fix(ci): use GraphQL __typename to identify CodeRabbit bot in unresolve workflow#5291
Conversation
|
Warning Review limit reached
More reviews will be available in 2 minutes and 31 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe ChangesBot Identity Detection Fix
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning Review ran into problems🔥 ProblemsLinked repositories: Your configuration references 1 linked repositories, but your current plan allows 0. Analyzed ``, skipped Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Report bugs in Issues Welcome! 🎉This pull request will be automatically processed with the following features: 🔄 Automatic Actions
📋 Available CommandsPR Status Management
Review & Approval
Testing & Validation
Container Operations
Cherry-pick Operations
Branch Management
Label Management
✅ Merge RequirementsThis PR will be automatically approved when the following conditions are met:
📊 Review ProcessApprovers and ReviewersApprovers:
Reviewers:
Available Labels
AI Features
Security Checks
💡 Tips
For more information, please refer to the project documentation or contact the maintainers. |
506159b to
ab6dbc3
Compare
|
/security-override |
|
Security checks overridden by @rnetser. Security check runs set to pass. |
|
/approvr /verified (after merge) |
Test execution plan request detailsCRITICAL: You MUST post an inline review comment on the first changed line of the first file. As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan. Analysis Requirements:
Output rules: Your deliverable: Test Execution Plan
Use these formats:
Real test commands (MANDATORY when changes affect session/runtime code): When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
Example output for a session-startup fix: Guidelines:
Hardware-Related Checks (SR-IOV, GPU, DPDK): When PR modifies fixtures for hardware-specific resources:
CRITICAL WORKFLOW COMPLETION RULES: When responding to this test execution plan request, you MUST follow these rules EXACTLY:
ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):
Remember: The pull request review is visible to users. Additional comments are redundant noise. CRITICAL — Verification rules for smoke and gating decisions: |
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# Get the PR diff to find the first changed line in the first file
gh pr view 5291 --repo RedHatQE/openshift-virtualization-tests --json files --jq '.files[0]'
gh api repos/RedHatQE/openshift-virtualization-tests/pulls/5291/files --jq '.[0] | {filename, patch}'Length of output: 4983 🏁 Script executed: #!/bin/bash
# Get the latest commit SHA for the PR
COMMIT_SHA=$(gh api repos/RedHatQE/openshift-virtualization-tests/pulls/5291 --jq '.head.sha')
echo "Commit SHA: $COMMIT_SHA"
# Post a non-blocking inline review comment on the first changed line (diff position 5)
gh api repos/RedHatQE/openshift-virtualization-tests/pulls/5291/reviews \
--method POST \
--field commit_id="$COMMIT_SHA" \
--field body="" \
--field event="COMMENT" \
--field "comments[][path]=.github/workflows/unresolve-coderabbit-threads.yml" \
--field "comments[][position]=5" \
--field "comments[][body]=**Test Execution Plan**
- **Run smoke tests: False** — This PR modifies only \`.github/workflows/unresolve-coderabbit-threads.yml\` (a GitHub Actions workflow). No pytest code, fixtures, utilities, or conftest files are touched. No traced path to any smoke-marked test exists.
- **Run gating tests: False** — Same reason; no gating-marked test has a dependency path through this change.
- **Affected tests to run:** None — the change is purely a CI/CD workflow fix (bot login format: GraphQL \`__typename\` check). No cluster testing is required."Length of output: 2976 |
ab6dbc3 to
a7e9a76
Compare
Prevent false positives where "unresolved" matches "resolved" and "unverified" matches "verified" in the CodeRabbit verification check. Generated-by: Claude <noreply@anthropic.com> Signed-off-by: rnetser <rnetser@redhat.com>
|
@coderabbitai review |
✅ Action performedReview finished.
