fix: do not unresolve threads verified by CodeRabbit#5179
Conversation
The unresolve workflow only checked for PR-author replies. When CodeRabbit itself verified a fix (e.g., "The concern is fully addressed"), there was no PR-author reply, so the workflow incorrectly unresolved the thread. Now treats CodeRabbit verification replies (containing "addressed", "verified", "resolved", or checkmark) as substantive — these threads stay resolved. Assisted-by: Claude <noreply@anthropic.com> Signed-off-by: rnetser <rnetser@redhat.com>
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
|
Warning Review limit reached
More reviews will be available in 10 minutes and 28 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR introduces a new GitHub Actions workflow that automatically unresolves CodeRabbit review threads resolved without substantive PR-author responses. The workflow paginates through all review threads, filters candidates meeting unresolve criteria, and applies GraphQL mutations to unresolve and notify via warning comments. ChangesAuto-unresolve CodeRabbit Review Threads
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Reasoning: GraphQL pagination and bash filtering logic require careful verification of query correctness, jq filter accuracy, and proper error handling. The workflow controls bot behavior on PRs, so mutation ordering, concurrency safety, and thread-selection correctness are critical. Multiple shell expansions, GraphQL syntax, and stateful pagination loops demand close inspection. Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning Review ran into problems🔥 ProblemsLinked repositories: Your configuration references 1 linked repositories, but your current plan allows 0. Analyzed ``, skipped Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
D/S test |
|
Report bugs in Issues Welcome! 🎉This pull request will be automatically processed with the following features: 🔄 Automatic Actions
📋 Available CommandsPR Status Management
Review & Approval
Testing & Validation
Container Operations
Cherry-pick Operations
Label Management
✅ Merge RequirementsThis PR will be automatically approved when the following conditions are met:
📊 Review ProcessApprovers and ReviewersApprovers:
Reviewers:
Available Labels
AI Features
💡 Tips
For more information, please refer to the project documentation or contact the maintainers. |
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/unresolve-coderabbit-threads.yml:
- Line 108: Update the author check to match the bot account and make the regex
case-insensitive: replace the literal author match ".author.login ==
\"coderabbitai\"" with ".author.login == \"coderabbitai[bot]\"" and change the
body test invocation from test("addressed|verified|resolved|✅|concern is fully")
to use the case-insensitive flag, i.e.
test("addressed|verified|resolved|✅|concern is fully"; "i"), keeping the same
pattern so .body and .author.login checks correctly detect variations like
"Addressed" and the bot suffix.
- Line 99: Replace the bot login string used in the selection filters so they
include the GitHub bot suffix; change the literal "coderabbitai" to
"coderabbitai[bot]" in both occurrences of the filter expression (the
select(.opening_comment.nodes[0].author.login == "...") check and the matching
second filter) so the workflow correctly matches the bot account.
- Around line 22-25: Remove the unused repository permission declaration
"contents: read" (it's unnecessary since there's no actions/checkout in this
workflow) and add a human-friendly job name for clarity by inserting a name:
field under the job key unresolve-threads (e.g., name: "Unresolve Threads") so
the workflow UI shows the descriptive name instead of the key.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: c15dbfd6-3202-4c50-9afb-98acedc0f514
📒 Files selected for processing (1)
.github/workflows/unresolve-coderabbit-threads.yml
📜 Review details
🧰 Additional context used
🧠 Learnings (3)
📚 Learning: 2026-05-19T10:17:37.060Z
Learnt from: Anatw
Repo: RedHatQE/openshift-virtualization-tests PR: 4833
File: tests/network/localnet/migration_stuntime/libstuntime.py:13-13
Timestamp: 2026-05-19T10:17:37.060Z
Learning: In RedHatQE/openshift-virtualization-tests, when the PR template validation rule is triggered, avoid posting the PR template violation comment if the PR description already contains the required sections with meaningful content:
- `##### What this PR does / why we need it:`
- `##### Which issue(s) this PR fixes:`
- `##### Special notes for reviewer:`
- `##### jira-ticket:`
Because the current implementation can use a broad `**` path glob and re-run the check per diff context/file, reviewers/automation should verify the actual PR description content before flagging it as a violation or duplicating the comment.
Applied to files:
.github/workflows/unresolve-coderabbit-threads.yml
📚 Learning: 2026-05-20T11:18:31.677Z
Learnt from: Anatw
Repo: RedHatQE/openshift-virtualization-tests PR: 4867
File: tests/network/libs/stuntime.py:1-1
Timestamp: 2026-05-20T11:18:31.677Z
Learning: In RedHatQE/openshift-virtualization-tests, make the PR template validation (HIGH-severity) heuristic more conservative: if the author explicitly rebuts the “missing template section” finding and confirms the required sections are present with meaningful content, treat the original finding as a false positive and do not re-raise it. Only raise the HIGH-severity flag when a required PR section header (e.g., "##### What this PR does / why we need it:") is clearly absent or its content can be verified as empty/placeholder-only.
