rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Merge pull request 'feat: delete previous review before posting new one (#6)' (#22) from feat/6-update-existing-review into main
CI / test (push) Successful in 13s
Details
CI / review (gpt-4.1, gpt, GPT_REVIEW_TOKEN) (push) Has been skipped
Details
CI / review (gpt-5, security, SECURITY_REVIEW.md, SONNET_REVIEW_TOKEN) (push) Has been skipped
Details
CI / review (gpt-5, sonnet, SONNET_REVIEW_TOKEN) (push) Has been skipped
Details

Browse Source 
Reviewed-on: #22
This commit was merged in pull request #22.
This commit is contained in:
Aaron Weiker
2026-05-02 04:50:16 +00:00
parent aee903caa2 55391c66d8
commit 177d56f218
10 changed files with 824 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/actions/review/action.yml
+10
View File
@@ -66,6 +66,14 @@ inputs:
description: 'Print review to stdout instead of posting'
required: false
default: 'false'
update-existing:
description: 'Delete previous review from same bot after posting new one. Accepts: true/1/yes or false/0/no (default true)'
required: false
default: 'true'
system-prompt-file:
description: 'Local file with additional system prompt instructions (e.g. security review focus)'
required: false
default: ''
runs:
using: 'composite'
@@ -145,6 +153,8 @@ runs:
LLM_TEMPERATURE: ${{ inputs.temperature }}
LLM_TIMEOUT: ${{ inputs.timeout }}
LLM_PROVIDER: ${{ inputs.llm-provider }}
UPDATE_EXISTING: ${{ inputs.update-existing }}
SYSTEM_PROMPT_FILE: ${{ inputs.system-prompt-file }}
run: |
ARGS=""
if [ "${{ inputs.dry-run }}" = "true" ]; then
.gitea/workflows/ci.yml
+6
View File
@@ -32,6 +32,10 @@ jobs:
- name: gpt
token_secret: GPT_REVIEW_TOKEN
model: gpt-4.1
- name: security
token_secret: SONNET_REVIEW_TOKEN
model: gpt-5
system_prompt_file: SECURITY_REVIEW.md
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
@@ -44,6 +48,7 @@ jobs:
GITEA_REPO: ${{ github.repository }}
PR_NUMBER: ${{ github.event.pull_request.number }}
REVIEWER_TOKEN: ${{ secrets[matrix.token_secret] }}
REVIEWER_NAME: ${{ matrix.name }}
LLM_BASE_URL: ${{ secrets.LLM_BASE_URL }}
LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
LLM_MODEL: ${{ matrix.model }}
@@ -51,4 +56,5 @@ jobs:
PATTERNS_REPO: "rodin/go-patterns"
PATTERNS_FILES: "README.md,patterns/"
LLM_TIMEOUT: "600"
SYSTEM_PROMPT_FILE: ${{ matrix.system_prompt_file }}
run: ./review-bot
README.md
+276 -48
View File
@@ -1,17 +1,242 @@
# review-bot
Automated code review bot for Gitea. Fetches a pull request diff, sends it to an LLM for analysis, and posts a structured review back to the PR.
AI-powered code review bot for Gitea pull requests. Fetches diff + context, sends to an LLM, and posts a structured review (APPROVE / REQUEST_CHANGES) back to the PR.
## Features
- Fetches PR metadata, diff, and CI status from Gitea API
- Sends context-rich prompts to any OpenAI-compatible LLM
- Parses structured JSON review responses
- Posts formatted reviews (APPROVE / REQUEST_CHANGES) back to Gitea
- Supports custom coding conventions via repo files
- Zero external dependencies Go stdlib only
- **Multi-provider**: OpenAI-compatible and Anthropic Messages API
- **Context-aware**: Fetches full file content, conventions, language patterns, CI status
- **Smart budget**: Automatically trims context to fit model token limits
- **Idempotent reviews**: Posts new review, then cleans up stale ones (one review per bot)
- **Custom prompts**: Load additional instructions from a file (e.g. security-focused review)
- **Zero dependencies**: Go stdlib only
## Usage
## Quick Start: Composite Action
The easiest way to use review-bot in your Gitea CI:
```yaml
# .gitea/workflows/review.yml
name: Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: https://gitea.weiker.me/rodin/review-bot/.gitea/actions/review@v0.1.0
with:
reviewer-token: ${{ secrets.REVIEW_TOKEN }}
reviewer-name: code-review
llm-base-url: ${{ secrets.LLM_BASE_URL }}
llm-api-key: ${{ secrets.LLM_API_KEY }}
llm-model: gpt-4.1
```
That's it. Every PR gets an automated review.
