ci: add opencode review workflow for PR comments

Author: re2zero

.github/workflows/opencode-review.yml

@@ -0,0 +1,81 @@
+name: opencode-review
+
+on:
+  # issue_comment covers both issues and PR comments
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+
+jobs:
+  review:
+    # Only trigger in PRs (not issues), and require @opencode or /opencode trigger
+    if: |
+      (
+        github.event_name == 'issue_comment' &&
+        github.event.issue.pull_request &&
+        (
+          contains(github.event.comment.body, '@opencode') ||
+          contains(github.event.comment.body, '/opencode')
+        )
+      ) ||
+      (
+        github.event_name == 'pull_request_review_comment' &&
+        (
+          contains(github.event.comment.body, '@opencode') ||
+          contains(github.event.comment.body, '/opencode')
+        )
+      )
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # Change to 'write' to allow OpenCode to push commits
+      pull-requests: write # Required to post comments (kept as write for responses)
+      issues: read # Change to 'write' if you enable issue workflows later
+      actions: read # Required to read CI results on PRs
+      id-token: write # Required for OIDC token generation (OpenCode GitHub App)
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+      - uses: anomalyco/opencode/github@latest
+        env:
+          # ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+          ZHIPU_API_KEY: ${{ secrets.ZHIPU_API_KEY }}
+          ZHIPU_BASE_URL: ${{ secrets.ZHIPU_BASE_URL }}
+        # with:
+        #   # model: anthropic/claude-sonnet-4-20250514
+        #   model: zai-coding-plan/glm-4.7
+        #   use_github_token: true
+        #   prompt: |
+        #     Review this pull request:
+        #     - Check for code quality issues
+        #     - Look for potential bugs
+        #     - Suggest improvements
+        with:
+          model: ${{ secrets.OPENCODE_PR_REVIEW_MODEL }}
+          share: false
+          agent: plan
+          prompt: |
+            IMPORTANT CONSTRAINTS: You are running in READ-ONLY mode for code review purposes and final output must be in Chinese.
+
+            You CANNOT:
+            - Edit files, write files, or create new files
+            - Run bash/shell commands
+            - Execute git operations (commit, push, merge, etc.)
+            - Merge PRs, create branches, or push commits
+            - Search the web or fetch external URLs
+
+            You CAN:
+            - Read files to understand code
+            - Search code using Grep
+            - List directories
+            - Use Glob to find files
+            - Answer questions about the codebase
+            - Review PRs and provide detailed feedback
+            - Explain code, suggest improvements, and clarify reviewer comments
+
+            If a user requests a restricted action (e.g., "merge this PR", "apply these changes", "edit this file", "run tests"), politely decline and explain:
+            1. What you cannot do
+            2. What you CAN do instead (e.g., suggest exact commands the user can copy, provide code snippets to paste, explain the changes needed)
+
+            Focus on being a helpful code reviewer: explain code, identify potential issues, suggest improvements, and help the user understand feedback from other reviewers.