Fix review agent duplicate replies by adding github-actions to BOT_ACCOUNTS

[bryan-cox]

Summary

• Add github-actions and github-actions[bot] to BOT_ACCOUNTS in the periodic review agent's comment analyzer

The periodic review agent was not recognizing github-actions as a bot account. When the GHA workflow (which posts as github-actions) replied to a review thread, the periodic job's dedup logic saw it as new human activity and re-processed the thread every ~3 hours. This produced 102+ duplicate bot replies on openshift/hypershift#8535 alone, with one thread accumulating 28 identical "Done." responses over 16 days.

Root Cause

The comment analyzer at line 376-412 classifies each comment as either last_our_bot or last_actionable. A thread is flagged for re-processing if last_actionable["createdAt"] > last_our_bot["createdAt"]. Since github-actions wasn't in BOT_ACCOUNTS, its replies were classified as last_actionable, permanently newer than any last_our_bot reply, causing infinite re-processing.

Test plan

• Verified github-actions and github-actions[bot] are now in BOT_ACCOUNTS
• Monitor next periodic job run to confirm threads with existing github-actions replies are no longer re-processed
• Verify openshift/hypershift#8535 stops accumulating duplicate replies

🤖 Generated with Claude Code

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/step-registry/hypershift/review-agent/process/OWNERS [bryan-cox]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

Two entries, github-actions and github-actions[bot], are added to the BOT_ACCOUNTS constant inside the embedded comment_analyzer.py within the hypershift review-agent process shell script.

Bot Account Recognition

Layer / File(s)	Summary
Add github-actions entries to BOT_ACCOUNTS ci-operator/step-registry/hypershift/review-agent/process/hypershift-review-agent-process-commands.sh	github-actions and github-actions[bot] are appended to the BOT_ACCOUNTS list so the comment analyzer treats comments from these accounts as bot-authored.

🎯 1 (Trivial) | ⏱️ ~2 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error)

Check name	Status	Explanation	Resolution
No-Sensitive-Data-In-Logs	❌ Error	The PR introduces lines 819 and 838 with git config commands that embed GitHub API tokens in credential.helper functions containing echo password=${GITHUB_TOKEN_FORK}, exposing tokens in logs.	Replace credential.helper with credential.useHttpPath=true or use git's GIT_ASKPASS environment variable instead of embedding tokens in shell functions.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and specifically describes the main change: adding github-actions to BOT_ACCOUNTS to fix duplicate bot replies, which is the primary objective of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The PR modifies only a shell script (hypershift-review-agent-process-commands.sh) containing embedded Python code for comment analysis. It adds github-actions accounts to BOT_ACCOUNTS—not Ginkgo te...
Test Structure And Quality	✅ Passed	PR contains no Ginkgo test code. The custom check for "Test Structure and Quality" applies to Ginkgo tests, which are not present in this Python comment analyzer fix. Check is not applicable.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. The change is to a Python script embedded in a bash script for the review agent, modifying the BOT_ACCOUNTS list. The check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add any Ginkgo e2e tests. It only modifies a bash shell script with an embedded Python comment analyzer to add bot accounts to BOT_ACCOUNTS list. The SNO compatibility check is not...
Topology-Aware Scheduling Compatibility	✅ Passed	This PR modifies only a bash/Python comment analyzer script for bot account identification. No deployment manifests, operator code, controllers, or any Kubernetes scheduling constraints are introdu...
Ote Binary Stdout Contract	✅ Passed	OTE Binary Stdout Contract check is inapplicable; this PR modifies a CI pipeline utility script, not an OpenShift Tests Extension test binary. The change only updates a Python constant list with bo...
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR does not add any Ginkgo e2e tests. It modifies a shell script containing an embedded Python comment analyzer to add bot accounts to BOT_ACCOUNTS. The custom check for IPv6/disconnected netw...
No-Weak-Crypto	✅ Passed	PR contains only a configuration data update to BOT_ACCOUNTS list. No weak cryptography, custom crypto implementations, or timing-attack vulnerabilities detected in the modified code.
Container-Privileges	✅ Passed	PR modifies a shell script with embedded Python, not container/K8s manifests. No privileged, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalation, or root escalation settings found.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@bryan-cox: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-hypershift-main-address-review-comments	openshift/hypershift	presubmit	Registry content changed
pull-ci-openshift-hypershift-release-5.1-address-review-comments	openshift/hypershift	presubmit	Registry content changed
pull-ci-openshift-hypershift-release-5.0-address-review-comments	openshift/hypershift	presubmit	Registry content changed
pull-ci-openshift-hypershift-release-4.23-address-review-comments	openshift/hypershift	presubmit	Registry content changed
pull-ci-openshift-hypershift-release-4.22-address-review-comments	openshift/hypershift	presubmit	Registry content changed
periodic-ci-openshift-hypershift-main-periodic-review-agent	N/A	periodic	Registry content changed
periodic-ci-openshift-hypershift-release-4.22-periodic-review-agent	N/A	periodic	Registry content changed

Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@bryan-cox: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.