## Examples
### Single reviewer with conventions
```yaml
jobs:
review:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: https://gitea.weiker.me/rodin/review-bot/.gitea/actions/review@v0.1.0
with:
reviewer-token: ${{ secrets.REVIEW_TOKEN }}
reviewer-name: reviewer
llm-base-url: ${{ secrets.LLM_BASE_URL }}
llm-api-key: ${{ secrets.LLM_API_KEY }}
llm-model: gpt-4.1
conventions-file: CONVENTIONS.md
timeout: '600'
```
### Two reviewers with different models (diversity of opinion)
```yaml
jobs:
review:
runs-on: ubuntu-24.04
strategy:
matrix:
include:
- name: gpt
model: gpt-4.1
token_secret: GPT_REVIEW_TOKEN
- name: claude
model: claude-sonnet-4-20250514
token_secret: CLAUDE_REVIEW_TOKEN
provider: anthropic
steps:
- uses: actions/checkout@v4
- uses: https://gitea.weiker.me/rodin/review-bot/.gitea/actions/review@v0.1.0
with:
reviewer-token: ${{ secrets[matrix.token_secret] }}
reviewer-name: ${{ matrix.name }}
llm-base-url: ${{ secrets.LLM_BASE_URL }}
llm-api-key: ${{ secrets.LLM_API_KEY }}
llm-model: ${{ matrix.model }}
llm-provider: ${{ matrix.provider }}
conventions-file: CONVENTIONS.md
```
Each reviewer posts independently and only cleans up its own stale reviews.
### Multiple review types from a single bot account
Use the same Gitea token but different `reviewer-name` values to run specialized reviews without needing multiple bot accounts:
```yaml
jobs:
review:
runs-on: ubuntu-24.04
strategy:
matrix:
include:
- name: code-quality
model: gpt-4.1
- name: security
model: gpt-4.1
system_prompt_file: .review/SECURITY.md
- name: performance
model: gpt-4.1
system_prompt_file: .review/PERFORMANCE.md
steps:
- uses: actions/checkout@v4
- uses: https://gitea.weiker.me/rodin/review-bot/.gitea/actions/review@v0.1.0
with:
reviewer-token: ${{ secrets.REVIEW_TOKEN }}
reviewer-name: ${{ matrix.name }}
llm-base-url: ${{ secrets.LLM_BASE_URL }}
llm-api-key: ${{ secrets.LLM_API_KEY }}
llm-model: ${{ matrix.model }}
system-prompt-file: ${{ matrix.system_prompt_file }}
```
The sentinel `<!-- review-bot:security -->` ensures the security review only replaces previous security reviews, never the code-quality or performance reviews.
### With language patterns from another repo
```yaml
- uses: https://gitea.weiker.me/rodin/review-bot/.gitea/actions/review@v0.1.0
with:
reviewer-token: ${{ secrets.REVIEW_TOKEN }}
reviewer-name: reviewer
llm-base-url: ${{ secrets.LLM_BASE_URL }}
llm-api-key: ${{ secrets.LLM_API_KEY }}
llm-model: gpt-4.1
conventions-file: CLAUDE.md
patterns-repo: rodin/go-patterns,rodin/kubernetes-conventions
patterns-files: "README.md,patterns/"
```
Pattern repos are fetched at review time. The reviewer uses them as criteria for idiomatic code.
### Dry run (test without posting)
```yaml
- uses: https://gitea.weiker.me/rodin/review-bot/.gitea/actions/review@v0.1.0
with:
reviewer-token: ${{ secrets.REVIEW_TOKEN }}
reviewer-name: test
llm-base-url: ${{ secrets.LLM_BASE_URL }}
llm-api-key: ${{ secrets.LLM_API_KEY }}
llm-model: gpt-4.1
dry-run: 'true'
```
Prints the review to CI logs without posting to the PR. Useful for testing prompt changes.
### Using Anthropic directly
```yaml
- uses: https://gitea.weiker.me/rodin/review-bot/.gitea/actions/review@v0.1.0
with:
reviewer-token: ${{ secrets.REVIEW_TOKEN }}
reviewer-name: claude
llm-base-url: https://api.anthropic.com
llm-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
llm-model: claude-sonnet-4-20250514
llm-provider: anthropic
```
## Action Inputs
| Input | Required | Default | Description |
|-------|----------|---------|-------------|
| `reviewer-token` | Yes | — | Gitea token for posting reviews (needs `write:issue`, `write:repository`) |
| `reviewer-name` | No | `""` | Logical identity for this reviewer. Used as sentinel for idempotent cleanup. Set this when running multiple review bots on the same PR. |
| `llm-base-url` | Yes | — | LLM API base URL |
| `llm-api-key` | Yes | — | LLM API key |
| `llm-model` | Yes | — | Model name |
| `llm-provider` | No | `openai` | API provider: `openai` or `anthropic` |
| `conventions-file` | No | `""` | Path to coding conventions file in the repo |
| `patterns-repo` | No | `""` | Comma-separated repos with language patterns (e.g. `rodin/go-patterns`) |
| `patterns-files` | No | `README.md` | Files/directories to fetch from pattern repos |
| `system-prompt-file` | No | `""` | Local file with additional system prompt instructions |
| `temperature` | No | `0` | LLM temperature (0 = server default) |
| `timeout` | No | `300` | LLM request timeout in seconds |
| `dry-run` | No | `false` | Print review to stdout instead of posting |
| `update-existing` | No | `true` | Delete previous review from same bot before posting. Accepts: true/1/yes or false/0/no |
| `version` | No | `latest` | review-bot version to install |
## How Review Cleanup Works
When `reviewer-name` is set, the bot embeds a hidden sentinel in each review:
```html
<!-- review-bot:code-review -->
```
On the next run, it finds and deletes any review containing its own sentinel (except the one it just posted). This means:
- **One review per bot per PR** — no clutter from repeated pushes
- **Multiple bots coexist** — each only cleans up its own reviews
- **Same token, different roles** — a single bot account can post "code-review" and "security" reviews without conflict
- **No extra permissions** — identity comes from the sentinel, not the API
If `reviewer-name` is empty, cleanup is skipped (reviews stack like before).
