-
Notifications
You must be signed in to change notification settings - Fork 0
174 lines (151 loc) · 6.34 KB
/
code-review.yml
File metadata and controls
174 lines (151 loc) · 6.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
name: Aictrl Review
on:
pull_request:
branches: [main, master]
workflow_dispatch:
concurrency:
group: aictrl-review-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
review:
name: Aictrl AI Review
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
issues: write
env:
PR_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
PR_NUMBER: ${{ github.event.pull_request.number }}
PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
IS_MANUAL: ${{ github.event_name == 'workflow_dispatch' }}
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Check for Relevant Changes
id: check_changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ -z "$PR_NUMBER" ]; then
BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
PR_NUMBER=$(gh pr list --head "$BRANCH" --json number --jq '.[0].number' 2>/dev/null || true)
if [ -z "$PR_NUMBER" ]; then
echo "No PR found for branch $BRANCH. Skipping."
echo "skip=true" >> $GITHUB_OUTPUT
exit 0
fi
echo "Found PR #$PR_NUMBER for branch $BRANCH"
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
fi
echo "Checking if SHA $PR_SHA was already reviewed..."
REVIEW_COMMENTS=$(gh pr view "$PR_NUMBER" --json comments --jq '.comments[].body' | grep -c "Reviewed SHA:" || true)
LAST_REVIEW_SHA=$(gh pr view "$PR_NUMBER" --json comments --jq '.comments[].body' | grep -o "Reviewed SHA: [a-f0-9]\{40\}" | tail -n 1 | cut -d' ' -f3)
if [ "$LAST_REVIEW_SHA" == "$PR_SHA" ]; then
echo "This commit ($PR_SHA) has already been reviewed. Skipping."
echo "skip=true" >> $GITHUB_OUTPUT
exit 0
fi
if [ "$REVIEW_COMMENTS" -ge 2 ] && [ "$IS_MANUAL" != "true" ]; then
echo "PR already has $REVIEW_COMMENTS AI reviews. Skipping (use workflow_dispatch to force)."
echo "skip=true" >> $GITHUB_OUTPUT
exit 0
fi
echo "Checking changed files..."
CODE_CHANGES=$(git diff --name-only "origin/$PR_BASE_REF...$PR_SHA" | grep -E '\.(ts|js|json|sh|yml|yaml)$' | grep -vE '^docs/|.*\.md$' || true)
if [ -z "$CODE_CHANGES" ]; then
echo "No actual code changes detected. Skipping review."
echo "skip=true" >> $GITHUB_OUTPUT
else
echo "Actual code changes detected:"
echo "$CODE_CHANGES"
echo "skip=false" >> $GITHUB_OUTPUT
fi
- name: Setup Node
if: steps.check_changes.outputs.skip != 'true'
uses: actions/setup-node@v6
with:
node-version: 22
- name: Install Aictrl CLI
if: steps.check_changes.outputs.skip != 'true'
run: |
mkdir -p "$RUNNER_TEMP/aictrl"
cd "$RUNNER_TEMP/aictrl"
npm init -y > /dev/null 2>&1
npm install @aictrl/cli@latest
echo "$RUNNER_TEMP/aictrl/node_modules/.bin" >> $GITHUB_PATH
- name: Configure Review Workspace
if: steps.check_changes.outputs.skip != 'true'
run: |
# Create an isolated workspace with its own git repo.
# Running aictrl from the monorepo checkout causes a silent ~130ms exit
# due to the catalog: protocol in package.json.
# Running from a bare temp dir (no git) also fails silently.
# Solution: minimal git repo + opencode.json with tool permissions.
REVIEW_DIR="$RUNNER_TEMP/review-workspace"
mkdir -p "$REVIEW_DIR"
cd "$REVIEW_DIR"
git init -q
git config user.email "ci@aictrl.dev"
git config user.name "aictrl-ci"
git commit --allow-empty -m "init" -q
# Allow the agent to use read tools and specific bash commands
cat > "$REVIEW_DIR/opencode.json" << 'PERM_EOF'
{
"permission": {
"read": "allow",
"bash": {
"gh *": "allow",
"git diff *": "allow",
"git log *": "allow",
"git show *": "allow",
"wc *": "allow",
"cat *": "allow",
"*": "deny"
},
"glob": "allow",
"grep": "allow",
"list": "allow"
}
}
PERM_EOF
echo "REVIEW_DIR=$REVIEW_DIR" >> $GITHUB_ENV
- name: Run Aictrl Review
if: steps.check_changes.outputs.skip != 'true'
timeout-minutes: 15
env:
ZHIPU_API_KEY: ${{ secrets.ZHIPUAI_API_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
run: |
echo "Starting review for PR #$PR_NUMBER (SHA $PR_SHA)..."
# Run from isolated workspace to avoid monorepo catalog: protocol crash
cd "$REVIEW_DIR"
aictrl run --format json \
--model zai-coding-plan/glm-5 \
"You are reviewing PR #${PR_NUMBER} on ${GH_REPO} (SHA: ${PR_SHA}, base: ${PR_BASE_REF}).
You have access to the gh CLI, git, and file reading tools. Use them to understand the changes.
Steps:
1. Run: gh pr diff ${PR_NUMBER} --repo ${GH_REPO}
2. Read source files for context as needed using the read tool
3. Focus on bugs, security issues, logic errors, and reliability
4. Skip style nits and formatting opinions
5. Post your review as a single comment:
gh pr comment ${PR_NUMBER} --repo ${GH_REPO} --body '<your review here>
Reviewed SHA: ${PR_SHA}'" \
> "$RUNNER_TEMP/review-output.jsonl" \
2> "$RUNNER_TEMP/review-stderr.log" || true
echo ""
echo "=== Session NDJSON ==="
cat "$RUNNER_TEMP/review-output.jsonl"
echo ""
if [ -s "$RUNNER_TEMP/review-stderr.log" ]; then
echo "=== Session stderr ==="
cat "$RUNNER_TEMP/review-stderr.log"
echo ""
fi
# Report event count for diagnostics
EVENTS=$(wc -l < "$RUNNER_TEMP/review-output.jsonl" 2>/dev/null || echo "0")
echo "Total NDJSON events: $EVENTS"