From b6ba4e46360b44eaffd39755511a8e940834b899 Mon Sep 17 00:00:00 2001 From: Rodin Date: Thu, 14 May 2026 20:21:16 +0000 Subject: [PATCH] feat(ci): add GitHub Actions workflow for strat/review-bot PRs Adds .github/workflows/review.yml to run AI code review on PRs using SAP AI Core. Three reviewers: sonnet, gpt, security (same as Gitea CI). Uses the .gitea/actions/review composite action which auto-detects GitHub vs Gitea runners via GITHUB_API_URL and uses GitHub REST API accordingly. Prerequisites: - Set required secrets on strat/review-bot (see comments in workflow) - Publish at least one release of review-bot on strat/review-bot with review-bot-linux-amd64 and checksums.txt assets Runs on ubuntu-24.04 (matching the runner label used by strat org). --- .github/workflows/review.yml | 77 ++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 .github/workflows/review.yml diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml new file mode 100644 index 0000000..054e903 --- /dev/null +++ b/.github/workflows/review.yml @@ -0,0 +1,77 @@ +name: AI Code Review + +# AI code review for pull requests on github.concur.com/strat/review-bot. +# Uses SAP AI Core as the LLM provider (same as the Gitea CI workflow). +# +# Prerequisites before this workflow can run: +# 1. Set required secrets on strat/review-bot (see list below) +# 2. Publish at least one release of review-bot on strat/review-bot +# (or change action-repo to a repo that already has releases) +# +# Required secrets: +# SONNET_REVIEW_TOKEN — GitHub token for the Sonnet reviewer bot +# GPT_REVIEW_TOKEN — GitHub token for the GPT reviewer bot +# AICORE_CLIENT_ID — SAP AI Core OAuth client ID +# AICORE_CLIENT_SECRET — SAP AI Core OAuth client secret +# AICORE_AUTH_URL — SAP AI Core OAuth token endpoint +# AICORE_API_URL — SAP AI Core inference API URL +# AICORE_RESOURCE_GROUP — SAP AI Core resource group (optional, default: default) + +on: + pull_request: + types: [opened, synchronize] + +jobs: + test: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version: '1.26' + - run: go test ./... + - run: go vet ./... + - run: go build -o review-bot ./cmd/review-bot + + review: + runs-on: ubuntu-24.04 + if: github.event_name == 'pull_request' + needs: test + strategy: + fail-fast: false + matrix: + include: + - name: sonnet + token_secret: SONNET_REVIEW_TOKEN + model: anthropic--claude-4.6-sonnet + - name: gpt + token_secret: GPT_REVIEW_TOKEN + model: gpt-5 + - name: security + token_secret: GPT_REVIEW_TOKEN + model: gpt-5 + system_prompt_file: SECURITY_REVIEW.md + steps: + - uses: actions/checkout@v4 + - uses: ./.gitea/actions/review + with: + # On GHES runners, vcs-url is ignored; the composite action uses github.server_url. + # action-repo must be a repo with published review-bot releases. + # Requires strat/review-bot to have at least one release tag with + # review-bot-linux-amd64 and checksums.txt assets. + vcs-url: https://gitea.weiker.me + action-repo: strat/review-bot + reviewer-token: ${{ secrets[matrix.token_secret] }} + reviewer-name: ${{ matrix.name }} + llm-provider: aicore + llm-model: ${{ matrix.model }} + aicore-client-id: ${{ secrets.AICORE_CLIENT_ID }} + aicore-client-secret: ${{ secrets.AICORE_CLIENT_SECRET }} + aicore-auth-url: ${{ secrets.AICORE_AUTH_URL }} + aicore-api-url: ${{ secrets.AICORE_API_URL }} + aicore-resource-group: ${{ secrets.AICORE_RESOURCE_GROUP }} + conventions-file: CONVENTIONS.md + patterns-repo: rodin/go-patterns + patterns-files: README.md,patterns/ + timeout: "600" + system-prompt-file: ${{ matrix.system_prompt_file || '' }}