Skip to content

fix(ci): allow bot actors in claude-code-action PR review#32

Merged
citron (lcandy2) merged 1 commit into
mainfrom
cursor/fix-review-allowed-bots
May 31, 2026
Merged

fix(ci): allow bot actors in claude-code-action PR review#32
citron (lcandy2) merged 1 commit into
mainfrom
cursor/fix-review-allowed-bots

Conversation

@lcandy2

@lcandy2 citron (lcandy2) commented May 31, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Member

Why

PR #31 (feat: sync CLI with dashboard@v1.0.3, opened by cursor[bot]) triggered the review workflow, but claude-code-action@v1 failed with:

Action failed with error: Workflow initiated by non-human actor: cursor (type: Bot). Add bot to allowed_bots list or use '*' to allow all bots.

Every genuine agent-flow event is bot-initiated:

  • Scenario A/C: cursor[bot] opens / pushes the sync PR
  • Scenario B: coderabbitai[bot] / copilot-pull-request-reviewer[bot] post reviews

So the review step has effectively never run on a real agent PR. The earlier "successful" run on #26 only passed because a human (lcandy2) pushed that commit, which sidestepped the action's bot guard.

Fix

Add allowed_bots: "*" to the claude-code-action step. The job-level if: already restricts which actors/events reach the action (only cursor[bot], coderabbitai[bot], copilot-pull-request-reviewer[bot]), so "*" here just removes the redundant second gate rather than widening exposure.

After merge

Re-trigger review on PR #31 to confirm Scenario A runs end-to-end.

Made with Cursor

View with Codesmith Autofix with Codesmith
Need help on this PR? Tag @codesmith with what you need. Autofix is disabled.

Summary by CodeRabbit

  • Chores
    • Updated GitHub workflow configuration for pull request review automation to expand bot actor permissions.

@lcandy2
fix(ci): allow bot actors in claude-code-action (review never ran on …
f01674e 
…real agent PRs)

claude-code-action@v1 refuses bot-initiated workflows by default:
"Workflow initiated by non-human actor: cursor (type: Bot)."

Every genuine agent-flow event is bot-initiated — cursor[bot] opens/
pushes the sync PR, coderabbitai[bot]/copilot post reviews — so the
review step failed on PR #31 (and would on every future sync PR). The
earlier "successful" run on PR #26 only passed because a human pushed
that commit, masking the gap.

The job-level `if:` already restricts which bots/events reach the
action, so `allowed_bots: "*"` is safe and avoids double-gating.
Copilot AI review requested due to automatic review settings May 31, 2026 15:06
@coderabbitai

coderabbitai Bot commented May 31, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c13d7dc5-e7b0-4a2e-a9fe-6c35cd2b7a1e

📥 Commits

Reviewing files that changed from the base of the PR and between f20fd97 and f01674e.

📒 Files selected for processing (1)
  • .github/workflows/cli-pr-review.yml
📝 Walkthrough

Walkthrough

The PR modifies the Claude code review workflow step in .github/workflows/cli-pr-review.yml to permit all bot actors via allowed_bots: "*" configuration. Job-level conditional gating remains the execution boundary. No other workflow logic, triggers, or prompts are changed.

Changes

Workflow Action Configuration

Layer / File(s) Summary
Claude action bot allowlist update
.github/workflows/cli-pr-review.yml		 The anthropics/claude-code-action@v1 step now includes allowed_bots: "*" with comments explaining that job-level if: conditions continue to gate execution, and this setting removes the action's default bot actor restrictions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A rabbit hops through workflows bright,
Flipping bot gates left and right,
"Asterisks for all," we say,
While job-level guards keep strays at bay! 🐰✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description does not follow the required template structure, which expects upstream version, routes, snapshots, and dependencies sections. Align the description with the repository template by including the standard sections (Upstream version, Routes, Snapshot changes, New runtime dependencies, Checklist) even if some are marked as (none).
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: allowing bot actors in the claude-code-action workflow by adding allowed_bots configuration.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch cursor/fix-review-allowed-bots

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI reviewed May 31, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@lcandy2 citron (lcandy2) merged commit ae27fa2 into main May 31, 2026
9 of 10 checks passed
@lcandy2 citron (lcandy2) deleted the cursor/fix-review-allowed-bots branch May 31, 2026 15:09
@lcandy2 citron (lcandy2) mentioned this pull request May 31, 2026
Merged
citron (lcandy2) added a commit that referenced this pull request May 31, 2026
@lcandy2
fix(ci): only run Scenario B on cursor[bot] PRs, not every human PR (#33
1c7ebbf 
)

The issue_comment branch of the review trigger matched ANY PR that got a
coderabbitai/copilot comment — it never checked the PR author. Combined
with the just-merged `allowed_bots: "*"`, a CodeRabbit comment on a
human-authored PR (e.g. infra PR #32) would now spin up the review agent
to "address bot feedback" on a PR that isn't part of the agent flow.

Add `github.event.issue.user.login == 'cursor[bot]'` so Scenario B only
fires on agent-generated PRs, matching the pull_request_review branch
which already scopes to cursor[bot] authors.
This was referenced May 31, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lcandy2