|
|
/security-override |
|
Security checks overridden by @rnetser. Security check runs set to pass. |
|
/verified (removed unsupporte dflow) |
Test execution plan request detailsCRITICAL: You MUST post an inline review comment on the first changed line of the first file. As an expert software testing engineer, analyze all modified files in this PR and create a targeted test execution plan. Analysis Requirements:
Output rules: Your deliverable: Test Execution Plan
Use these formats:
Real test commands (MANDATORY when changes affect session/runtime code): When the affected code runs at session/collection time (conftest fixtures, pytest plugins,
Example output for a session-startup fix: Guidelines:
Hardware-Related Checks (SR-IOV, GPU, DPDK): When PR modifies fixtures for hardware-specific resources:
CRITICAL WORKFLOW COMPLETION RULES: When responding to this test execution plan request, you MUST follow these rules EXACTLY:
ABSOLUTE PROHIBITIONS (violating these creates empty/meaningless reviews):
Remember: The pull request review is visible to users. Additional comments are redundant noise. CRITICAL — Verification rules for smoke and gating decisions: |
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# Get the latest commit SHA for the PR
COMMIT_SHA=$(gh api repos/RedHatQE/openshift-virtualization-tests/pulls/5291 --jq '.head.sha')
echo "Commit SHA: $COMMIT_SHA"
# Post a non-blocking inline review comment on the first changed line
gh api repos/RedHatQE/openshift-virtualization-tests/pulls/5291/reviews \
--method POST \
--field commit_id="$COMMIT_SHA" \
--field body="" \
--field event="COMMENT" \
--field "comments[][path]=.github/workflows/unresolve-coderabbit-threads.yml" \
--field "comments[][position]=5" \
--field "comments[][body]=**Test Execution Plan**
- **Run smoke tests: False** — This PR modifies only \`.github/workflows/unresolve-coderabbit-threads.yml\` (a GitHub Actions workflow). No pytest code, fixtures, utilities, or conftest files are changed. No dependency path to any smoke-marked test exists.
- **Run gating tests: False** — Same reason; no gating-marked test has a dependency path through this change.
- **Affected tests to run:** None — the change is a CI/CD workflow fix correcting bot login format detection (GraphQL \`__typename\` + \`login\` check). No cluster testing required."Length of output: 2984 |
|
@coderabbitai review |
✅ Action performedReview finished.
|
|
New container for quay.io/openshift-cnv/openshift-virtualization-tests:latest published |
|
@coderabbitai review |
✅ Action performedReview finished.
|
…ve workflow (RedHatQE#5291) ##### What this PR does / why we need it: The `unresolve-coderabbit-threads.yml` workflow checked for `"coderabbitai[bot]"` but the GitHub GraphQL API returns bot logins without the `[bot]` suffix — just `"coderabbitai"`. This caused: 1. **Opener check** to always skip CodeRabbit threads on the `pull_request_target` path 2. **CodeRabbit verification check** to never detect fix confirmations **Result:** 19 out of 20 auto-unresolves in the past 14 days were false positives, including ping-pong loops of up to 7 cycles per thread (PR RedHatQE#5145). **Fix:** Add `__typename` to GraphQL `author` queries and check both `login=="coderabbitai"` AND `__typename=="Bot"`. This correctly identifies the bot and is immune to username impersonation (human users have `__typename=="User"`). Generated-by: Claude <noreply@anthropic.com> ##### Which issue(s) this PR fixes: Fixes RedHatQE#5290 ##### Special notes for reviewer: The `SENDER` check for `pull_request_review_thread` events (`== "coderabbitai[bot]"`) is left unchanged because it uses the REST API event context format which correctly includes `[bot]`. ##### jira-ticket: <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Improved automated thread management in workflows to be more resilient when pull request context is missing. * Refined verification logic so threads are only automatically handled when matching bot-origin verification comments are confirmed. * Enhanced GraphQL data checks to better distinguish bot authors and verification messages. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: rnetser <rnetser@redhat.com> Signed-off-by: Emanuele Prella <eprella@redhat.com>
What this PR does / why we need it:
The
unresolve-coderabbit-threads.ymlworkflow checked for"coderabbitai[bot]"but the GitHub GraphQL API returns bot logins without the[bot]suffix — just"coderabbitai". This caused:pull_request_targetpathResult: 19 out of 20 auto-unresolves in the past 14 days were false positives, including ping-pong loops of up to 7 cycles per thread (PR #5145).
Fix: Add
__typenameto GraphQLauthorqueries and check bothlogin=="coderabbitai"AND__typename=="Bot". This correctly identifies the bot and is immune to username impersonation (human users have__typename=="User").Generated-by: Claude noreply@anthropic.com
Which issue(s) this PR fixes:
Fixes #5290
Special notes for reviewer:
The
SENDERcheck forpull_request_review_threadevents (== "coderabbitai[bot]") is left unchanged because it uses the REST API event context format which correctly includes[bot].jira-ticket:
Summary by CodeRabbit