### Shared Token: Worst-Wins Behavior
When multiple review types share the same Gitea bot account (e.g. code-quality and security), Gitea determines the user's approval state from their **most recent review**. This creates a race condition: if security finds issues (REQUEST_CHANGES) but code-quality finishes last (APPROVE), the PR appears approved.
review-bot handles this automatically with **worst-wins reconciliation**: before posting, each job checks whether any sibling review from the same user already has REQUEST_CHANGES. If so and this job would post APPROVE, it posts as REQUEST_CHANGES instead — maintaining the block. This ensures the PR stays blocked until all checks pass, regardless of execution order.
**If you need independent approval/block per review type**, use separate Gitea bot accounts with their own tokens.
## Custom Review Prompts
Use `system-prompt-file` to specialize the review focus. The file contents are appended to the base system prompt as "Additional Review Instructions."
Example `SECURITY_REVIEW.md`:
```markdown
You are performing a security-focused code review.
Focus areas:
- Injection attacks (SQL, command, path traversal, template)
- Authentication/Authorization (missing checks, privilege escalation)
- Secrets exposure (hardcoded credentials, tokens in logs)
- Input validation (unsanitized input, unsafe deserialization)
- Race conditions (TOCTOU, unsynchronized shared state)
Rules:
- Only report findings with security implications
- Ignore style, naming, and general code quality
- MAJOR = exploitable vulnerability, MINOR = hardening opportunity, NIT = theoretical risk
- If no security-relevant changes exist, APPROVE with empty findings
```
## CLI Usage
```bash
review-bot \
@@ -19,71 +244,74 @@ review-bot \
--repo owner/name \
--pr 42 \
--reviewer-token "$GITEA_TOKEN" \
--reviewer-name "code-review" \
--llm-base-url https://api.openai.com/v1 \
--llm-api-key "$OPENAI_API_KEY" \
--llm-model gpt-4 \
--reviewer-name "Sonnet" \
--conventions-file CONVENTIONS.md \
--dry-run
--llm-model gpt-4.1 \
--conventions-file CONVENTIONS.md
```
## Environment Variables
All flags can be set via environment variables:
All flags have environment variable equivalents:
| Flag | Env Var | Required | Description |
|------|---------|----------|-------------|
| `--gitea-url` | `GITEA_URL` | Yes | Gitea instance base URL |
| `--repo` | `GITEA_REPO` | Yes | Repository in `owner/name` format |
| `--pr` | `PR_NUMBER` | Yes | Pull request number |
| `--reviewer-token` | `REVIEWER_TOKEN` | Yes | Gitea API token for posting reviews |
| `--llm-base-url` | `LLM_BASE_URL` | Yes | OpenAI-compatible API base URL |
| `--llm-api-key` | `LLM_API_KEY` | Yes | LLM API key |
| `--llm-model` | `LLM_MODEL` | Yes | Model identifier |
| `--reviewer-name` | `REVIEWER_NAME` | No | Display name in review footer |
| `--conventions-file` | `CONVENTIONS_FILE` | No | Path to conventions file in repo |
| `--dry-run` | — | No | Print review to stdout instead of posting |
| Flag | Env Var |
|------|---------|
| `--gitea-url` | `GITEA_URL` |
| `--repo` | `GITEA_REPO` |
| `--pr` | `PR_NUMBER` |
| `--reviewer-token` | `REVIEWER_TOKEN` |
| `--reviewer-name` | `REVIEWER_NAME` |
| `--llm-base-url` | `LLM_BASE_URL` |
| `--llm-api-key` | `LLM_API_KEY` |
| `--llm-model` | `LLM_MODEL` |
| `--llm-provider` | `LLM_PROVIDER` |
| `--conventions-file` | `CONVENTIONS_FILE` |
| `--patterns-repo` | `PATTERNS_REPO` |
| `--patterns-files` | `PATTERNS_FILES` |
| `--system-prompt-file` | `SYSTEM_PROMPT_FILE` |
| `--llm-temperature` | `LLM_TEMPERATURE` |
| `--llm-timeout` | `LLM_TIMEOUT` |
| `--update-existing` | `UPDATE_EXISTING` |
## Adding to a Gitea Repository
## Setup
1. Build the binary or use the CI workflow approach (build in CI).
1. **Create a Gitea bot account** (e.g. `review-bot`)
2. **Generate a token** with scopes: `write:issue`, `write:repository`
3. **Add secrets** to your Gitea repo (Settings → Actions → Secrets):
- `REVIEW_TOKEN` — the bot's Gitea token
- `LLM_BASE_URL` — your LLM endpoint
- `LLM_API_KEY` — your LLM key
4. **Add the workflow** (see Quick Start above)
2. Add secrets to your Gitea repo (Settings → Actions → Secrets):
- `SONNET_REVIEW_TOKEN` — Gitea token for the Sonnet reviewer account
- `GPT_REVIEW_TOKEN` — Gitea token for the GPT reviewer account
- `LLM_BASE_URL` — Your LLM API endpoint
- `LLM_API_KEY` — Your LLM API key
### Token Scopes Required
3. Copy `.gitea/workflows/ci.yml` to your repo (or adapt it).
| Scope | Purpose |
|-------|---------|
| `write:issue` | Post and delete reviews |
| `write:repository` | Read PR diffs, file content, commit statuses |
4. On every PR, the bot will:
- Run tests and vet
- Build review-bot
- Post reviews from each configured LLM reviewer
No `read:user` scope needed — the bot identifies itself from the review response.
