Skip to content

Fix command matching and commenter identification in workflow triggers#497

Closed
kelos-bot[bot] wants to merge 2 commits intomainfrom
kelos-task-496
Closed

Fix command matching and commenter identification in workflow triggers#497
kelos-bot[bot] wants to merge 2 commits intomainfrom
kelos-task-496

Conversation

@kelos-bot
Copy link

@kelos-bot kelos-bot bot commented Feb 28, 2026
edited by cubic-dev-ai bot
Loading

Summary

  • Add sender.type == 'User' check to skip bot-triggered events at the job if level in both /squash-commits and /reset-worker workflows
  • Add regex validation in the gate step to ensure the command appears at the start of a line (not as incidental text in a larger comment)
  • Use context.payload.sender.login as the primary source for commenter identification, with comment.user.login and review.user.login as fallbacks

Fixes #496

Test plan

  • Verify /squash-commits command works when issued by an admin at the start of a comment on a PR
  • Verify /squash-commits text appearing mid-comment (e.g. in a triage report) does not trigger the workflow
  • Verify bot comments containing /squash-commits or /reset-worker are skipped at the job level
  • Verify /reset-worker command works when issued by an admin at the start of a comment

🤖 Generated with Claude Code

Summary by cubic

Prevents false triggers and fixes commenter detection in the /squash-commits and /reset-worker workflows. Commands now only run from user comments that start with the command text, with a fail-closed bot filter. Fixes #496.

  • Bug Fixes
    • Skip bot or unknown sender events with a job-level check: sender.type == 'User'.
    • Require the command at the start of a line via regex validation.
    • Identify the actor via context.payload.sender.login, with comment.user.login and review.user.login as fallbacks.

Written for commit 56fa174. Summary will update on new commits.

@gjkim42 @claude
Fix command matching and commenter identification in workflow triggers
3e7914d 
The /squash-commits and /reset-worker workflows had two issues:

1. The job-level `if` condition used `contains()` which matches the command
   text anywhere in a comment body, causing false triggers when bots or
   other comments incidentally mention the command text. Add a
   `sender.type == 'User'` check to skip bot-triggered events at the job
   level, and validate in the gate step that the command appears at the
   start of a line using a regex check.

2. The commenter identification used `comment.user.login` or
   `review.user.login` but did not consider `sender.login` from the event
   payload, which is the most reliable source for the actor who triggered
   the event. Add `context.payload.sender.login` as the primary fallback.

Fixes #496

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions github-actions bot added needs-triage needs-kind Indicates an issue or PR lacks a kind/* label needs-priority needs-actor labels Feb 28, 2026
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Feb 28, 2026
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 2 files

Prompt for AI agents (unresolved issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/squash-kelos-worker-commits.yaml">

<violation number="1" location=".github/workflows/squash-kelos-worker-commits.yaml:28">
P2: Fail-open bot filter: `|| 'User'` fallback defaults unknown sender types to `'User'`, bypassing the bot check. If `sender.type` is unexpectedly null/empty, the job runs anyway — contradicting the security intent. Remove the fallback so unknown sender types are rejected (fail-closed).</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

@gjkim42 @claude
Use fail-closed bot filter in workflow triggers
56fa174 
Remove the `|| 'User'` fallback from the sender.type check so that
unknown or missing sender types are rejected instead of defaulting
to 'User' and bypassing the bot filter.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gjkim42 gjkim42 closed this Mar 1, 2026
@gjkim42 gjkim42 deleted the kelos-task-496 branch March 1, 2026 01:05
@kelos-bot kelos-bot bot mentioned this pull request Mar 1, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

generated-by-kelos needs-actor needs-kind Indicates an issue or PR lacks a kind/* label needs-priority needs-triage ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix squash-commits error

1 participant

@gjkim42