Applied to files:
.github/workflows/unresolve-coderabbit-threads.yml
📚 Learning: 2026-06-03T15:08:46.871Z
Learnt from: geetikakay
Repo: RedHatQE/openshift-virtualization-tests PR: 5101
File: .github/workflows/request-coderabbit-test-instructions.yml:39-39
Timestamp: 2026-06-03T15:08:46.871Z
Learning: In RedHatQE/openshift-virtualization-tests, GitHub Actions workflow reviewers should follow the repo convention of allowing `uses:` references that are pinned to mutable version tags (e.g., `owner/actionv4`, `owner/actionv5`) and should NOT flag these as security issues. Full commit-SHA pinning for third-party actions is explicitly out of scope for this repository, so do not treat non-SHA `uses:` references as violations.
Applied to files:
.github/workflows/unresolve-coderabbit-threads.yml
🪛 zizmor (1.25.2)
.github/workflows/unresolve-coderabbit-threads.yml
[error] 21-21: overly broad permissions (excessive-permissions): pull-requests: write is overly broad at the workflow level
(excessive-permissions)
[error] 11-13: use of fundamentally insecure workflow trigger (dangerous-triggers): pull_request_target is almost always used insecurely
(dangerous-triggers)
[warning] 21-21: permissions without explanatory comments (undocumented-permissions): needs an explanatory comment
(undocumented-permissions)
[info] 25-25: workflow or action definition without a name (anonymous-definition): this job
(anonymous-definition)
🔇 Additional comments (3)
.github/workflows/unresolve-coderabbit-threads.yml (3)
11-17: LGTM!The
pull_request_targettrigger is flagged by static analysis, but it's used safely here. The danger arises when you checkout and execute untrusted fork code—this workflow only makes GraphQL API calls with no code checkout, so the trigger is appropriate.
40-93: LGTM!
113-142: LGTM!The mutation logic is solid: thread IDs come from GitHub's trusted API response, error handling allows continuation on failures, and the warning message clearly explains the automated action.
RoniKishner
left a comment
There was a problem hiding this comment.
why is it showing it as a new file instead of changes done? or is it only for me?
it was missing a rebase; fixing |
…abbit-verification Signed-off-by: rnetser <rnetser@redhat.com> # Conflicts: # .github/workflows/unresolve-coderabbit-threads.yml
- Add [bot] suffix to coderabbitai login checks (GitHub bot accounts use "coderabbitai[bot]" not "coderabbitai") - Use case-insensitive regex for verification keywords (matches "Addressed", "Resolved", etc.) - Remove unused contents: read permission - Add job name for GitHub UI clarity Assisted-by: Claude <noreply@anthropic.com> Signed-off-by: rnetser <rnetser@redhat.com>
|
/verified (will be tested once merged) |
Test execution plan request detailsCRITICAL: You MUST post an inline review comment on the first changed line of the first file. As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan. Analysis Requirements:
Output rules: Your deliverable: Test Execution Plan
Use these formats:
Real test commands (MANDATORY when changes affect session/runtime code): When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
Example output for a session-startup fix: Guidelines:
Hardware-Related Checks (SR-IOV, GPU, DPDK): When PR modifies fixtures for hardware-specific resources:
CRITICAL WORKFLOW COMPLETION RULES: When responding to this test execution plan request, you MUST follow these rules EXACTLY:
ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):
Remember: The pull request review is visible to users. Additional comments are redundant noise. CRITICAL — Verification rules for smoke and gating decisions: |
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# Get the PR diff to find the first changed line position for an inline comment
gh api repos/RedHatQE/openshift-virtualization-tests/pulls/5179/files --jq '.[0] | {filename, patch: .patch[0:200]}'Length of output: 538 🏁 Script executed: #!/bin/bash
# Post a non-blocking inline review comment on the first changed line (position 5 in the diff)
gh api repos/RedHatQE/openshift-virtualization-tests/pulls/5179/reviews \
--method POST \
--field body="" \
--field event="COMMENT" \
--field "comments[][path]=.github/workflows/unresolve-coderabbit-threads.yml" \
--field "comments[][position]=5" \
--field "comments[][body]=**Test Execution Plan**
- **Run smoke tests: False** — This PR modifies only a GitHub Actions workflow YAML file. No Python symbols, pytest fixtures, conftest files, or test utilities were changed. No traceable path from any test to a modified symbol exists.
- **Run gating tests: False** — Same reasoning; no gating-marked test file is in the affected set.
- **Affected tests to run:** None — The change is scoped entirely to CI/CD workflow logic (\`.github/workflows/unresolve-coderabbit-threads.yml\`). It does not modify any code that runs during pytest collection, session setup, or test execution on a cluster."Length of output: 2798 |
|
New container for quay.io/openshift-cnv/openshift-virtualization-tests:latest published |
What this PR does / why we need it:
Fixes the unresolve workflow incorrectly unresolving CodeRabbit threads that were already verified.
Root cause: The workflow only checked for PR-author replies (≥15 chars). When CodeRabbit itself verified a fix (e.g., "✅ The concern is fully addressed. Commit 4fc400e registered the windows marker..."), there was no PR-author reply, so the workflow unresolved the thread — forcing the author to re-address it.
Fix: Also treat CodeRabbit verification replies as substantive. If CodeRabbit replied with keywords like "addressed", "verified", "resolved", or "✅", the thread stays resolved.
Example of the bug: https://github.com/RedHatQE/openshift-virtualization-tests/pull/5145/files#r3373950402
Assisted-by: Claude noreply@anthropic.com
Which issue(s) this PR fixes:
Special notes for reviewer:
jira-ticket:
Summary by CodeRabbit