[chores] Added reusable active autoassign bots workflow and fixed exit codes

[Eeshu-Yadav]

This PR adds a reusable GitHub Actions workflow for the auto-assignment bots to reduce boilerplate code across OpenWISP repositories. It also includes fixes for the Python script return values so they exit successfully when skipping irrelevant events, avoiding false-positive CI failures.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Handlers in .github/actions/bot-autoassign (issue_assignment_bot.py, pr_reopen_bot.py, stale_pr_bot.py) were updated to return True in many early-return/no-op branches where they previously returned False; corresponding unit tests were updated to expect True. A reusable GitHub Actions workflow was added at .github/workflows/reusable-bot-autoassign.yml that generates a GitHub App token, checks out openwisp-utils, sets up Python, installs dependencies, and runs the bot CLI with BOT_COMMAND and optional GITHUB_EVENT_PATH. Documentation was updated to reference and demonstrate using the reusable workflow.

Sequence Diagram(s)

sequenceDiagram
  participant Workflow as GitHub Workflow
  participant TokenAction as actions/create-github-app-token
  participant Runner as GitHub Actions Runner
  participant Checkout as actions/checkout
  participant Python as actions/setup-python
  participant Bot as Bot CLI (openwisp-utils/.github/actions/bot-autoassign/__main__.py)
  participant GitHubAPI as GitHub API

  Workflow->>TokenAction: request app token (APP_ID, PRIVATE_KEY)
  TokenAction-->>Workflow: return TOKEN
  Runner->>Checkout: checkout openwisp-utils into subpath
  Runner->>Python: setup Python 3.13
  Runner->>Runner: pip install -e 'openwisp-utils/.[github_actions]'
  Runner->>Bot: run Bot CLI with BOT_COMMAND (and optional GITHUB_EVENT_PATH)
  Bot->>GitHubAPI: call API using TOKEN / GITHUB_TOKEN
  GitHubAPI-->>Bot: event handling responses
  Bot-->>Runner: exit status (handled / ok)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• [feature] Automate assigning/unassigning issues #571 #572 — Modifies the same bot handler modules and tests (.github/actions/bot-autoassign/*) with related return-value and test expectation updates.

🚥 Pre-merge checks | ✅ 1 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is concise but lacks the structured template sections including checklist completion, issue reference, and screenshots. Critical template sections are not addressed.	Complete the full PR description template with checklist items, issue reference, and any relevant screenshots; avoid unstructured summaries alone.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes: adding a reusable autoassign bots workflow and fixing exit codes to prevent false CI failures.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

The changes in this PR correctly fix a semantic issue where bot scripts were returning failure exit codes when they simply had nothing to do (e.g., comment on a PR instead of an issue, unsupported event type). Now True is returned for "successfully skipped" scenarios and False is reserved for actual errors.

The new reusable workflow (reusable-bot-autoassign.yml) is well-structured with proper secret handling and uses validated bot commands.

Files Reviewed (5 files)

• .github/actions/bot-autoassign/issue_assignment_bot.py - Return value fixes for skip conditions
• .github/actions/bot-autoassign/pr_reopen_bot.py - Return value fixes for skip conditions
• .github/actions/bot-autoassign/tests/test_issue_assignment_bot.py - Updated test assertions
• .github/actions/bot-autoassign/tests/test_pr_reopen_bot.py - Updated test assertions
• .github/workflows/reusable-bot-autoassign.yml - New reusable workflow (new file)

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/reusable-bot-autoassign.yml:
- Around line 48-51: The workflow currently passes the bot_command input
unquoted to the Python script; update both invocations in the
reusable-bot-autoassign.yml snippet to quote ${{ inputs.bot_command }} (e.g.,
use "${{ inputs.bot_command }}") so that the bot_command argument is passed
robustly even if it contains whitespace or special characters, keeping the
existing conditional that appends "$GITHUB_EVENT_PATH" intact.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4e565351-663d-4043-b38a-a25e2515a1b3

📥 Commits

Reviewing files that changed from the base of the PR and between 918944a and 42aae10.

