[bug-hunter] Changelog link checker rejects valid quoted PR links

[github-actions]

Impact

PRs that add a valid quoted changelog PR link (for example link: "https://github.com/elastic/integrations/pull/100") are incorrectly marked as failures by the new Buildkite changelog-link check. This produces false CI errors and unnecessary PR annotation/comment noise.

Reproduction Steps

1. Run this minimal repro script:

REPO=/home/runner/work/integrations/integrations
TMP=/tmp/gh-aw/agent/repro-changelog-quote
rm -rf "$TMP"
mkdir -p "$TMP"
cd "$TMP"

git init -q
git config user.name repro
git config user.email repro@example.com

cat > changelog.yml <<'EOF'
changelog:
  - version: 1.0.0
    changes:
      - description: initial
        type: enhancement
        link: https://github.com/elastic/integrations/pull/99
EOF

git add changelog.yml
git commit -q -m 'base'

cat > changelog.yml <<'EOF'
changelog:
  - version: 1.0.1
    changes:
      - description: second
        type: enhancement
        link: "https://github.com/elastic/integrations/pull/100"
  - version: 1.0.0
    changes:
      - description: initial
        type: enhancement
        link: https://github.com/elastic/integrations/pull/99
EOF

git add changelog.yml
git commit -q -m 'add quoted link'

source "$REPO/.buildkite/scripts/check_changelog_entries.sh"
check_changelog_file HEAD~1 changelog.yml "https://github.com/elastic/integrations/pull/100"

Expected vs Actual

Expected: quoted and unquoted identical PR URLs should be treated as equivalent and pass.

Actual: quoted URL is treated as different and fails:

--- [changelog.yml]
ERROR: unexpected link: '"https://github.com/elastic/integrations/pull/100"'
       expected:         'https://github.com/elastic/integrations/pull/100'

Failing Test

#!/usr/bin/env bash
set -euo pipefail

REPO=/home/runner/work/integrations/integrations
TMP=/tmp/gh-aw/agent/repro-changelog-quote
rm -rf "$TMP"
mkdir -p "$TMP"
cd "$TMP"

git init -q
git config user.name repro
git config user.email repro@example.com

cat > changelog.yml <<'EOF'
changelog:
  - version: 1.0.0
    changes:
      - description: initial
        type: enhancement
        link: https://github.com/elastic/integrations/pull/99
EOF

git add changelog.yml
git commit -q -m 'base'

cat > changelog.yml <<'EOF'
changelog:
  - version: 1.0.1
    changes:
      - description: second
        type: enhancement
        link: "https://github.com/elastic/integrations/pull/100"
  - version: 1.0.0
    changes:
      - description: initial
        type: enhancement
        link: https://github.com/elastic/integrations/pull/99
EOF

git add changelog.yml
git commit -q -m 'add quoted link'

source "$REPO/.buildkite/scripts/check_changelog_entries.sh"
set +e
check_changelog_file HEAD~1 changelog.yml "https://github.com/elastic/integrations/pull/100"
status=$?
set -e

# This currently fails with status=1.
echo "status=$status"
exit "$status"

Evidence

• Regression introduced in commit e385cb32f7f30319278882648a4b248b9e1e39f8 ([CI] Add Buildkite step to validate changelog PR links (#19171)).
• The extraction keeps surrounding quotes: .buildkite/scripts/check_changelog_entries.sh:20-23 (sed -E 's/^\+[[:space:]]+link:[[:space:]]*//').
• The comparison is strict raw string equality: .buildkite/scripts/check_changelog_entries.sh:55.
• Quoted PR links already exist in repository changelogs, e.g.:
  • packages/airflow_otel/changelog.yml:11
  • packages/elastic_agent/changelog.yml:21
• Current tests do not cover quoted PR links: .buildkite/scripts/test_check_changelog_entries.sh has positive/negative URL tests but no quoted-link case.

Note

🔒 Integrity filter blocked 13 items

The following items were blocked because they don't meet the GitHub integrity level.

• #18610 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #19248 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18288 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #17392 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18505 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18819 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18890 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18944 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18135 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #17231 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #17886 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #15041 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13557 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

---

What is this? | From workflow: Bug Hunter

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

• expires on Jun 10, 2026, 12:46 PM UTC