## Development
```bash
# Run tests
go test ./...
# Run vet
go vet ./...
# Build
go test ./... # Unit tests
go vet ./... # Static analysis
go build -o review-bot ./cmd/review-bot
# Integration tests (requires env vars)
# Integration tests (requires env vars set)
go test -tags=integration ./...
```
## Architecture
```
cmd/review-bot/ CLI entrypoint
gitea/ Gitea API client
llm/ OpenAI-compatible LLM client
cmd/review-bot/ CLI entrypoint + orchestration
gitea/ Gitea API client (reviews, PRs, files)
llm/ Multi-provider LLM client (OpenAI + Anthropic)
review/ Prompt building, response parsing, formatting
budget/ Token estimation + context trimming
```
## License
SECURITY_REVIEW.md
+18
View File
@@ -0,0 +1,18 @@
You are performing a security-focused code review. Your primary concern is identifying vulnerabilities, not general code quality.
Focus areas:
- **Injection attacks**: SQL injection, command injection, path traversal, template injection
- **Authentication/Authorization**: Missing auth checks, privilege escalation, IDOR
- **Secrets exposure**: Hardcoded credentials, API keys in code, tokens in logs
- **Input validation**: Untrusted input used without sanitization, unsafe deserialization
- **Cryptography**: Weak algorithms, predictable randomness, improper key management
- **Error handling**: Information leakage in error messages, stack traces exposed
- **Dependencies**: Known vulnerable patterns, unsafe use of external libraries
- **Race conditions**: TOCTOU bugs, unsynchronized shared state
- **Resource exhaustion**: Unbounded allocations, missing timeouts, denial-of-service vectors
Rules for this review:
- Only report findings with actual security implications. Ignore style, naming, and general code quality.
- Severity mapping: MAJOR = exploitable vulnerability or data exposure. MINOR = defense-in-depth improvement or hardening opportunity. NIT = theoretical concern with low practical risk.
- If the code has no security-relevant changes, APPROVE with an empty findings list.
- Do not duplicate findings that a standard code review would catch (logic bugs, missing error checks) unless they have a security dimension.
cmd/review-bot/main.go
+119 -3
View File
@@ -6,6 +6,7 @@ import (
"fmt"
"log"
"os"
"path/filepath"
"strconv"
"strings"
"time"
@@ -30,9 +31,11 @@ func main() {
llmAPIKey := flag.String("llm-api-key", envOrDefault("LLM_API_KEY", ""), "LLM API key")
llmModel := flag.String("llm-model", envOrDefault("LLM_MODEL", ""), "LLM model name")
conventionsFile := flag.String("conventions-file", envOrDefault("CONVENTIONS_FILE", ""), "Conventions file path in repo (e.g. CLAUDE.md)")
systemPromptFile := flag.String("system-prompt-file", envOrDefault("SYSTEM_PROMPT_FILE", ""), "Local file with additional system prompt instructions")
patternsRepo := flag.String("patterns-repo", envOrDefault("PATTERNS_REPO", ""), "Repo with language patterns (e.g. rodin/elixir-patterns)")
patternsFiles := flag.String("patterns-files", envOrDefault("PATTERNS_FILES", "README.md"), "Comma-separated file paths to fetch from patterns repo")
dryRun := flag.Bool("dry-run", false, "Print review to stdout instead of posting")
updateExisting := flag.Bool("update-existing", envOrDefaultBool("UPDATE_EXISTING", true), "Delete previous review from same bot before posting (default true)")
llmTemp := flag.Float64("llm-temperature", envOrDefaultFloat("LLM_TEMPERATURE", 0), "LLM temperature (0 = server default)")
llmTimeout := flag.Int("llm-timeout", envOrDefaultInt("LLM_TIMEOUT", 300), "LLM request timeout in seconds (default 300)")
llmProvider := flag.String("llm-provider", envOrDefault("LLM_PROVIDER", "openai"), "LLM API provider: openai or anthropic")
@@ -54,6 +57,11 @@ func main() {
os.Exit(1)
}
// Validate reviewer-name: only safe characters allowed in sentinel
if err := validateReviewerName(*reviewerName); err != nil {
log.Fatalf("%v", err)
}
// Parse repo owner/name
parts := strings.SplitN(*repo, "/", 2)
if len(parts) != 2 {
@@ -149,9 +157,45 @@ func main() {
log.Printf("Loaded patterns from %s (%d bytes)", *patternsRepo, len(patterns))
}
// Step 6b: Load additional system prompt if specified
additionalPrompt := ""
if *systemPromptFile != "" {
workspace := os.Getenv("GITHUB_WORKSPACE")
if workspace == "" {
workspace, _ = os.Getwd()
}
absWorkspace, err := filepath.Abs(workspace)
if err != nil {