📒 Files selected for processing (5)

• .github/actions/bot-autoassign/issue_assignment_bot.py
• .github/actions/bot-autoassign/pr_reopen_bot.py
• .github/actions/bot-autoassign/tests/test_issue_assignment_bot.py
• .github/actions/bot-autoassign/tests/test_pr_reopen_bot.py
• .github/workflows/reusable-bot-autoassign.yml

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: Python==3.12 | django~=4.2.0
• GitHub Check: Python==3.10 | django~=5.1.0
• GitHub Check: Python==3.12 | django~=5.0.0
• GitHub Check: Python==3.10 | django~=4.2.0
• GitHub Check: Python==3.10 | django~=5.0.0
• GitHub Check: Python==3.11 | django~=4.2.0
• GitHub Check: Python==3.10 | django~=5.2.0

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: nemesifier
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:22-24
Timestamp: 2026-03-05T14:23:55.528Z
Learning: In `.github/workflows/reusable-bot-changelog.yml`, the maintainer (nemesifier) has explicitly decided that `github.event.review.author_association == 'COLLABORATOR'` should be allowed (alongside `OWNER` and `MEMBER`) to trigger the changelog bot workflow. The rationale is that the workflow is non-destructive and only posts a PR comment — it cannot make code changes. Do not flag `COLLABORATOR` as a security issue for this workflow.

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:49-49
Timestamp: 2026-03-05T09:38:10.320Z
Learning: In openwisp-utils, PR title prefixes are strictly limited to `[feature]`, `[fix]`, and `[change]` (exact bracketed tags, no scoping/sub-types). The regex `^\[(feature|fix|change)\]` in `.github/workflows/reusable-bot-changelog.yml` is intentional and correct — scoped variants like `[feature/bots]` are not valid and should not be matched.

Learnt from: nemesifier
Repo: openwisp/openwisp-utils PR: 0
File: :0-0
Timestamp: 2026-03-05T20:55:29.968Z
Learning: For the openwisp/openwisp-utils repository (and the broader openwisp org), the maintainers have explicitly decided to use mutable version tags (e.g. `v2`, `v6`) for GitHub Actions and to use `ref: master` for internal script checkouts. Do NOT flag unpinned action versions or `master`/version-tag usage as security issues in any openwisp-utils workflow file. The maintainers are aware of the trade-offs and are intentionally fine with this approach.

📚 Learning: 2026-03-05T14:23:55.528Z

Learnt from: nemesifier
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:22-24
Timestamp: 2026-03-05T14:23:55.528Z
Learning: In `.github/workflows/reusable-bot-changelog.yml`, the maintainer (nemesifier) has explicitly decided that `github.event.review.author_association == 'COLLABORATOR'` should be allowed (alongside `OWNER` and `MEMBER`) to trigger the changelog bot workflow. The rationale is that the workflow is non-destructive and only posts a PR comment — it cannot make code changes. Do not flag `COLLABORATOR` as a security issue for this workflow.

Applied to files:

• .github/workflows/reusable-bot-autoassign.yml
• .github/actions/bot-autoassign/pr_reopen_bot.py

📚 Learning: 2026-03-05T09:38:10.320Z

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:49-49
Timestamp: 2026-03-05T09:38:10.320Z
Learning: In openwisp-utils, PR title prefixes are strictly limited to `[feature]`, `[fix]`, and `[change]` (exact bracketed tags, no scoping/sub-types). The regex `^\[(feature|fix|change)\]` in `.github/workflows/reusable-bot-changelog.yml` is intentional and correct — scoped variants like `[feature/bots]` are not valid and should not be matched.

Applied to files:

• .github/actions/bot-autoassign/pr_reopen_bot.py

🔇 Additional comments (5)

.github/actions/bot-autoassign/pr_reopen_bot.py (1)

92-92: LGTM! Return value semantics correctly updated for skip paths.

