fix: use get_app().slug for app_bot_login instead of get_user().login#1114
Conversation
Code Review by Qodo
Context used 1.
|
|
Report bugs in Issues Welcome! 🎉This pull request will be automatically processed with the following features: 🔄 Automatic Actions
📋 Available CommandsPR Status Management
Review & Approval
Testing & Validation
Container Operations
Cherry-pick Operations
Branch Management
Label Management
✅ Merge RequirementsThis PR will be automatically approved when the following conditions are met:
📊 Review ProcessApprovers and ReviewersApprovers:
Reviewers:
Available Labels
AI Features
Security Checks
💡 Tips
For more information, please refer to the project documentation or contact the maintainers. |
PR Summary by QodoFix app bot login detection using GitHub App slug (avoid get_user() 403) WalkthroughsDescription• Fix app_bot_login initialization for GitHub App installation tokens (avoid 403 from get_user()).
• Derive bot login from get_app().slug using the stable {slug}[bot] format.
• Restore reliable bot-owned PR detection for webhook-driven operations (rebase/cherry-pick retry).
Diagramgraph TD
A["Webhook processor"] --> B["GitHub App API client"] --> C{{"GitHub REST API"}} --> D["App metadata (slug)"] --> E["app_bot_login: {slug}[bot]"]
High-Level AssessmentThe following are alternative approaches to this PR: 1. Make bot login configurable (env/setting)
2. Attempt get_user() then fall back to get_app()
Recommendation: Keep the PR’s approach: using get_app() is the correct endpoint for GitHub App installation tokens, and deriving File ChangesBug fix (1)
|
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
|
Code review by qodo was updated up to the latest commit a5fb576 |
|
/build-and-push-container |
|
New container for ghcr.io/myk-org/github-webhook-server:pr-1114 published |
|
Code review by qodo was updated up to the latest commit a203182 |
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
|
Code review by qodo was updated up to the latest commit 0a38fb1 |
|
Code review by qodo was updated up to the latest commit 6e2bd74 |
Thanks — those review comments are addressed.
From the current findings index, the remaining active items are |
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
|
@qodo-code-review re-review |
Looks good — adding No further action needed from my side. |
Re-review looks good overall: the Still open
If you want, I can also give a deeper pass on those remaining items or help draft fixes. |
|
Code review by qodo was updated up to the latest commit f7d6a0a |
…okup _create_github_integration() now accepts optional github_app_id parameter. get_github_app_slug() passes the pre-fetched ID to avoid calling config_.get_value() twice. Assisted-by: Claude <noreply@anthropic.com> Signed-off-by: rnetser <rnetser@redhat.com>
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
|
@qodo-code-review re-review |
Thanks — those comments look resolved.
So the remaining open items are just the active findings not mentioned here: |
I re-checked the PR. Most of the earlier findings now look addressed, but there are still 3 active items worth attention:
So overall: the PR is close, but I’d want those three resolved before calling it clean. |
|
Code review by qodo was updated up to the latest commit 79a9bdc |
|
/build-and-push-container |
|
New container for ghcr.io/myk-org/github-webhook-server:pr-1114 published |
|
/verified |
All 3 findings are already addressed:
|
|
Successfully removed PR tag: ghcr.io/myk-org/github-webhook-server:pr-1114. |
Problem
app_bot_logininitialization fails on every webhook with a 403 error:get_user()always returns 403 for GitHub App installation tokens — this is a GitHub platform limitation, not a permissions issue.Impact
Without
app_bot_login, the server cannot identify its own PRs:Fix
Replace
get_user().loginwithget_app()+f"{slug}[bot]". Theget_app()endpoint is designed for app tokens and returns app metadata includingslug. The bot login format is always{slug}[bot].Closes #1113
Generated-by: Claude noreply@anthropic.com