log.Fatalf("Failed to resolve workspace path: %v", err)
}
promptPath := filepath.Join(absWorkspace, *systemPromptFile)
promptPath = filepath.Clean(promptPath)
if !strings.HasPrefix(promptPath, absWorkspace+string(filepath.Separator)) && promptPath != absWorkspace {
log.Fatalf("system-prompt-file resolves outside workspace (got %q, workspace %q)", promptPath, absWorkspace)
}
// Resolve symlinks and re-validate to prevent symlink traversal
resolvedPath, err := filepath.EvalSymlinks(promptPath)
if err != nil {
log.Fatalf("Failed to resolve system prompt file %q: %v", promptPath, err)
}
if !strings.HasPrefix(resolvedPath, absWorkspace+string(filepath.Separator)) && resolvedPath != absWorkspace {
log.Fatalf("system-prompt-file symlink resolves outside workspace (got %q, workspace %q)", resolvedPath, absWorkspace)
}
data, err := os.ReadFile(resolvedPath)
if err != nil {
log.Fatalf("Failed to read system prompt file %q: %v", promptPath, err)
}
additionalPrompt = string(data)
log.Printf("Loaded system prompt file: %s (%d bytes)", *systemPromptFile, len(additionalPrompt))
}
// Step 7: Budget-aware prompt assembly
systemBase := review.BuildSystemBase()
if additionalPrompt != "" {
systemBase += "\n\n## Additional Review Instructions\n\n" + additionalPrompt
}
sections := budget.Sections{
SystemBase: review.BuildSystemBase(),
SystemBase: systemBase,
Patterns: patterns,
Conventions: conventions,
FileContext: fileContext,
@@ -195,11 +239,49 @@ func main() {
return
}
sentinel := fmt.Sprintf("<!-- review-bot:%s -->", *reviewerName)
log.Printf("Posting review (event=%s)...", event)
if err := giteaClient.PostReview(ctx, owner, repoName, prNumber, event, reviewBody); err != nil {
posted, err := giteaClient.PostReview(ctx, owner, repoName, prNumber, event, reviewBody)
if err != nil {
log.Fatalf("Failed to post review: %v", err)
}
log.Printf("Review posted successfully!")
log.Printf("Review posted (id=%d, user=%s)", posted.ID, posted.User.Login)
// Delete stale reviews from this bot using sentinel matching
if *updateExisting && *reviewerName != "" {
reviews, err := giteaClient.ListReviews(ctx, owner, repoName, prNumber)
if err != nil {
log.Printf("Warning: could not list existing reviews: %v", err)
} else {
for _, r := range reviews {
if r.ID != posted.ID && r.User.Login == posted.User.Login && strings.Contains(r.Body, sentinel) {
if err := giteaClient.DeleteReview(ctx, owner, repoName, prNumber, r.ID); err != nil {
log.Printf("Warning: could not delete old review %d: %v", r.ID, err)
} else {
log.Printf("Deleted stale review %d", r.ID)
}
}
}
// Worst-wins: if we posted APPROVE but a sibling review from the
// same user (same token, different role) has REQUEST_CHANGES,
// delete ours and re-post as REQUEST_CHANGES to maintain the block.
if event == "APPROVED" && shouldEscalate(reviews, posted.ID, posted.User.Login, sentinel) {
log.Printf("Sibling review has REQUEST_CHANGES; escalating")
if err := giteaClient.DeleteReview(ctx, owner, repoName, prNumber, posted.ID); err != nil {
log.Printf("Warning: could not delete review for escalation: %v", err)
} else {
_, err := giteaClient.PostReview(ctx, owner, repoName, prNumber, "REQUEST_CHANGES", reviewBody)
if err != nil {
log.Printf("Warning: could not re-post as REQUEST_CHANGES: %v", err)
} else {
log.Printf("Review escalated to REQUEST_CHANGES")
}
}
}
}
}
}
// fetchFileContext fetches the full content of modified files from the PR branch.
@@ -333,3 +415,37 @@ func envOrDefaultInt(key string, defaultVal int) int {
}
return defaultVal
}
func envOrDefaultBool(key string, defaultVal bool) bool {
v := strings.TrimSpace(strings.ToLower(os.Getenv(key)))
if v == "" {
return defaultVal
}
return v == "true" || v == "1" || v == "yes"
}
// validateReviewerName checks that the name contains only safe characters
// for embedding in an HTML comment sentinel ([a-zA-Z0-9_-]).
func validateReviewerName(name string) error {
if name == "" {
return nil
}
for _, ch := range name {
if !((ch >= 'a' && ch <= 'z') || (ch >= 'A' && ch <= 'Z') || (ch >= '0' && ch <= '9') || ch == '-' || ch == '_') {
return fmt.Errorf("reviewer-name must contain only [a-zA-Z0-9_-] (got %q)", name)
}
}
return nil
}
// shouldEscalate checks if the current APPROVED review should be escalated
// to REQUEST_CHANGES because a sibling bot review (same user, different role)
// already has REQUEST_CHANGES.