The change from return False to return True for non-critical skip scenarios (unsupported events, comments on issues vs PRs, non-author comments, non-stale PRs) aligns with the PR objective. These paths represent successful "no-op" handling rather than errors, so returning True (exit code 0) prevents false-positive CI failures.

The error paths (missing payload, exceptions, missing required data) still correctly return False.

Also applies to: 116-116, 120-120, 124-124, 172-172

.github/actions/bot-autoassign/issue_assignment_bot.py (1)

276-276: LGTM! Consistent return value semantics for non-error skip paths.

The updated return values correctly distinguish between:

• True: Event was processed or intentionally skipped (comment on PR, no assignment request, unsupported action/event)
• False: Actual errors (missing payload, exceptions, missing required data)

This prevents CI failures when the bot encounters events it doesn't need to act on, which is the intended behavior per the PR objectives.

Also applies to: 288-288, 314-314, 331-331

.github/actions/bot-autoassign/tests/test_pr_reopen_bot.py (1)

108-112: LGTM! Test expectations correctly updated to match implementation.

The test assertions properly reflect the new return value semantics:

• Unsupported events and non-critical skip paths now expect True
• Error conditions (e.g., test_handle_contributor_activity_no_payload at line 197) still correctly expect False

This ensures the tests validate the intended behavior where skipping irrelevant events is a success, not a failure.

Also applies to: 147-163, 165-180, 182-193, 199-202

.github/actions/bot-autoassign/tests/test_issue_assignment_bot.py (1)

278-294: LGTM! Test expectations correctly aligned with implementation changes.

The test updates properly validate:

• Skip paths (test_skip_pr_comment, test_non_assignment_comment, test_unsupported_action, test_unsupported_event) now expect True
• Error paths (test_no_payload, test_no_github_client) still correctly expect False

This maintains proper test coverage for both success and failure scenarios.

Also applies to: 296-307, 376-388, 431-434

.github/workflows/reusable-bot-autoassign.yml (1)

1-52: LGTM! Well-structured reusable workflow.

The workflow correctly:

• Generates a GitHub App token for authentication
• Checks out openwisp-utils and sets up Python 3.13
• Installs dependencies via the [github_actions] extras
• Conditionally passes GITHUB_EVENT_PATH when available
• Provides the required environment variables (GITHUB_TOKEN, REPOSITORY, GITHUB_EVENT_NAME) that match what GitHubBot base class expects

The invocation pattern matches the existing bot-autoassign-issue.yml workflow, ensuring compatibility. Based on learnings, the use of mutable version tags (v2, v6) and ref: master is intentional and acceptable for this repository.

[Copilot]

Pull request overview

This PR introduces a reusable GitHub Actions workflow (reusable-bot-autoassign.yml) that other OpenWISP repositories can call via workflow_call to run the auto-assignment bots, avoiding duplication of the full bot workflow boilerplate across repos. It also fixes the Python bot scripts to return True (exit 0) instead of False (exit 1) when skipping irrelevant or inapplicable events, preventing false-positive CI failures.

Changes:

• Added a new reusable workflow (reusable-bot-autoassign.yml) that checks out openwisp-utils and runs any bot command via workflow_call.
• Fixed return values in issue_assignment_bot.py and pr_reopen_bot.py so that "skip" conditions (unsupported events, non-applicable payloads) return True instead of False.
• Updated test assertions in test_issue_assignment_bot.py and test_pr_reopen_bot.py to reflect the corrected return semantics.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.github/workflows/reusable-bot-autoassign.yml	New reusable workflow for running bot scripts in other repos
.github/actions/bot-autoassign/issue_assignment_bot.py	Fixed skip-case return values from False to True
.github/actions/bot-autoassign/pr_reopen_bot.py	Fixed skip-case return values from False to True
.github/actions/bot-autoassign/tests/test_issue_assignment_bot.py	Updated test assertions to match corrected return semantics
.github/actions/bot-autoassign/tests/test_pr_reopen_bot.py	Updated test assertions to match corrected return semantics

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[coveralls]

coverage: 97.348%. remained the same
when pulling fdaa739 on Eeshu-Yadav:feature/reusable-autoassign-workflow
into 5906760 on openwisp:master.

