codeframe/.github/workflows/opencode-review.yml at main · frankbria/codeframe · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
name: OpenCode PR Review

on:
  pull_request:
    types: [opened, synchronize]
    # Skip review for documentation and config-only changes
    # Exclude this workflow file to prevent self-triggering loops
    paths-ignore:
      - "**/*.md"
      - ".github/workflows/opencode-review.yml"
      - ".gitignore"
      - "pyproject.toml"

# Cancel in-progress runs for the same PR to avoid duplicate reviews
concurrency:
  group: opencode-review-${{ github.event.pull_request.number }}
  cancel-in-progress: true

jobs:
  opencode-review:
    if: false  # Disabled - leaks environment variables including GITHUB_TOKEN into PR comments
    runs-on: ubuntu-latest
    timeout-minutes: 10  # Prevent hanging - kill after 10 min
    permissions:
      id-token: write
      contents: read
      pull-requests: write
      issues: write

    steps:
      - name: Calculate total changes
        id: calc
        run: |
          additions=${{ github.event.pull_request.additions }}
          deletions=${{ github.event.pull_request.deletions }}
          total=$((additions + deletions))
          echo "total=$total" >> $GITHUB_OUTPUT

      - name: Checkout repository
        # Only review substantial changes (5+ files OR 20+ lines changed)
        if: |
          github.event.pull_request.changed_files >= 5 ||
          steps.calc.outputs.total >= 20
        uses: actions/checkout@v6
        with:
          fetch-depth: 1
          persist-credentials: false

      - name: Clear git credentials to avoid duplicate auth
        if: |
          github.event.pull_request.changed_files >= 5 ||
          steps.calc.outputs.total >= 20
        run: |
          # Clear all GitHub-related git config to prevent auth conflicts
          git config --global --unset-all http.https://github.com/.extraheader || true
          git config --local --unset-all http.https://github.com/.extraheader || true
          git config --global --unset-all credential.helper || true
          git config --local --unset-all credential.helper || true
          git config --global --unset-all credential."https://github.com".helper || true
          git config --local --unset-all credential."https://github.com".helper || true
          # Remove any credential URLs
          git config --global --unset-all credential.url || true
          git config --local --unset-all credential.url || true
          # Clear any includeIf configs that might add credentials
          # Note: git config doesn't support wildcards, so we iterate over matching keys
          # Use case-insensitive grep to catch both "includeIf" and "includeif"
          for key in $(git config --global --list --name-only 2>/dev/null | grep -i "^includeif\." || true); do
            git config --global --unset "$key" || true
          done
          for key in $(git config --local --list --name-only 2>/dev/null | grep -i "^includeif\." || true); do
            git config --local --unset "$key" || true
          done

      - name: Run OpenCode PR Review
        # Only review substantial changes (5+ files OR 20+ lines changed)
        if: |
          github.event.pull_request.changed_files >= 5 ||
          steps.calc.outputs.total >= 20
        uses: anomalyco/opencode/github@latest
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          ZHIPU_API_KEY: ${{ secrets.ZHIPU_API_KEY }}
          # Pass PR context as environment variables for the review
          PR_NUMBER: ${{ github.event.pull_request.number }}
          PR_TITLE: ${{ github.event.pull_request.title }}
          PR_BODY: ${{ github.event.pull_request.body }}
          REPO_NAME: ${{ github.repository }}
        with:
          model: zai-coding-plan/glm-4.7
          use_github_token: true
          prompt: |
            You are reviewing PR #${{ github.event.pull_request.number }} in repository ${{ github.repository }}.

            PR TITLE: ${{ github.event.pull_request.title }}

            Please review this pull request and provide feedback on:
            - Code quality and best practices
            - Potential bugs or issues
            - Performance considerations
            - Security concerns
            - Test coverage

            IMPORTANT NOTES:
            - Review the other comments on the pull request - including any prior reviews.
            - If you are reviewing changes beyond the first creation of the pull request,
              make sure your comments are consistent with previous reviews.
            - There's no need to repeat information unless it is critical and not
              being reflected in comments or code.
            - Be aware of prior reviews and that new file information may reflect
              changes because of previous reviews.

            Use the repository's CLAUDE.md for guidance on style and conventions.
            Be constructive and helpful in your feedback.

            IMPORTANT: Post exactly ONE comment using `gh pr comment`, then STOP.
            Do not attempt additional actions after posting your review.