func shouldEscalate(reviews []gitea.Review, postedID int64, postedLogin, ownSentinel string) bool {
for _, r := range reviews {
if r.ID != postedID && !r.Stale && r.User.Login == postedLogin && r.State == "REQUEST_CHANGES" && strings.Contains(r.Body, "<!-- review-bot:") && !strings.Contains(r.Body, ownSentinel) {
return true
}
}
return false
}
cmd/review-bot/main_test.go
+150
View File
@@ -0,0 +1,150 @@
package main
import (
"testing"
"gitea.weiker.me/rodin/review-bot/gitea"
)
func TestValidateReviewerName(t *testing.T) {
tests := []struct {
name string
input string
wantErr bool
}{
{"valid simple", "sonnet", false},
{"valid with dash", "code-review", false},
{"valid with underscore", "my_bot", false},
{"valid alphanumeric", "bot123", false},
{"valid uppercase", "MyBot", false},
{"empty is valid", "", false},
{"invalid html close", "foo-->", true},
{"invalid space", "my bot", true},
{"invalid dot", "my.bot", true},
{"invalid slash", "my/bot", true},
{"invalid angle", "bot<script>", true},
{"invalid colon", "bot:name", true},
}
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
err := validateReviewerName(tc.input)
if tc.wantErr && err == nil {
t.Errorf("expected error for %q, got nil", tc.input)
}
if !tc.wantErr && err != nil {
t.Errorf("expected no error for %q, got %v", tc.input, err)
}
})
}
}
func makeReview(id int64, login, state string, stale bool, body string) gitea.Review {
r := gitea.Review{
ID: id,
Body: body,
State: state,
Stale: stale,
}
r.User.Login = login
return r
}
func TestShouldEscalate(t *testing.T) {
tests := []struct {
name string
reviews []gitea.Review
postedID int64
postedLogin string
ownSentinel string
want bool
}{
{
name: "no reviews",
reviews: nil,
postedID: 100,
postedLogin: "bot",
ownSentinel: "<!-- review-bot:sonnet -->",
want: false,
},
{
name: "sibling same user has REQUEST_CHANGES",
reviews: []gitea.Review{
makeReview(101, "bot", "REQUEST_CHANGES", false, "bad\n<!-- review-bot:security -->"),
},
postedID: 100,
postedLogin: "bot",
ownSentinel: "<!-- review-bot:sonnet -->",
want: true,
},
{
name: "sibling different user has REQUEST_CHANGES (should NOT escalate)",
reviews: []gitea.Review{
makeReview(101, "other-bot", "REQUEST_CHANGES", false, "bad\n<!-- review-bot:gpt -->"),
},
postedID: 100,
postedLogin: "bot",
ownSentinel: "<!-- review-bot:sonnet -->",
want: false,
},
{
name: "same user REQUEST_CHANGES but stale (should NOT escalate)",
reviews: []gitea.Review{
makeReview(101, "bot", "REQUEST_CHANGES", true, "old\n<!-- review-bot:security -->"),
},
postedID: 100,
postedLogin: "bot",
ownSentinel: "<!-- review-bot:sonnet -->",
want: false,
},
{
name: "same user same sentinel (own stale review, should NOT escalate)",
reviews: []gitea.Review{
makeReview(101, "bot", "REQUEST_CHANGES", false, "old\n<!-- review-bot:sonnet -->"),
},
postedID: 100,
postedLogin: "bot",
ownSentinel: "<!-- review-bot:sonnet -->",
want: false,
},
{
name: "same user APPROVED sibling (should NOT escalate)",
reviews: []gitea.Review{
makeReview(101, "bot", "APPROVED", false, "good\n<!-- review-bot:security -->"),
},
postedID: 100,
postedLogin: "bot",
ownSentinel: "<!-- review-bot:sonnet -->",
want: false,
},
{
name: "human REQUEST_CHANGES no sentinel (should NOT escalate)",
reviews: []gitea.Review{
makeReview(101, "bot", "REQUEST_CHANGES", false, "please fix this"),
},
postedID: 100,
postedLogin: "bot",
ownSentinel: "<!-- review-bot:sonnet -->",
want: false,
},
{
name: "skip own posted ID",
reviews: []gitea.Review{
makeReview(100, "bot", "REQUEST_CHANGES", false, "x\n<!-- review-bot:security -->"),
},
postedID: 100,
postedLogin: "bot",
ownSentinel: "<!-- review-bot:sonnet -->",
want: false,
},
}
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
got := shouldEscalate(tc.reviews, tc.postedID, tc.postedLogin, tc.ownSentinel)
if got != tc.want {
t.Errorf("shouldEscalate() = %v, want %v", got, tc.want)
}
})
}
}
gitea/client.go
+84 -7
View File
@@ -129,9 +129,9 @@ func (c *Client) GetFileContentRef(ctx context.Context, owner, repo, filepath, r
return string(body), nil
}
// PostReview submits a review to a PR.
// PostReview submits a review to a PR and returns the created review.
