-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (125 loc) · 3.63 KB
/
Copy pathcode-review.yml
File metadata and controls
133 lines (125 loc) · 3.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: AI Code Review
on:
pull_request:
types: [opened, synchronize, ready_for_review]
push:
branches: [main]
concurrency:
group: review-${{ github.ref }}
cancel-in-progress: true
permissions:
pull-requests: write
contents: write
checks: write
statuses: write
env:
ZAI_BASE_URL: "https://api.z.ai/api/coding/paas/v4/"
jobs:
secret-scan:
name: "🔒 Secret Scan"
runs-on: ubuntu-latest
outputs:
secrets_found: ${{ steps.scan.outputs.found }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Scan diff for secrets
id: scan
uses: sulthonzh/code-reviewer@main
with:
command: secret-scan
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Block if secrets found
if: steps.scan.outputs.found == 'true'
run: |
echo "::error::Found potential secret(s) in the diff. Remove before merging."
exit 1
ai-review:
name: "🤖 AI Review"
runs-on: ubuntu-latest
needs: secret-scan
outputs:
approved: ${{ steps.review.outputs.approved }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect project context
id: context
uses: sulthonzh/code-reviewer@main
with:
command: detect-context
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Route model
id: model
run: |
DIFF_LINES=$(git diff origin/main...HEAD 2>/dev/null | wc -l || echo 0)
if [ "$DIFF_LINES" -gt 500 ]; then
echo "model=glm-5.1" >> "$GITHUB_OUTPUT"
else
echo "model=glm-4.5" >> "$GITHUB_OUTPUT"
fi
- name: Run AI review
id: review
uses: sulthonzh/code-reviewer@main
with:
command: ai-review
model: ${{ steps.model.outputs.model }}
project-type: ${{ steps.context.outputs.project_type }}
zai-api-key: ${{ secrets.ZAI_API_KEY }}
zai-base-url: ${{ env.ZAI_BASE_URL }}
github-token: ${{ secrets.GITHUB_TOKEN }}
quality-gate:
name: "✅ Quality Gate"
runs-on: ubuntu-latest
needs: [secret-scan, ai-review]
outputs:
passed: ${{ steps.gate.outputs.passed }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run quality checks
id: gate
uses: sulthonzh/code-reviewer@main
with:
command: quality-gate
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Post status
if: always()
uses: sulthonzh/code-reviewer@main
with:
command: post-status
passed: ${{ steps.gate.outputs.passed }}
github-token: ${{ secrets.GITHUB_TOKEN }}
auto-merge:
name: "🔀 Auto-Merge"
runs-on: ubuntu-latest
needs: [ai-review, quality-gate]
if: >-
needs.ai-review.outputs.approved == 'true' &&
needs.quality-gate.outputs.passed == 'true' &&
github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v4
- name: Approve and merge
uses: sulthonzh/code-reviewer@main
with:
command: auto-merge
github-token: ${{ secrets.GITHUB_TOKEN }}
auto-release:
name: "📦 Auto-Release"
runs-on: ubuntu-latest
if: >-
github.event_name == 'push' &&
github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect and release
uses: sulthonzh/code-reviewer@main
with:
command: auto-release
github-token: ${{ secrets.GITHUB_TOKEN }}