name: AI Code Review

# AI code review for pull requests on github.concur.com/strat/review-bot.
# Uses SAP AI Core as the LLM provider (same as the Gitea CI workflow).
#
# Prerequisites before this workflow can run:
#   1. Set required secrets on strat/review-bot (see list below)
#   2. Publish at least one release of review-bot on strat/review-bot
#      (or change action-repo to a repo that already has releases)
#
# Required secrets:
#   SONNET_REVIEW_TOKEN  — GitHub token for the Sonnet reviewer bot
#   GPT_REVIEW_TOKEN     — GitHub token for the GPT reviewer bot
#   AICORE_CLIENT_ID     — SAP AI Core OAuth client ID
#   AICORE_CLIENT_SECRET — SAP AI Core OAuth client secret
#   AICORE_AUTH_URL      — SAP AI Core OAuth token endpoint
#   AICORE_API_URL       — SAP AI Core inference API URL
#   AICORE_RESOURCE_GROUP — SAP AI Core resource group (optional, default: default)

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  test:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: '1.26'
      - run: go test ./...
      - run: go vet ./...
      - run: go build -o review-bot ./cmd/review-bot

  review:
    runs-on: ubuntu-24.04
    if: github.event_name == 'pull_request'
    needs: test
    strategy:
      fail-fast: false
      matrix:
        include:
          - name: sonnet
            token_secret: SONNET_REVIEW_TOKEN
            model: anthropic--claude-4.6-sonnet
          - name: gpt
            token_secret: GPT_REVIEW_TOKEN
            model: gpt-5
          - name: security
            token_secret: GPT_REVIEW_TOKEN
            model: gpt-5
            system_prompt_file: SECURITY_REVIEW.md
    steps:
      - uses: actions/checkout@v4
      - uses: ./.gitea/actions/review
        with:
          # On GHES runners, vcs-url is ignored; the composite action uses github.server_url.
          # action-repo must be a repo with published review-bot releases.
          # Requires strat/review-bot to have at least one release tag with
          # review-bot-linux-amd64 and checksums.txt assets.
          vcs-url: https://gitea.weiker.me
          action-repo: strat/review-bot
          reviewer-token: ${{ secrets[matrix.token_secret] }}
          reviewer-name: ${{ matrix.name }}
          llm-provider: aicore
          llm-model: ${{ matrix.model }}
          aicore-client-id: ${{ secrets.AICORE_CLIENT_ID }}
          aicore-client-secret: ${{ secrets.AICORE_CLIENT_SECRET }}
          aicore-auth-url: ${{ secrets.AICORE_AUTH_URL }}
          aicore-api-url: ${{ secrets.AICORE_API_URL }}
          aicore-resource-group: ${{ secrets.AICORE_RESOURCE_GROUP }}
          conventions-file: CONVENTIONS.md
          patterns-repo: rodin/go-patterns
          patterns-files: README.md,patterns/
          timeout: "600"
          system-prompt-file: ${{ matrix.system_prompt_file || '' }}