Skip to content

feat: add code-review task (initial commit) (testing) #21103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
DevelopmentCats wants to merge 24 commits into
base: main
Choose a base branch
from
Open

feat: add code-review task (initial commit) (testing) #21103

DevelopmentCats wants to merge 24 commits into from
+357 −0

Conversation

@DevelopmentCats
Copy link
Contributor

@DevelopmentCats DevelopmentCats commented Dec 4, 2025

No description provided.

Copilot AI review requested due to automatic review settings December 4, 2025 17:16

This comment was marked as duplicate.

Sign in to view

DevelopmentCats

This comment was marked as duplicate.

Sign in to view

DevelopmentCats

This comment was marked as outdated.

Sign in to view

@DevelopmentCats DevelopmentCats added the doc-check Assign this label to PRs to check for any doc changes. label Dec 4, 2025
@github-actions
Copy link

github-actions bot commented Dec 4, 2025

Task created: https://dev.coder.com/tasks/DevelopmentCats/73db09fd-dbc6-4e63-8bfb-c16f7f15f7fc

@DevelopmentCats Coder

This comment was marked as outdated.

Sign in to view
@DevelopmentCats Coder

This comment was marked as outdated.

Sign in to view
DevelopmentCats
DevelopmentCats commented Dec 4, 2025
View reviewed changes
Copy link
Contributor Author

@DevelopmentCats DevelopmentCats left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Code Review

This PR adds a GitHub Actions workflow for AI-powered code reviews using Coder Tasks. The workflow triggers on the "code-review" label and creates a task that analyzes PRs and posts inline suggestions.

Found: 0 issues

Looks good - The workflow follows existing patterns from doc-check.yaml, includes proper error handling with set -euo pipefail, validates inputs appropriately, and uses correct security practices. The implementation is consistent with the codebase standards.

AI review via Coder Tasks

DevelopmentCats

This comment was marked as outdated.

Sign in to view

DevelopmentCats
DevelopmentCats commented Dec 11, 2025
View reviewed changes
Copy link
Contributor Author

@DevelopmentCats DevelopmentCats left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Code Review

Reviewed the workflow for production-breaking bugs, security issues, and logic errors.

Found: 0 critical issues

The workflow follows good practices:

  • ✅ Proper input validation (line 79)
  • ✅ Error handling with set -euo pipefail (line 62)
  • ✅ Proper variable quoting throughout
  • ✅ Timeout protection (30 minutes)
  • ✅ Scoped GitHub permissions (read contents, write PRs)
  • ✅ Conditional logic properly handles both event types

Minor observations (not blocking):

  • The grep -oP on line 90 works fine on GitHub Actions runners but could be replaced with sed for maximum portability
  • The workflow intentionally gives the AI task GitHub access via external-auth, which is the expected behavior for code review

AI review - no production-breaking issues found

DevelopmentCats
DevelopmentCats commented Dec 11, 2025
View reviewed changes
Copy link
Contributor Author

@DevelopmentCats DevelopmentCats left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Code Review

Reviewed GitHub Actions workflow for AI code review.

Found 2 issues (1 portability nitpick, 1 missing error handling) - see inline suggestions for fixes.

AI review via Coder Tasks

.github/workflows/code-review.yaml Outdated
echo "pr_url=${ISSUE_URL}" >> "${GITHUB_OUTPUT}"

# Extract PR number from URL
PR_NUMBER=$(echo "${INPUTS_PR_URL}" | grep -oP '(?<=pull/)\d+')
Copy link
Contributor Author

@DevelopmentCats DevelopmentCats Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Issue: [NITPICK] grep -oP uses Perl regex which is GNU-specific. While it works on GitHub Actions (Ubuntu), sed is more portable across all Unix systems.

This matches the portability pattern mentioned in the workflow's own examples (lines 221-226).

Suggested change
PR_NUMBER=$(echo "${INPUTS_PR_URL}" | grep -oP '(?<=pull/)\d+')
PR_NUMBER=$(echo "${INPUTS_PR_URL}" | sed -n 's|.*/pull/\([0-9]*\)$|\1|p')

.github/workflows/code-review.yaml
Comment on lines +115 to +117
run: |
echo "owner=${REPO_OWNER}" >> "${GITHUB_OUTPUT}"
echo "repo=${REPO_NAME}" >> "${GITHUB_OUTPUT}"
Copy link
Contributor Author

@DevelopmentCats DevelopmentCats Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Issue: Missing error handling with set -euo pipefail at the start of this script block.

The "Determine PR Context" step (line 62) has proper error handling, but this "Extract repository info" step doesn't. If REPO_OWNER or REPO_NAME are empty, the workflow would continue with empty values rather than failing fast.

Impact: Silent failures could lead to malformed task prompts or API calls.

Suggested change
run: |
echo "owner=${REPO_OWNER}" >> "${GITHUB_OUTPUT}"
echo "repo=${REPO_NAME}" >> "${GITHUB_OUTPUT}"
run: |
set -euo pipefail
echo "owner=${REPO_OWNER}" >> "${GITHUB_OUTPUT}"
echo "repo=${REPO_NAME}" >> "${GITHUB_OUTPUT}"

@DevelopmentCats
chore(workflows): update code review guidelines to address additional…
8ab152f 
… false positives and clarify feedback examples
DevelopmentCats

This comment was marked as outdated.

Sign in to view

@DevelopmentCats
chore(workflows): clarify code review guidelines regarding the use of…
3d1dd32 
… set -u and its limitations on empty strings
DevelopmentCats
DevelopmentCats commented Dec 11, 2025
View reviewed changes
Copy link
Contributor Author

@DevelopmentCats DevelopmentCats left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔍 Code Review

Reviewed GitHub Actions workflow for AI code review.

Found 1 issue (1 portability nitpick) - see inline suggestion for fix.

The workflow follows good patterns from doc-check.yaml with proper error handling, validation, and permissions. The only issue is using GNU-specific grep syntax.

AI review via Coder Tasks

DevelopmentCats

This comment was marked as outdated.

Sign in to view

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jdomeracki-coder jdomeracki-coder Awaiting requested review from jdomeracki-coder jdomeracki-coder is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@DevelopmentCats DevelopmentCats

Labels

code-review doc-check Assign this label to PRs to check for any doc changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DevelopmentCats