chore: deploy triage-bot.yml + canonical auto-merge.yml#174
Conversation
Final piece of the triage-gate stack: required_conversation_resolution is on, TRIAGE_PAT is set, triage-bot.yml classifies threads, canonical auto-merge.yml removes owner-clause (cooldown lives in pr-heal.yml).
|
@coderabbitai autofix |
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
Cache: Disabled due to Reviews > Disable Cache setting Knowledge base: Disabled due to data retention organization setting Behavior ChangesThe PR introduces a two-tiered automated PR management system:
Risk Surface
Validation Evidence
Generated Artifacts
Cross-Repo Implications
WalkthroughThis PR separates owner-PR auto-merge handling into a distinct cron-based workflow ( ChangesAuto-merge tier restructuring
Automated review thread triage
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested labels
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
|
Note Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it. Autofix skipped. No unresolved CodeRabbit review comments with fix instructions found. |
|
Claude encountered an error after 2s —— View job I'll analyze this and get back to you. |
Up to standards ✅🟢 Issues
|
![codacy-production[bot]](https://avatars.githubusercontent.com/in/56611?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull Request Overview
The PR introduces automation for comment triage and updates the auto-merge strategy. While the structure is sound, two logic issues in the triage bot script should be addressed before merging to ensure functionality and prevent PR noise.
- The author check for GitHub Copilot is currently incorrect and will fail to match bot-authored comments.
- The reporting logic lacks a mechanism to prevent comment spam, as it posts a new summary every time the workflow runs.
Codacy analysis reports the PR is up to standards, and the auto-merge logic for agent branches and owner cooldown is correctly implemented.
Test suggestions
- Verify triage-bot resolves comments with explicit '[triage:auto-resolve]' tag.
- Verify triage-bot resolves 'nit:' and 'praise:' comments via case-insensitive regex.
- Verify triage-bot resolves short informational comments from 'Copilot'.
- Verify triage-bot flags unknown comments as 'needs-human' and keeps them unresolved.
- Verify auto-merge workflow enables native auto-merge for AI agent branches.
- Verify auto-merge workflow enables native auto-merge upon CodeRabbit approval.
- Verify owner-authored PRs do not trigger immediate auto-merge, respecting the new cooldown tier.
TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback
| } | ||
|
|
||
| if (summary.length > 0) { | ||
| await github.rest.issues.createComment({ |
There was a problem hiding this comment.
🟡 MEDIUM RISK
This workflow will create a new PR comment every time a review or comment event occurs if unresolved threads exist, leading to excessive noise. Consider modifying the script to search for an existing 'Triage Bot report' and update it, or only post if a thread was actually resolved during the run.
Try running the following prompt in your coding agent:
Update the triage-bot.yml script to first search for an existing issue comment authored by the bot with the header '## Triage Bot report'. If found, update that comment; otherwise, only call
github.rest.issues.createCommentif a thread was newly resolved.
| } else if (/^\s*(nit:|nitpick:|praise:)/i.test(body)) { | ||
| decision = 'dismiss'; | ||
| reason = 'classified as nit/nitpick/praise — non-blocking'; | ||
| } else if (author === 'Copilot' && body.length < 200) { |
There was a problem hiding this comment.
🟡 MEDIUM RISK
The author login for GitHub Copilot is usually github-copilot[bot]. The current check for Copilot will not match the actual bot user, rendering the auto-resolution rule ineffective.
| } else if (author === 'Copilot' && body.length < 200) { | |
| } else if (author === 'github-copilot[bot]' && body.length < 200) { |
Triage Bot report
Threads marked |
1 similar comment
Triage Bot report
Threads marked |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e34d3f229a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - name: Triage unresolved review threads | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| github-token: ${{ secrets.TRIAGE_PAT }} |
There was a problem hiding this comment.
This workflow always passes secrets.TRIAGE_PAT to actions/github-script, but pull_request_review and pull_request_review_comment also fire for PRs from forks, where repository secrets are not provided; in that case the step runs without a usable token and fails before any thread triage happens. Because this bot is intended to clear non-blocking threads for required_conversation_resolution, fork PRs can stay blocked indefinitely unless someone resolves threads manually. Add an explicit guard/fallback for missing TRIAGE_PAT (for example, skip with a notice or use a safe alternative token path).
Useful? React with 👍 / 👎.
| query($owner: String!, $repo: String!, $number: Int!) { | ||
| repository(owner: $owner, name: $repo) { | ||
| pullRequest(number: $number) { | ||
| reviewThreads(first: 100) { |
There was a problem hiding this comment.
The GraphQL query fetches only reviewThreads(first: 100) and never follows pagination cursors, so PRs with more than 100 threads leave the remainder unprocessed. Since this workflow is meant to resolve non-blocking threads under required_conversation_resolution, any unresolved thread beyond the first page can still block merge even after a successful bot run. Add cursor-based pagination (pageInfo.hasNextPage / after) to ensure all unresolved threads are triaged.
Useful? React with 👍 / 👎.
| const first = t.comments.nodes[0] ?? {}; | ||
| const body = first.body ?? ''; |
There was a problem hiding this comment.
The triage decision is based only on t.comments.nodes[0] (the first comment in the thread), so a thread that starts as a nit: but later contains a substantive human follow-up can still be auto-resolved incorrectly. In repositories with required_conversation_resolution, this removes a real review blocker and can allow merge without handling the latest objection. Classify using the latest unresolved context (or all comments), not just the first message.
Useful? React with 👍 / 👎.
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Triage unresolved review threads | ||
| uses: actions/github-script@v7 |
There was a problem hiding this comment.
This step pulls actions/github-script@v7 by moving tag, which can change behavior without a repository diff and runs with a write-capable token (TRIAGE_PAT). A compromised or regressed upstream tag would execute arbitrary script code in this job and could misuse PR-write credentials. Pin the action to a full commit SHA to make the workflow deterministic and reduce supply-chain risk.
Useful? React with 👍 / 👎.
Triage Bot report
Threads marked |
1 similar comment
Triage Bot report
Threads marked |
Summary
Testing
Committed on the current branch as:
|
Summary
Testing
|
1 participant
Last piece of the triage-gate stack. The branch ruleset on this repo blocks direct workflow-file pushes, so this comes via PR.