Skip to content

GitHub App: delete CodeRabbit rate-limit comments org-wide #369

Open
Open
GitHub App: delete CodeRabbit rate-limit comments org-wide#369
Assignees
hanthor
Labels
kind/automationAutomation and CI/CDkind/github-actionAnything having to do with GHA and automation
@castrojo

Description

@castrojo
castrojo
opened on May 30, 2026

Summary

A GitHub App installed on the projectbluefin org that automatically deletes CodeRabbit API rate-limit comments across all repos the moment they appear. SO let's just make it a housekeeping app so we can clean up all the spam and other things we need done cross org.

Think of a cool name for the app and use one of the other dinosaurs, similar to mergeoraptor has the blue one. Maybe use achillobator for this?

Background

CodeRabbit posts a ## Review limit reached warning comment on PRs when the monthly API quota is exhausted. These pile up across all repos and are noise. We want them gone automatically.

Detection marker: <!-- This is an auto-generated comment: rate limited by coderabbit.ai -->

Why a GitHub App (not an Action + PAT)

  • No PAT rotation — app generates short-lived tokens automatically via installation
  • Real-time — reacts to issue_comment.created webhook instead of polling every 24h
  • Fine-grained permissionsissues: write only, scoped to installed repos
  • Precedentactionadon in knuckle already uses this pattern

Plan

1. Register GitHub App under projectbluefin org

Settings to use when registering at https://github.com/organizations/projectbluefin/settings/apps/new:

  • Name: bluefin-housekeeping
  • Homepage URL: https://github.com/projectbluefin/housekeeping
  • Webhook: active, pointing at the Actions workflow (or use workflow_dispatch trigger from webhook payload)
  • Permissions:
    • Repository → Issues: Read & Write
    • Repository → Pull requests: Read (to list PR comments)
  • Events: Issue comment
  • Where can this be installed: Only on this account

Install the app on the org (all repositories).

Store in org secrets:

  • HOUSEKEEPING_APP_ID
  • HOUSEKEEPING_APP_PRIVATE_KEY

2. Repo: projectbluefin/housekeeping

Already created. Add:

housekeeping/
├── action.yml          ← composite action (inputs: token, org, dry_run)
└── .github/
    └── workflows/
        └── cleanup.yml ← triggered by issue_comment webhook + daily schedule fallback

3. Workflow trigger strategy

on:
  issue_comment:        # fires on every comment across the org (via App webhook)
    types: [created]
  schedule:
    - cron: '0 4 * * *' # daily fallback sweep
  workflow_dispatch:

Filter in the workflow: only act when github.event.comment.user.login == 'coderabbitai[bot]' and body contains the rate-limit marker.

4. Token generation pattern (matches actionadon in knuckle)

- uses: actions/create-github-app-token@v1
  id: app-token
  with:
    app-id: ${{ secrets.HOUSEKEEPING_APP_ID }}
    private-key: ${{ secrets.HOUSEKEEPING_APP_PRIVATE_KEY }}
    owner: projectbluefin

- uses: projectbluefin/housekeeping@main
  with:
    token: ${{ steps.app-token.outputs.token }}
    org: projectbluefin

5. Spread load on the daily sweep

The action.yml script sleeps 20s between repos during the daily sweep, distributing ~18 repos over ~6 minutes.

Repos targeted

All non-archived projectbluefin repos with issues enabled (currently 18).

Done criteria

  • GitHub App registered and installed on org
  • Org secrets HOUSEKEEPING_APP_ID + HOUSEKEEPING_APP_PRIVATE_KEY set
  • action.yml + cleanup.yml merged to projectbluefin/housekeeping
  • A new rate-limit comment is deleted within 60s of being posted
  • Daily sweep runs clean with 0 errors

Metadata

Metadata

Assignees

Labels

kind/automationAutomation and CI/CDkind/github-actionAnything having to do with GHA and automation

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions