ci: skip team membership check for bot actors

[rnetser]

Problem

The comment-on-commit job in the request-coderabbit-test-instructions workflow fails when a PR is triggered by a GitHub App bot (e.g., cnv-tests-github-webhook-dollierp[bot]).

The tspascoal/get-user-teams-membership@v3 action uses GitHub's GraphQL user(login:) query, which cannot resolve bot accounts (Bot nodes vs User nodes), resulting in:

GraphqlResponseError: Could not resolve to a User with the login of 'cnv-tests-github-webhook-dollierp[bot]'.

Failed run: https://github.com/RedHatQE/openshift-virtualization-tests/actions/runs/23626976494/job/69053639334

Fix

Add !endsWith(github.event.pull_request.user.login, '[bot]') to the job's if condition to skip the entire job for bot actors. Bot-authored PRs don't need CodeRabbit test execution plan comments.

Changes

• .github/workflows/request-coderabbit-test-instructions.yml: Added bot actor exclusion to job condition

Summary by CodeRabbit

• Chores
  • Tightened an internal GitHub Actions workflow condition to more precisely exclude automated pull requests from triggering a comment-on-commit step.

---

Note: No user-facing changes. This update refines background automation and infrastructure behavior.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request tightens a GitHub Actions job filter: it keeps the label == 'verified' requirement, continues to exclude authors whose login contains renovate, and adds an exclusion for authors whose login starts with cnv-tests-github-webhook to avoid running on that bot account.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/request-coderabbit-test-instructions.yml	Updated job conditional to add !startsWith(github.event.pull_request.user.login, 'cnv-tests-github-webhook') alongside the existing github.event.pull_request.user.login checks (still requires label == 'verified' and excludes logins containing 'renovate').

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: adding a bot actor exclusion to skip workflow job execution for bot-triggered PRs.
Description check	✅ Passed	The description fully covers the problem, fix, and changes with clear context. However, it omits the Jira ticket field from the template.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-virtualization-qe-bot-3]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: A tracking issue is created for this PR and will be closed when the PR is merged or closed
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: Enabled categories: branch, can-be-merged, cherry-pick, has-conflicts, hold, needs-rebase, size, verified, wip

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest build-container - Rebuild and test container image
• /retest verify-bugs-are-open - verify-bugs-are-open
• /retest all - Run all available tests

Container Operations

• /build-and-push-container - Build and push container image (tagged with PR number)
  • Supports additional build arguments: /build-and-push-container --build-arg KEY=value

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. LGTM Count: Minimum 2 /lgtm from reviewers
3. Status Checks: All required status checks must pass
4. No Blockers: No wip, hold, has-conflicts labels and PR must be mergeable (no conflicts)
5. Verified: PR must be marked as verified

📊 Review Process

Approvers and Reviewers

Approvers:

• dshchedr
• myakove
• rnetser
• vsibirsk

Reviewers:

• RoniKishner
• dshchedr
• rnetser
• vsibirsk

Available Labels

• hold
• verified
• wip
• lgtm
• approve

AI Features

• Cherry-Pick Conflict Resolution: Enabled (claude/claude-opus-4-6[1m])

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is automatically removed on each new commit
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Container Builds: Container images are automatically tagged with the PR number
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/request-coderabbit-test-instructions.yml:
- Around line 17-18: Replace the brittle startsWith('cnv-tests-github-webhook')
check with a general bot exclusion using the PR actor login: replace the current
joint condition that references github.event.pull_request.user.login (the
!contains(...,'renovate') && !startsWith(...,'cnv-tests-github-webhook') logic)
with a single check using !endsWith(github.event.pull_request.user.login,
'[bot]') so all bot accounts (e.g., renovate[bot], dependabot[bot],
cnv-tests-... [bot]) are excluded before calling
tspascoal/get-user-teams-membership@v3.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 562d31aa-7c32-441f-84b7-da5282c0ba8d

📥 Commits

Reviewing files that changed from the base of the PR and between de0bbd2 and cc412b9.

📒 Files selected for processing (1)

• .github/workflows/request-coderabbit-test-instructions.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Implementation doesn't match the stated fix - consider broader bot exclusion.

The PR objectives state the fix should use !endsWith(github.event.pull_request.user.login, '[bot]') to exclude all bot actors, but the implementation uses !startsWith(github.event.pull_request.user.login, 'cnv-tests-github-webhook') which only excludes one specific bot prefix.

Why this matters:

• GitHub Apps convention: All bot accounts end with [bot] suffix (e.g., renovate[bot], dependabot[bot], cnv-tests-github-webhook-dollierp[bot])
• The tspascoal/get-user-teams-membership@v3 action fails for ANY bot account because GraphQL's user(login:) query cannot resolve Bot nodes (only User nodes)
• Current implementation won't protect against other bots that may trigger PRs in the future

Recommendation: Use the more general solution from the PR objectives:

🤖 Proposed fix for comprehensive bot exclusion

-      !contains(github.event.pull_request.user.login, 'renovate') &&
-      !startsWith(github.event.pull_request.user.login, 'cnv-tests-github-webhook')
+      !endsWith(github.event.pull_request.user.login, '[bot]')

This single condition handles all bot accounts (including renovate[bot] and cnv-tests-github-webhook-*[bot]), making the workflow more maintainable and future-proof.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	!contains(github.event.pull_request.user.login, 'renovate') &&
	!startsWith(github.event.pull_request.user.login, 'cnv-tests-github-webhook')
	!endsWith(github.event.pull_request.user.login, '[bot]')

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/request-coderabbit-test-instructions.yml around lines 17 -
18, Replace the brittle startsWith('cnv-tests-github-webhook') check with a
general bot exclusion using the PR actor login: replace the current joint
condition that references github.event.pull_request.user.login (the
!contains(...,'renovate') && !startsWith(...,'cnv-tests-github-webhook') logic)
with a single check using !endsWith(github.event.pull_request.user.login,
'[bot]') so all bot accounts (e.g., renovate[bot], dependabot[bot],
cnv-tests-... [bot]) are excluded before calling
tspascoal/get-user-teams-membership@v3.