[nemesifier]

@Eeshu-Yadav can you please update the bot testin ground accordingly so we can test this there before merging?

What about the worfklows added before? And what about the docs? Does the docs need to be updated?

[openwisp-companion]

### ReStructuredText Formatting Failure

Hello @Eeshu-Yadav,
*(Analysis for commit 836205d)*

**Explanation:**
The CI pipeline failed because the ReStructuredText formatting check failed. Specifically, the file `/home/runner/work/openwisp-utils/openwisp-utils/docs/developer/reusable-github-utils.rst` could not be reformatted by the `docstrfmt` tool, indicating a formatting issue within that file. This check is part of the `run-qa-checks` script.

**Remediation:**
To fix this, you need to reformat the `docs/developer/reusable-github-utils.rst` file. You can do this by running the `openwisp-qa-format` command locally. This command will attempt to automatically fix the formatting issues.

If the automatic formatting does not resolve the issue, you may need to manually inspect and correct the formatting in `docs/developer/reusable-github-utils.rst` according to ReStructuredText conventions.

```bash
openwisp-qa-format
```

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/developer/reusable-github-utils.rst`:
- Around line 89-98: The reusable workflow incorrectly maps inputs.bot_command
to BOT_TOKEN and never sets BOT_COMMAND, so downstream examples passing
bot_command fail; update reusable-bot-autoassign.yml to set the environment
variables correctly by assigning BOT_COMMAND: ${{ inputs.bot_command }} (and
ensure BOT_TOKEN is assigned from the appropriate input, e.g., BOT_TOKEN: ${{
inputs.bot_token }}), and keep invoking the script with __main__.py
"$BOT_COMMAND" (or pass the input as an argument) so the script receives the
command under the name it expects.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a5ae685e-7d49-4cd6-9d22-610630ee3ac2

📥 Commits

Reviewing files that changed from the base of the PR and between 836205d and a483dbe.

📒 Files selected for processing (1)

• docs/developer/reusable-github-utils.rst

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: Python==3.13 | django~=5.2.0
• GitHub Check: Python==3.11 | django~=5.1.0
• GitHub Check: Python==3.12 | django~=4.2.0
• GitHub Check: Python==3.10 | django~=5.2.0
• GitHub Check: Python==3.11 | django~=5.2.0
• GitHub Check: Python==3.12 | django~=5.1.0
• GitHub Check: Python==3.12 | django~=5.2.0
• GitHub Check: Python==3.12 | django~=5.0.0
• GitHub Check: Python==3.10 | django~=5.0.0
• GitHub Check: Python==3.13 | django~=5.1.0
• GitHub Check: Python==3.10 | django~=5.1.0
• GitHub Check: Python==3.10 | django~=4.2.0
• GitHub Check: Python==3.11 | django~=4.2.0
• GitHub Check: Python==3.11 | django~=5.0.0

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:49-49
Timestamp: 2026-03-05T09:38:10.320Z
Learning: In openwisp-utils, PR title prefixes are strictly limited to `[feature]`, `[fix]`, and `[change]` (exact bracketed tags, no scoping/sub-types). The regex `^\[(feature|fix|change)\]` in `.github/workflows/reusable-bot-changelog.yml` is intentional and correct — scoped variants like `[feature/bots]` are not valid and should not be matched.

Learnt from: nemesifier
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:22-24
Timestamp: 2026-03-05T14:23:55.528Z
Learning: In `.github/workflows/reusable-bot-changelog.yml`, the maintainer (nemesifier) has explicitly decided that `github.event.review.author_association == 'COLLABORATOR'` should be allowed (alongside `OWNER` and `MEMBER`) to trigger the changelog bot workflow. The rationale is that the workflow is non-destructive and only posts a PR comment — it cannot make code changes. Do not flag `COLLABORATOR` as a security issue for this workflow.

