Skip to content

801: ai #829

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
naanci wants to merge 1 commit into from
+31 −2
Closed

801: ai #829

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 31 additions & 2 deletions .github/workflows/ai-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,12 @@
- name: Get PR head SHA
id: pr-head
uses: actions/github-script@v7
env:
PR_ID: ${{ github.event.number || github.event.issue.number }}
with:
result-encoding: string
script: |
const prId = ${{ github.event.number || github.event.issue.number }};
const prId = process.env.PR_ID;
const { data: pr } = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
Comment on lines +31 to 39
Copy link
Contributor

@github-actions github-actions bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: Remove the intermediate environment variable PR_ID and directly use the GitHub expression github.event.number || github.event.issue.number within the script for clarity and conciseness. This avoids an unnecessary indirection. [general, importance: 6]

New proposed code: 
-env:
-  PR_ID: ${{ github.event.number || github.event.issue.number }}
 with:
   result-encoding: string
   script: |
-    const prId = process.env.PR_ID;
+    const prId = ${{ github.event.number || github.event.issue.number }};
     const { data: pr } = await github.rest.pulls.get({
         owner: context.repo.owner,
         repo: context.repo.repo,
         pull_number: parseInt(prId, 10)

Expand Down Expand Up @@ -63,7 +65,32 @@
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
UNLOAD_ENVIRONMENTS: ci

- name: Post /review command
if: github.event_name == 'pull_request'
uses: ./.github/composite/send-message
with:
prId: ${{ needs.getPRHead.outputs.prId }}
message: "/review"
token: ${{ env.GH_PAT }}

- name: Post /describe command
Comment on lines +68 to +76

Check failure

Code scanning / CodeQL

Checkout of untrusted code in a privileged context Critical

Potential execution of untrusted code on a privileged workflow (
issue_comment
Loading
)
if: github.event_name == 'pull_request'
uses: ./.github/composite/send-message
with:
prId: ${{ needs.getPRHead.outputs.prId }}
message: "/describe"
token: ${{ env.GH_PAT }}

- name: Post /improve command
Comment on lines +76 to +84

Check failure

Code scanning / CodeQL

Checkout of untrusted code in a privileged context Critical

Potential execution of untrusted code on a privileged workflow (
issue_comment
Loading
)
if: github.event_name == 'pull_request'
uses: ./.github/composite/send-message
with:
prId: ${{ needs.getPRHead.outputs.prId }}
message: "/improve"
token: ${{ env.GH_PAT }}

- name: Run composite workflow

Check failure

Code scanning / CodeQL

Checkout of untrusted code in a privileged context Critical

Potential execution of untrusted code on a privileged workflow (
issue_comment
Loading
)
if: github.event_name == 'issue_comment'
uses: ./.github/composite/notion-checks
id: notion_check
with:
Comment on lines 92 to 96
Copy link
Contributor

@github-actions github-actions bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: For consistency and to utilize the already determined PR ID, pass needs.getPRHead.outputs.prId to the notion-checks composite workflow instead of re-evaluating the expression. This ensures all steps use the same PR identifier. [general, importance: 7]

New proposed code: 
 - name: Run composite workflow
   if: github.event_name == 'issue_comment'
   uses: ./.github/composite/notion-checks
   id: notion_check
   with:
-    PR_ID: ${{ github.event.number || github.event.issue.number  }}
+    PR_ID: ${{ needs.getPRHead.outputs.prId }}

Expand All @@ -73,14 +100,16 @@
GET_GHA_OUTPUT: "true"

- name: Load STYLEGUIDE.md
if: github.event_name == 'issue_comment'
id: styleguide
run: |
echo "context<<EOF" >> $GITHUB_OUTPUT
cat ./STYLEGUIDE.md >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT

- name: Qodo PR-Agent
uses: qodo-ai/pr-agent@main
if: github.event_name == 'issue_comment'
uses: qodo-ai/pr-agent@v0.32
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
config.model: "gemini/gemini-2.5-flash"
Expand Down
Loading