Notes

PR comments are issue comments under the hood, so issue-number takes the pull request number.

To find an existing bot comment to update, pair with peter-evans/find-comment and pass its output as comment-id.

Common errors

  • Resource not accessible by integration means the workflow token lacks write permission; add pull-requests: write (PRs) or issues: write (issues) to the job permissions.
  • Commenting on PRs from forks fails with the default token on pull_request events because the token is read-only there; use the pull_request_target event or a separate privileged workflow instead.

Security and pinning

  • Grant only pull-requests: write / issues: write; the action does not need contents access. Pin to a commit SHA.
  • Be careful interpolating untrusted PR titles or bodies into body; prefer body-path with content you generated yourself.

Alternatives and related

Frequently asked questions

How do I keep one sticky bot comment per PR instead of adding a new one each run?
Locate the previous comment (e.g. with peter-evans/find-comment), pass its id as comment-id, and set edit-mode: replace so each run overwrites the same comment.
Running peter-evans/create-or-update-comment? Run it on Latchkey managed runners - self-healing and caching included. Start free → 30-day trial · No credit card