Fix bot/web-flow detection.

[AlphaOne1]

Summary by CodeRabbit

• Bug Fixes

  • Broadens bot detection to reduce false DCO checks by recognizing generic bot identifiers and handling web-flow exceptions.
  • Skips bot-authored commits when evaluating Signed-off-by, preventing unnecessary failures.
  • Ensures consistent DCO scanning behavior across push and pull request workflows.

• Chores

  • Streamlines compliance workflow logic for clearer, more predictable DCO verification.

[coderabbitai]

Walkthrough

Updates the compliance workflow to generalize bot detection and skip bot-authored commits when checking DCO. Applies consistent bot-skip logic across push-range and pull request checks, with a specific exception for web-flow. Adjusts both commit and PR scanning paths to ignore commits with committer names containing “[bot]”.

Changes

Cohort / File(s)	Summary of Changes
Compliance workflow update .github/workflows/compliance.yml	Generalized bot detection using actor/pusher name contains “bot”; retained explicit exception for web-flow. Added per-commit skip if committer name contains “[bot]” or equals web-flow in both push-range and PR commit scans. Unified behavior for CheckSignedOffCommit and CheckSignedOffPullRequest DCO checks.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor GitHub as GitHub
    participant WF as Compliance Workflow
    participant BotFilter as Bot Filter
    participant CommitScan as Commit Scanner
    participant DCO as DCO Checker

    GitHub->>WF: Trigger (push or pull_request)
    WF->>BotFilter: Evaluate actor/pusher name
    alt Actor is bot (contains "bot") and not "web-flow"
        BotFilter-->>WF: Skip workflow
        WF-->>GitHub: Exit early
    else Non-bot or "web-flow"
        BotFilter-->>WF: Proceed
        par Push-range path
            WF->>CommitScan: List commits in range
            loop For each commit
                CommitScan->>BotFilter: Check committer name
                alt Committer contains "[bot]" or is "web-flow"
                    BotFilter-->>CommitScan: Skip commit
                else Human commit
                    CommitScan->>DCO: Verify Signed-off-by
                    DCO-->>CommitScan: Pass/Fail
                end
            end
        and PR path
            WF->>CommitScan: List PR commits
            loop For each commit
                CommitScan->>BotFilter: Check committer name
                alt Committer contains "[bot]" or is "web-flow"
                    BotFilter-->>CommitScan: Skip commit
                else Human commit
                    CommitScan->>DCO: Verify Signed-off-by
                    DCO-->>CommitScan: Pass/Fail
                end
            end
        end
        WF-->>GitHub: Report results
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

I thump my paws on YAML ground,
Sniffing bots by name and sound.
“[bot]” goes by? I let it hop—
web-flow too, I will not stop.
For mortal paws, I check the line:
Signed-off-by—now all is fine. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title “Fix bot/web-flow detection.” concisely summarizes the main change to the compliance workflow by updating bot detection and handling logic for web-flow and other bots. It directly reflects that the PR adjusts how bot and web-flow commits are identified and skipped, matching the code modifications. No unrelated details or noise are present.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix_compliance_workflow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 05231d7 and 6073f71.

📒 Files selected for processing (1)

• .github/workflows/compliance.yml (3 hunks)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Web-flow detection still misses GitHub UI commits

git log --format=%cn returns GitHub (not web-flow) for commits created via the GitHub web UI, so these loops still process the very commits we’re trying to exempt. The DCO check will continue to fail on “Update branch”/web-flow commits. Please adjust the detection (e.g., treat committer_name == "GitHub" with committer_email == "noreply@github.com", or fetch the committer login via the API) so that web-flow generated commits are actually skipped.

Also applies to: 149-154

🤖 Prompt for AI Agents

.github/workflows/compliance.yml around lines 85-90 (also fix the identical
logic at 149-154): the existing check only looks for committer names containing
"[bot]" or equal to "web-flow" but misses GitHub web UI commits which show
committer_name "GitHub"; update the detection to also read the committer email
(e.g., use git log --format=%cn and --format=%ce or a single command to capture
both) and skip commits where committer_name == "GitHub" AND committer_email ==
"noreply@github.com"; alternatively, fetch the committer login from the API if
preferred—apply the same change to the duplicate block at lines 149-154.