// event should be "APPROVED" or "REQUEST_CHANGES".
func (c *Client) PostReview(ctx context.Context, owner, repo string, number int, event, body string) error {
func (c *Client) PostReview(ctx context.Context, owner, repo string, number int, event, body string) (*Review, error) {
reqURL := fmt.Sprintf("%s/api/v1/repos/%s/%s/pulls/%d/reviews", c.baseURL, owner, repo, number)
payload := struct {
@@ -144,27 +144,36 @@ func (c *Client) PostReview(ctx context.Context, owner, repo string, number int,
data, err := json.Marshal(payload)
if err != nil {
return fmt.Errorf("marshal review payload: %w", err)
return nil, fmt.Errorf("marshal review payload: %w", err)
}
req, err := http.NewRequestWithContext(ctx, http.MethodPost, reqURL, bytes.NewReader(data))
if err != nil {
return fmt.Errorf("create review request: %w", err)
return nil, fmt.Errorf("create review request: %w", err)
}
req.Header.Set("Authorization", "token "+c.token)
req.Header.Set("Content-Type", "application/json")
resp, err := c.http.Do(req)
if err != nil {
return fmt.Errorf("post review: %w", err)
return nil, fmt.Errorf("post review: %w", err)
}
defer resp.Body.Close()
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
respBody, _ := io.ReadAll(resp.Body)
return fmt.Errorf("post review failed (status %d): %s", resp.StatusCode, string(respBody))
return nil, fmt.Errorf("post review failed (status %d): %s", resp.StatusCode, string(respBody))
}
return nil
respBody, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("read review response: %w", err)
}
var review Review
if err := json.Unmarshal(respBody, &review); err != nil {
return nil, fmt.Errorf("parse review response: %w", err)
}
return &review, nil
}
func (c *Client) doGet(ctx context.Context, reqURL string) ([]byte, error) {
@@ -266,3 +275,71 @@ func (c *Client) GetAllFilesInPath(ctx context.Context, owner, repo, path string
}
return results, nil
}
// Review represents a pull request review from the Gitea API.
type Review struct {
ID int64 `json:"id"`
Body string `json:"body"`
User struct {
Login string `json:"login"`
} `json:"user"`
State string `json:"state"`
Stale bool `json:"stale"`
}
// ListReviews returns all reviews on a pull request.
// Paginates through all pages to ensure no reviews are missed.
func (c *Client) ListReviews(ctx context.Context, owner, repo string, number int) ([]Review, error) {
const pageSize = 50
var all []Review
for page := 1; ; page++ {
reqURL := fmt.Sprintf("%s/api/v1/repos/%s/%s/pulls/%d/reviews?limit=%d&page=%d",
c.baseURL,
url.PathEscape(owner),
url.PathEscape(repo),
number,
pageSize,
page)
body, err := c.doGet(ctx, reqURL)
if err != nil {
return nil, fmt.Errorf("list reviews (page %d): %w", page, err)
}
var batch []Review
if err := json.Unmarshal(body, &batch); err != nil {
return nil, fmt.Errorf("parse reviews (page %d): %w", page, err)
}
all = append(all, batch...)
if len(batch) < pageSize {
break
}
}
return all, nil
}
// DeleteReview deletes a review by ID. The token must belong to the review author.
func (c *Client) DeleteReview(ctx context.Context, owner, repo string, number int, reviewID int64) error {
reqURL := fmt.Sprintf("%s/api/v1/repos/%s/%s/pulls/%d/reviews/%d",
c.baseURL,
url.PathEscape(owner),
url.PathEscape(repo),
number,
reviewID)
req, err := http.NewRequestWithContext(ctx, http.MethodDelete, reqURL, nil)
if err != nil {
return fmt.Errorf("create delete request: %w", err)
}
req.Header.Set("Authorization", "token "+c.token)
resp, err := c.http.Do(req)
if err != nil {
return fmt.Errorf("delete review: %w", err)
}
defer resp.Body.Close()
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
respBody, _ := io.ReadAll(resp.Body)
return fmt.Errorf("delete review failed (status %d): %s", resp.StatusCode, string(respBody))
}
return nil
}
gitea/client_test.go
+111 -3
View File
@@ -123,15 +123,21 @@ func TestPostReview(t *testing.T) {
}
w.WriteHeader(http.StatusOK)
w.Write([]byte(`{}`))
w.Write([]byte(`{"id":100,"user":{"login":"review-bot"},"state":"APPROVED","stale":false}`))
}))
defer server.Close()
client := NewClient(server.URL, "test-token")
err := client.PostReview(context.Background(), "owner", "repo", 3, "APPROVED", "LGTM")
review, err := client.PostReview(context.Background(), "owner", "repo", 3, "APPROVED", "LGTM")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if review.ID != 100 {
t.Errorf("expected review ID 100, got %d", review.ID)
}
if review.User.Login != "review-bot" {
t.Errorf("expected user login %q, got %q", "review-bot", review.User.Login)
}
}
func TestGetPullRequest_Non200(t *testing.T) {
@@ -169,7 +175,7 @@ func TestPostReview_Non200(t *testing.T) {
defer server.Close()
client := NewClient(server.URL, "test-token")
err := client.PostReview(context.Background(), "owner", "repo", 1, "APPROVED", "test")
_, err := client.PostReview(context.Background(), "owner", "repo", 1, "APPROVED", "test")
if err == nil {
t.Fatal("expected error for 403, got nil")
}
@@ -318,3 +324,105 @@ func TestEscapePath(t *testing.T) {
