Rodin
69e0a459c3
CI / test (pull_request) Successful in 14s
CI / review (gpt-4.1, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 23s
CI / review (gpt-5, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 58s
CI / review (gpt-5, security, SECURITY_REVIEW.md, SONNET_REVIEW_TOKEN) (pull_request) Successful in 1m35s
Sentinel-based cleanup: - Reviews embed <!-- review-bot:NAME --> in body (hidden HTML comment) - Cleanup matches by sentinel, not token identity - Each reviewer-name is a logical identity (sonnet, gpt, security) - Same token can run multiple review types without conflict - No extra API scopes needed System prompt file (--system-prompt-file / SYSTEM_PROMPT_FILE): - Loads a local file with additional review instructions - Appended to system base as "Additional Review Instructions" - Enables specialized reviews (security, performance, etc.) - Partially addresses #5 Security review: - SECURITY_REVIEW.md prompt focused on vulnerabilities - 3rd CI matrix entry using same token, different prompt - Focus: injection, auth, secrets, input validation, crypto, races CI changes: - REVIEWER_NAME passed from matrix.name - SYSTEM_PROMPT_FILE passed from matrix (empty for standard reviews) - 3 reviewers: sonnet (general), gpt (general), security (focused)
61 lines
1.7 KiB
YAML
61 lines
1.7 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
types: [opened, synchronize]
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.26'
|
|
- run: go test ./...
|
|
- run: go vet ./...
|
|
- run: go build -o review-bot ./cmd/review-bot
|
|
|
|
# Self-review: builds from source since we're pre-release
|
|
review:
|
|
runs-on: ubuntu-24.04
|
|
if: github.event_name == 'pull_request'
|
|
needs: test
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- name: sonnet
|
|
token_secret: SONNET_REVIEW_TOKEN
|
|
model: gpt-5
|
|
- name: gpt
|
|
token_secret: GPT_REVIEW_TOKEN
|
|
model: gpt-4.1
|
|
- name: security
|
|
token_secret: SONNET_REVIEW_TOKEN
|
|
model: gpt-5
|
|
system_prompt_file: SECURITY_REVIEW.md
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.26'
|
|
- run: go build -o review-bot ./cmd/review-bot
|
|
- name: Run ${{ matrix.name }} review
|
|
env:
|
|
GITEA_URL: ${{ github.server_url }}
|
|
GITEA_REPO: ${{ github.repository }}
|
|
PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
REVIEWER_TOKEN: ${{ secrets[matrix.token_secret] }}
|
|
REVIEWER_NAME: ${{ matrix.name }}
|
|
LLM_BASE_URL: ${{ secrets.LLM_BASE_URL }}
|
|
LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
|
|
LLM_MODEL: ${{ matrix.model }}
|
|
CONVENTIONS_FILE: "CONVENTIONS.md"
|
|
PATTERNS_REPO: "rodin/go-patterns"
|
|
PATTERNS_FILES: "README.md,patterns/"
|
|
LLM_TIMEOUT: "600"
|
|
SYSTEM_PROMPT_FILE: ${{ matrix.system_prompt_file }}
|
|
run: ./review-bot
|