📚 Learning: 2026-03-05T14:23:55.528Z

Learnt from: nemesifier
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:22-24
Timestamp: 2026-03-05T14:23:55.528Z
Learning: In `.github/workflows/reusable-bot-changelog.yml`, the maintainer (nemesifier) has explicitly decided that `github.event.review.author_association == 'COLLABORATOR'` should be allowed (alongside `OWNER` and `MEMBER`) to trigger the changelog bot workflow. The rationale is that the workflow is non-destructive and only posts a PR comment — it cannot make code changes. Do not flag `COLLABORATOR` as a security issue for this workflow.

Applied to files:

• docs/developer/reusable-github-utils.rst

📚 Learning: 2026-03-05T09:38:10.320Z

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:49-49
Timestamp: 2026-03-05T09:38:10.320Z
Learning: In openwisp-utils, PR title prefixes are strictly limited to `[feature]`, `[fix]`, and `[change]` (exact bracketed tags, no scoping/sub-types). The regex `^\[(feature|fix|change)\]` in `.github/workflows/reusable-bot-changelog.yml` is intentional and correct — scoped variants like `[feature/bots]` are not valid and should not be matched.

Applied to files:

• docs/developer/reusable-github-utils.rst

🔇 Additional comments (1)

docs/developer/reusable-github-utils.rst (1)

118-123: This follows the project maintainers' explicit approach for openwisp-utils.

While GitHub best practices recommend pinning to immutable refs (commit SHAs) for production stability, the openwisp-utils maintainers have explicitly decided to use @master and mutable version tags for their workflows, and have documented awareness of the trade-offs. This approach is intentional for the project.

			> Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/actions/bot-autoassign/issue_assignment_bot.py:
- Around line 289-291: The three broad except Exception as e blocks that
currently just print messages like "Error handling issue comment: {e}" and then
return True should be changed to not mask real failures: for unexpected
exceptions either re-raise the exception or return False so the workflow fails
(and include the full traceback via logging.exception or similar), while keeping
intentional skips returning True where the code explicitly detects
non-assignment/unsupported events; update the except blocks (the ones that print
"Error handling issue comment: {e}" and the two other similar exception
handlers) to differentiate expected skips vs unexpected errors, log full error
details, and adjust the return value accordingly (or add a clear comment
documenting why an exception would be swallowed if you choose to preserve the
current behavior).

In @.github/actions/bot-autoassign/pr_reopen_bot.py:
- Around line 101-104: The method handle_contributor_activity currently returns
True when self.event_payload is missing, which is inconsistent with
handle_pr_reopen (which returns False); change handle_contributor_activity to
return False in the empty-payload branch so both methods treat a missing
event_payload the same way (i.e., treat it as an unexpected error case), keeping
the check on self.event_payload and the print("No event payload available")
intact.

In @.github/actions/bot-autoassign/stale_pr_bot.py:
- Around line 321-324: The check in process_stale_prs currently prints "GitHub
repository not initialized" and returns True, which is inconsistent with run()'s
behavior for initialization failures; change process_stale_prs (method name) to
return False when self.repo is not set so it signals failure like run() does,
keeping the existing print/log message unchanged.

In @.github/actions/bot-autoassign/tests/test_pr_reopen_bot.py:
- Around line 195-197: The test shows handle_contributor_activity() returns True
when called with no payload but handle_pr_reopen() returns False for missing
payload; either add a brief inline comment in the PRActivityBot class explaining
why handle_contributor_activity is intentionally permissive, referencing the
method name handle_contributor_activity to justify this behavior, or change the
implementation of handle_contributor_activity to mirror handle_pr_reopen's
behavior (return False on missing payload) and update the test accordingly;
ensure you modify the method body (and its test) or add the explanatory comment
near the handle_contributor_activity definition so future readers understand the
discrepancy.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: df45aca3-0767-46d2-9397-0c3b7c9fb48c

📥 Commits

Reviewing files that changed from the base of the PR and between a483dbe and 46f5bad.

