cortex-code-action/action.yml at main · anthu/cortex-code-action · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: "Cortex Code Action"
description: "AI code review for data teams, powered by Cortex Code"

branding:
  icon: "git-pull-request"
  color: "blue"

inputs:
  snowflake_private_key:
    description: "Snowflake private key PEM (from GitHub secret)"
    required: true
  snowflake_account:
    description: "Snowflake account identifier (e.g. myorg-myaccount)"
    required: true
  snowflake_user:
    description: "Snowflake username"
    required: true
  snowflake_role:
    description: "Snowflake role to use in CI (use minimal privilege, not ACCOUNTADMIN)"
    required: false
    default: "PUBLIC"
  snowflake_warehouse:
    description: "Snowflake warehouse"
    required: false
    default: "COMPUTE_WH"
  snowflake_database:
    description: "Default Snowflake database"
    required: false
    default: ""
  snowflake_schema:
    description: "Default Snowflake schema"
    required: false
    default: ""
  trigger_phrase:
    description: "Phrase that triggers the action in comments"
    required: false
    default: "@cortex"
  prompt_file:
    description: |
      Path(s) to instruction files, one per line. Files are read in order and
      concatenated. Paths are relative to the repository root.
      Example (multiline):
        .github/instructions/base.md
        .github/instructions/dbt-rules.md
    required: false
    default: ""
  prompt:
    description: "Additional instructions appended after prompt_file content (if any)"
    required: false
    default: ""
  max_turns:
    description: "Maximum agentic turns (capped at 15 regardless of this value)"
    required: false
    default: "5"
  mode:
    description: "Execution mode: auto (detect from event), review, mention, fix"
    required: false
    default: "auto"
  permissions:
    description: "Tool permissions: read-only (default) or read-write (enables auto-fix commits)"
    required: false
    default: "read-only"
  track_progress:
    description: "Post a sticky progress comment that updates in real-time"
    required: false
    default: "true"
  model:
    description: "Cortex model to use (auto selects the best available)"
    required: false
    default: "auto"
  github_token:
    description: "GitHub token for posting comments and commits"
    required: false
    default: "${{ github.token }}"

outputs:
  comment_id:
    description: "ID of the posted review comment"
    value: ${{ steps.run.outputs.comment_id }}

runs:
  using: "composite"
  steps:
    - name: Setup Bun
      uses: oven-sh/setup-bun@v2
      with:
        bun-version: "1.3.13"

    - name: Install Cortex Code CLI
      shell: bash
      run: |
        curl -LsS https://ai.snowflake.com/static/cc-scripts/install.sh | sh
        echo "$HOME/.local/bin" >> "$GITHUB_PATH"

    - name: Setup Snowflake connection
      shell: bash
      env:
        SNOWFLAKE_PRIVATE_KEY_RAW: ${{ inputs.snowflake_private_key }}
        SNOWFLAKE_ACCOUNT: ${{ inputs.snowflake_account }}
        SNOWFLAKE_USER: ${{ inputs.snowflake_user }}
        SNOWFLAKE_ROLE: ${{ inputs.snowflake_role }}
        SNOWFLAKE_WAREHOUSE: ${{ inputs.snowflake_warehouse }}
        SNOWFLAKE_DATABASE: ${{ inputs.snowflake_database }}
        SNOWFLAKE_SCHEMA: ${{ inputs.snowflake_schema }}
      run: |
        mkdir -p ~/.snowflake
        printf '%s\n' "${SNOWFLAKE_PRIVATE_KEY_RAW}" > ~/.snowflake/rsa_key.p8
        chmod 600 ~/.snowflake/rsa_key.p8
        {
          echo '[default]'
          echo "account = \"${SNOWFLAKE_ACCOUNT}\""
          echo "user = \"${SNOWFLAKE_USER}\""
          echo 'authenticator = "SNOWFLAKE_JWT"'
          echo 'private_key_path = "~/.snowflake/rsa_key.p8"'
          echo "role = \"${SNOWFLAKE_ROLE}\""
          echo "warehouse = \"${SNOWFLAKE_WAREHOUSE}\""
          [ -n "${SNOWFLAKE_DATABASE}" ] && echo "database = \"${SNOWFLAKE_DATABASE}\""
          [ -n "${SNOWFLAKE_SCHEMA}" ] && echo "schema = \"${SNOWFLAKE_SCHEMA}\""
        } > ~/.snowflake/connections.toml
        chmod 600 ~/.snowflake/connections.toml

    - name: Install action dependencies
      shell: bash
      working-directory: ${{ github.action_path }}
      run: bun install --frozen-lockfile --production

    - name: Run Cortex Code Action
      id: run
      shell: bash
      working-directory: ${{ github.action_path }}
      env:
        INPUT_TRIGGER_PHRASE: ${{ inputs.trigger_phrase }}
        INPUT_PROMPT_FILE: ${{ inputs.prompt_file }}
        INPUT_PROMPT: ${{ inputs.prompt }}
        INPUT_MAX_TURNS: ${{ inputs.max_turns }}
        INPUT_MODE: ${{ inputs.mode }}
        INPUT_PERMISSIONS: ${{ inputs.permissions }}
        INPUT_TRACK_PROGRESS: ${{ inputs.track_progress }}
        INPUT_MODEL: ${{ inputs.model }}
        GITHUB_TOKEN: ${{ inputs.github_token }}
        GITHUB_EVENT_NAME: ${{ github.event_name }}
        GITHUB_EVENT_PATH: ${{ github.event_path }}
        GITHUB_REPOSITORY: ${{ github.repository }}
        GITHUB_SHA: ${{ github.sha }}
      run: bun run src/entrypoints/run-cortex.ts