})
}
}
func TestListReviews(t *testing.T) {
pageCount := 0
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/api/v1/repos/owner/repo/pulls/5/reviews" {
t.Errorf("unexpected path: %s", r.URL.Path)
}
if r.URL.Query().Get("limit") != "50" {
t.Errorf("expected limit=50, got %s", r.URL.Query().Get("limit"))
}
pageCount++
w.Header().Set("Content-Type", "application/json")
// Return 2 results (less than page size) to signal end
w.Write([]byte(`[{"id":10,"user":{"login":"bot-a"},"state":"APPROVED","stale":false},{"id":11,"user":{"login":"bot-b"},"state":"REQUEST_CHANGES","stale":true}]`))
}))
defer server.Close()
client := NewClient(server.URL, "test-token")
reviews, err := client.ListReviews(context.Background(), "owner", "repo", 5)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if len(reviews) != 2 {
t.Fatalf("expected 2 reviews, got %d", len(reviews))
}
if reviews[0].User.Login != "bot-a" {
t.Errorf("expected bot-a, got %s", reviews[0].User.Login)
}
if pageCount != 1 {
t.Errorf("expected 1 page fetch (results < page size), got %d", pageCount)
}
}
func TestListReviews_Pagination(t *testing.T) {
pageCount := 0
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
pageCount++
page := r.URL.Query().Get("page")
w.Header().Set("Content-Type", "application/json")
if page == "1" {
// Return exactly 50 items to trigger next page fetch
items := "["
for i := 0; i < 50; i++ {
if i > 0 {
items += ","
}
items += fmt.Sprintf(`{"id":%d,"user":{"login":"bot"},"state":"APPROVED","stale":false}`, i+1)
}
items += "]"
w.Write([]byte(items))
} else {
// Page 2: return fewer than 50 to signal end
w.Write([]byte(`[{"id":51,"user":{"login":"bot"},"state":"APPROVED","stale":false}]`))
}
}))
defer server.Close()
client := NewClient(server.URL, "test-token")
reviews, err := client.ListReviews(context.Background(), "owner", "repo", 5)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if len(reviews) != 51 {
t.Fatalf("expected 51 reviews across 2 pages, got %d", len(reviews))
}
if pageCount != 2 {
t.Errorf("expected 2 page fetches, got %d", pageCount)
}
}
func TestDeleteReview(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/api/v1/repos/owner/repo/pulls/5/reviews/10" {
t.Errorf("unexpected path: %s", r.URL.Path)
}
if r.Method != "DELETE" {
t.Errorf("expected DELETE, got %s", r.Method)
}
w.WriteHeader(http.StatusNoContent)
}))
defer server.Close()
client := NewClient(server.URL, "test-token")
err := client.DeleteReview(context.Background(), "owner", "repo", 5, 10)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
}
func TestDeleteReview_Forbidden(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusForbidden)
w.Write([]byte(`{"message":"forbidden"}`))
}))
defer server.Close()
client := NewClient(server.URL, "test-token")
err := client.DeleteReview(context.Background(), "owner", "repo", 5, 10)
if err == nil {
t.Fatal("expected error for 403, got nil")
}
}
review/formatter.go
+7
View File
@@ -9,6 +9,11 @@ import (
func FormatMarkdown(result *ReviewResult, reviewerName string) string {
var sb strings.Builder
if reviewerName != "" {
title := strings.ToUpper(reviewerName[:1]) + reviewerName[1:]
sb.WriteString(fmt.Sprintf("# %s Review\n\n", title))
}
sb.WriteString("## Summary\n\n")
sb.WriteString(result.Summary)
sb.WriteString("\n\n")
@@ -30,6 +35,8 @@ func FormatMarkdown(result *ReviewResult, reviewerName string) string {
if reviewerName != "" {
sb.WriteString(fmt.Sprintf("\n---\n*Review by %s*\n", reviewerName))
// Hidden sentinel for identifying this bot's reviews during cleanup
sb.WriteString(fmt.Sprintf("\n<!-- review-bot:%s -->\n", reviewerName))
}
return sb.String()
review/formatter_test.go
+43
View File
@@ -116,3 +116,46 @@ func TestGiteaEvent(t *testing.T) {
}
}
}
func TestFormatMarkdown_Sentinel(t *testing.T) {
result := &ReviewResult{
Verdict: "APPROVE",
Summary: "All good.",
Recommendation: "Merge it.",
}
output := FormatMarkdown(result, "security")
if !strings.Contains(output, "<!-- review-bot:security -->") {
t.Error("expected sentinel comment in output")
}
// Empty reviewer name should NOT have sentinel
output2 := FormatMarkdown(result, "")
if strings.Contains(output2, "<!-- review-bot") {
t.Error("should not contain sentinel when reviewer name is empty")
}
}
func TestFormatMarkdown_RoleTitle(t *testing.T) {
result := &ReviewResult{
Verdict: "APPROVE",
Summary: "All good.",
Recommendation: "Merge it.",
}
// With reviewer name: should have title header
output := FormatMarkdown(result, "security")
if !strings.Contains(output, "# Security Review\n") {
t.Error("expected '# Security Review' header when reviewer name is set")
}
output2 := FormatMarkdown(result, "gpt")
if !strings.Contains(output2, "# Gpt Review\n") {
t.Error("expected '# Gpt Review' header")
}
// Without reviewer name: no title header
output3 := FormatMarkdown(result, "")
if strings.Contains(output3, "# ") && strings.Contains(output3, " Review\n") {
t.Error("should not contain role title header when reviewer name is empty")
}
}