📒 Files selected for processing (5)

• .github/actions/bot-autoassign/issue_assignment_bot.py
• .github/actions/bot-autoassign/pr_reopen_bot.py
• .github/actions/bot-autoassign/stale_pr_bot.py
• .github/actions/bot-autoassign/tests/test_pr_reopen_bot.py
• .github/actions/bot-autoassign/tests/test_stale_pr_bot.py

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: Python==3.13 | django~=5.1.0
• GitHub Check: Python==3.10 | django~=5.0.0
• GitHub Check: Python==3.11 | django~=5.1.0
• GitHub Check: Python==3.12 | django~=5.2.0
• GitHub Check: Python==3.13 | django~=5.2.0
• GitHub Check: Python==3.12 | django~=5.1.0
• GitHub Check: Python==3.12 | django~=4.2.0
• GitHub Check: Python==3.11 | django~=4.2.0
• GitHub Check: Python==3.11 | django~=5.2.0
• GitHub Check: Python==3.11 | django~=5.0.0
• GitHub Check: Python==3.10 | django~=5.2.0
• GitHub Check: Python==3.12 | django~=5.0.0
• GitHub Check: Python==3.10 | django~=5.1.0
• GitHub Check: Python==3.10 | django~=4.2.0

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:49-49
Timestamp: 2026-03-05T09:38:10.320Z
Learning: In openwisp-utils, PR title prefixes are strictly limited to `[feature]`, `[fix]`, and `[change]` (exact bracketed tags, no scoping/sub-types). The regex `^\[(feature|fix|change)\]` in `.github/workflows/reusable-bot-changelog.yml` is intentional and correct — scoped variants like `[feature/bots]` are not valid and should not be matched.

Learnt from: nemesifier
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:22-24
Timestamp: 2026-03-05T14:23:55.528Z
Learning: In `.github/workflows/reusable-bot-changelog.yml`, the maintainer (nemesifier) has explicitly decided that `github.event.review.author_association == 'COLLABORATOR'` should be allowed (alongside `OWNER` and `MEMBER`) to trigger the changelog bot workflow. The rationale is that the workflow is non-destructive and only posts a PR comment — it cannot make code changes. Do not flag `COLLABORATOR` as a security issue for this workflow.

📚 Learning: 2026-03-05T09:59:22.581Z

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/actions/bot-changelog-generator/generate_changelog.py:356-364
Timestamp: 2026-03-05T09:59:22.581Z
Learning: In `.github/actions/bot-changelog-generator/generate_changelog.py`, the `validate_changelog_output` function's purpose is to act as an output safety filter — ensuring no sensitive information or arbitrary LLM-generated text gets posted as a PR comment. It checks that the output starts with a valid tag ([feature]/[fix]/[change]) and contains a correctly structured PR reference pattern. It is NOT intended to strictly validate that the referenced PR number/URL matches the current PR.

Applied to files:

• .github/actions/bot-autoassign/stale_pr_bot.py

🔇 Additional comments (5)

.github/actions/bot-autoassign/issue_assignment_bot.py (1)

329-334: LGTM for unsupported event handling.

Returning True for unsupported event types correctly signals that the bot handled the situation (by intentionally skipping) rather than failing. This prevents false-positive CI failures when the workflow is triggered by events the bot doesn't handle.

.github/actions/bot-autoassign/stale_pr_bot.py (1)

144-147: LGTM for already-closed PR handling.

Returning True when the PR is already closed is correct - this is an expected condition, not an error.

.github/actions/bot-autoassign/pr_reopen_bot.py (1)

114-124: LGTM for early-exit skip conditions.

Returning True for these conditions is appropriate:

• Comment is on an issue, not a PR (line 116)
• Comment not from PR author (line 120)
• PR is not stale (line 124)

These are "not my job" conditions where the bot correctly identifies the event doesn't require action.

.github/actions/bot-autoassign/tests/test_pr_reopen_bot.py (1)

108-111: LGTM for unsupported event test updates.

Both test_run_unsupported_event tests correctly expect True, matching the updated behavior where unsupported events are treated as handled (skip) rather than errors.

Also applies to: 199-202

.github/actions/bot-autoassign/tests/test_stale_pr_bot.py (1)

230-236: LGTM for already-closed PR test update.

The test correctly expects True when attempting to close an already-closed PR, matching the updated implementation. The assertions that create_issue_comment and edit are not called remain correct - the bot properly skips redundant actions.

[Eeshu-Yadav]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[openwisp-companion]

Selenium Test Failure

Hello @Eeshu-Yadav,
(Analysis for commit 984dcd6)

There is one test failure in the CI logs:

1. Test Failure: The test_input_filters test in test_project.tests.test_selenium.TestInputFilters failed with an InvalidSessionIdException.

   • Explanation: This exception typically occurs when Selenium tries to interact with a browser session that has already been closed or invalidated. In this specific case, the traceback indicates the failure happened during the self.login() call within the test, which is trying to navigate to the admin login page. This suggests that the browser session might have been terminated prematurely or an issue occurred during the login process, leading to an invalid session ID when subsequent actions were attempted. The test retries also failed, indicating a persistent issue rather than a transient one.

   • Remediation: To fix this, investigate the login() method in openwisp_utils/tests/selenium.py and the test_input_filters method in tests/test_project/tests/test_selenium.py. Ensure that the browser session remains active and valid throughout the test execution. Check for any potential race conditions or unexpected browser closures that might be happening before or during the login process. Debugging the login() method to ensure it correctly establishes and maintains a valid session would be the first step.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/actions/bot-autoassign/issue_assignment_bot.py:
- Around line 282-284: The current checks that print "Missing required comment
data" and return True silently treat malformed event payloads as success; change
these to treat missing required fields as failures by returning False (or
raising an error) instead of True. Specifically update the branch that checks
comment_body, commenter, issue_number to return False when any are missing, and
similarly update the branch checking pr_number and pr_author (the other block
noted) to return False; locate these checks by the variable names comment_body,
commenter, issue_number, pr_number, and pr_author and adjust the return value so
malformed payloads do not exit 0.

In @.github/actions/bot-autoassign/pr_reopen_bot.py:
- Around line 70-72: The branch that checks required payload fields uses `if not
all([pr_number, pr_author]):` but returns True (treating it as a skip); change
it to return False so missing PR/comment fields are treated as failures. Update
the `process`/handler function where `pr_number` and `pr_author` are validated
to log the missing-data case and return False instead of True, and make the same
change for the analogous check around the other occurrence (the block referenced
at lines 111-113) to ensure both validation failures return False rather than
True.

In @.github/actions/bot-autoassign/stale_pr_bot.py:
- Around line 149-151: The current checks that set pr_author = pr.user.login if
pr.user else None and then return True when missing cause PRs with no author to
be treated as successfully processed; change those branches in
send_stale_warning, mark_pr_stale, and close_stale_pr so they do not return True
for missing authors — either (A) return False so process_stale_prs knows the PR
was not handled, or preferably (B) continue processing using a generic
salutation (e.g., set pr_author to "there" or "maintainer") and proceed with the
warning/unassign/close logic; update the pr_author assignment sites (where
pr.user is checked) to implement one of these fixes consistently and ensure
process_stale_prs receives a proper success/failure result.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7e0110ea-60fd-40d1-83e3-6e80480fbac9

📥 Commits

Reviewing files that changed from the base of the PR and between 46f5bad and 984dcd6.

📒 Files selected for processing (8)

• .github/actions/bot-autoassign/issue_assignment_bot.py
• .github/actions/bot-autoassign/pr_reopen_bot.py
• .github/actions/bot-autoassign/stale_pr_bot.py
• .github/actions/bot-autoassign/tests/test_issue_assignment_bot.py
• .github/actions/bot-autoassign/tests/test_pr_reopen_bot.py
• .github/actions/bot-autoassign/tests/test_stale_pr_bot.py
• .github/workflows/reusable-bot-autoassign.yml
• docs/developer/reusable-github-utils.rst

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Python==3.12 | django~=5.1.0
• GitHub Check: Python==3.10 | django~=5.2.0

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: nemesifier
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:22-24
Timestamp: 2026-03-05T14:23:55.528Z
Learning: In `.github/workflows/reusable-bot-changelog.yml`, the maintainer (nemesifier) has explicitly decided that `github.event.review.author_association == 'COLLABORATOR'` should be allowed (alongside `OWNER` and `MEMBER`) to trigger the changelog bot workflow. The rationale is that the workflow is non-destructive and only posts a PR comment — it cannot make code changes. Do not flag `COLLABORATOR` as a security issue for this workflow.

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:49-49
Timestamp: 2026-03-05T09:38:10.320Z
Learning: In openwisp-utils, PR title prefixes are strictly limited to `[feature]`, `[fix]`, and `[change]` (exact bracketed tags, no scoping/sub-types). The regex `^\[(feature|fix|change)\]` in `.github/workflows/reusable-bot-changelog.yml` is intentional and correct — scoped variants like `[feature/bots]` are not valid and should not be matched.

📚 Learning: 2026-03-05T09:38:10.320Z

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:49-49
Timestamp: 2026-03-05T09:38:10.320Z
Learning: In openwisp-utils, PR title prefixes are strictly limited to `[feature]`, `[fix]`, and `[change]` (exact bracketed tags, no scoping/sub-types). The regex `^\[(feature|fix|change)\]` in `.github/workflows/reusable-bot-changelog.yml` is intentional and correct — scoped variants like `[feature/bots]` are not valid and should not be matched.

Applied to files:

• .github/actions/bot-autoassign/tests/test_pr_reopen_bot.py
• docs/developer/reusable-github-utils.rst
• .github/workflows/reusable-bot-autoassign.yml

📚 Learning: 2026-03-05T14:23:55.528Z

Learnt from: nemesifier
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:22-24
Timestamp: 2026-03-05T14:23:55.528Z
Learning: In `.github/workflows/reusable-bot-changelog.yml`, the maintainer (nemesifier) has explicitly decided that `github.event.review.author_association == 'COLLABORATOR'` should be allowed (alongside `OWNER` and `MEMBER`) to trigger the changelog bot workflow. The rationale is that the workflow is non-destructive and only posts a PR comment — it cannot make code changes. Do not flag `COLLABORATOR` as a security issue for this workflow.

Applied to files:

• docs/developer/reusable-github-utils.rst
• .github/workflows/reusable-bot-autoassign.yml

🔇 Additional comments (1)

.github/workflows/reusable-bot-autoassign.yml (1)

27-32: The current approach is intentional per project guidelines.

The maintainers of openwisp-utils have explicitly decided to use ref: master for internal script checkouts in workflow files. This is an intentional design choice, and the trade-offs are understood and accepted.

			> Likely an incorrect or invalid review comment.

[Eeshu-Yadav]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[Eeshu-Yadav]

@Eeshu-Yadav can you please update the bot testin ground accordingly so we can test this there before merging?

What about the worfklows added before? And what about the docs? Does the docs need to be updated?

previously i was using the workflows that has minimal code as per my knowledge but still there is part still left that can be put in a separate file that has reduced more , sorry i doesn't think in that way . updated on the testing ground , updated the docs

[nemesifier]

There's a number of binary file added like openwisp_utils_tests_1.db-journal which look like they shouldn't be here. Can you please link one or more examples of testing for these changes in the bot-testing-ground repo?

[Eeshu-Yadav]

There's a number of binary file added like openwisp_utils_tests_1.db-journal which look like they shouldn't be here. Can you please link one or more examples of testing for these changes in the bot-testing-ground repo?

removed that , yes adding the examples for these changes

[nemesifier]

Merged manually in #623, thanks @Eeshu-Yadav 👏

Let's move forward to enable this in other repos!

[Eeshu-Yadav]

Merged manually in #623, thanks @Eeshu-Yadav 👏

Let's move forward to enable this in other repos!

yaa enabling in the other repos