|
1 | | -name: Review code |
| 1 | +name: Code Review |
2 | 2 |
|
3 | 3 | on: |
4 | 4 | pull_request: |
5 | | - types: [opened, synchronize, reopened] |
| 5 | + types: [opened, synchronize, reopened, ready_for_review] |
6 | 6 |
|
7 | 7 | permissions: {} |
8 | 8 |
|
9 | 9 | jobs: |
10 | 10 | review: |
11 | 11 | name: Review |
12 | | - runs-on: ubuntu-24.04 |
| 12 | + uses: bitwarden/gh-actions/.github/workflows/_review-code.yml@main |
| 13 | + secrets: |
| 14 | + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |
| 15 | + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} |
| 16 | + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} |
13 | 17 | permissions: |
14 | 18 | contents: read |
15 | 19 | id-token: write |
16 | 20 | pull-requests: write |
17 | | - |
18 | | - steps: |
19 | | - - name: Check out repo |
20 | | - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 |
21 | | - with: |
22 | | - fetch-depth: 0 |
23 | | - persist-credentials: false |
24 | | - |
25 | | - - name: Check for Vault team changes |
26 | | - id: check_changes |
27 | | - run: | |
28 | | - # Ensure we have the base branch |
29 | | - git fetch origin ${{ github.base_ref }} |
30 | | -
|
31 | | - echo "Comparing changes between origin/${{ github.base_ref }} and HEAD" |
32 | | - CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD) |
33 | | -
|
34 | | - if [ -z "$CHANGED_FILES" ]; then |
35 | | - echo "Zero files changed" |
36 | | - echo "vault_team_changes=false" >> $GITHUB_OUTPUT |
37 | | - exit 0 |
38 | | - fi |
39 | | -
|
40 | | - # Handle variations in spacing and multiple teams |
41 | | - VAULT_PATTERNS=$(grep -E "@bitwarden/team-vault-dev(\s|$)" .github/CODEOWNERS 2>/dev/null | awk '{print $1}') |
42 | | -
|
43 | | - if [ -z "$VAULT_PATTERNS" ]; then |
44 | | - echo "⚠️ No patterns found for @bitwarden/team-vault-dev in CODEOWNERS" |
45 | | - echo "vault_team_changes=false" >> $GITHUB_OUTPUT |
46 | | - exit 0 |
47 | | - fi |
48 | | -
|
49 | | - vault_team_changes=false |
50 | | - for pattern in $VAULT_PATTERNS; do |
51 | | - echo "Checking pattern: $pattern" |
52 | | -
|
53 | | - # Handle **/directory patterns |
54 | | - if [[ "$pattern" == "**/"* ]]; then |
55 | | - # Remove the **/ prefix |
56 | | - dir_pattern="${pattern#\*\*/}" |
57 | | - # Check if any file contains this directory in its path |
58 | | - if echo "$CHANGED_FILES" | grep -qE "(^|/)${dir_pattern}(/|$)"; then |
59 | | - vault_team_changes=true |
60 | | - echo "✅ Found files matching pattern: $pattern" |
61 | | - echo "$CHANGED_FILES" | grep -E "(^|/)${dir_pattern}(/|$)" | sed 's/^/ - /' |
62 | | - break |
63 | | - fi |
64 | | - else |
65 | | - # Handle other patterns (shouldn't happen based on your CODEOWNERS) |
66 | | - if echo "$CHANGED_FILES" | grep -q "$pattern"; then |
67 | | - vault_team_changes=true |
68 | | - echo "✅ Found files matching pattern: $pattern" |
69 | | - echo "$CHANGED_FILES" | grep "$pattern" | sed 's/^/ - /' |
70 | | - break |
71 | | - fi |
72 | | - fi |
73 | | - done |
74 | | -
|
75 | | - echo "vault_team_changes=$vault_team_changes" >> $GITHUB_OUTPUT |
76 | | -
|
77 | | - if [ "$vault_team_changes" = "true" ]; then |
78 | | - echo "" |
79 | | - echo "✅ Vault team changes detected - proceeding with review" |
80 | | - else |
81 | | - echo "" |
82 | | - echo "❌ No Vault team changes detected - skipping review" |
83 | | - fi |
84 | | -
|
85 | | - - name: Review with Claude Code |
86 | | - if: steps.check_changes.outputs.vault_team_changes == 'true' |
87 | | - uses: anthropics/claude-code-action@ac1a3207f3f00b4a37e2f3a6f0935733c7c64651 # v1.0.11 |
88 | | - with: |
89 | | - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} |
90 | | - track_progress: true |
91 | | - use_sticky_comment: true |
92 | | - prompt: | |
93 | | - REPO: ${{ github.repository }} |
94 | | - PR NUMBER: ${{ github.event.pull_request.number }} |
95 | | - TITLE: ${{ github.event.pull_request.title }} |
96 | | - BODY: ${{ github.event.pull_request.body }} |
97 | | - AUTHOR: ${{ github.event.pull_request.user.login }} |
98 | | - COMMIT: ${{ github.event.pull_request.head.sha }} |
99 | | -
|
100 | | - Please review this pull request with a focus on: |
101 | | - - Code quality and best practices |
102 | | - - Potential bugs or issues |
103 | | - - Security implications |
104 | | - - Performance considerations |
105 | | -
|
106 | | - Note: The PR branch is already checked out in the current working directory. |
107 | | -
|
108 | | - Provide a comprehensive review including: |
109 | | - - Summary of changes since last review |
110 | | - - Critical issues found (be thorough) |
111 | | - - Suggested improvements (be thorough) |
112 | | - - Good practices observed (be concise - list only the most notable items without elaboration) |
113 | | - - Action items for the author |
114 | | - - Leverage collapsible <details> sections where appropriate for lengthy explanations or code snippets to enhance human readability |
115 | | -
|
116 | | - When reviewing subsequent commits: |
117 | | - - Track status of previously identified issues (fixed/unfixed/reopened) |
118 | | - - Identify NEW problems introduced since last review |
119 | | - - Note if fixes introduced new issues |
120 | | -
|
121 | | - IMPORTANT: Be comprehensive about issues and improvements. For good practices, be brief - just note what was done well without explaining why or praising excessively. |
122 | | -
|
123 | | - claude_args: | |
124 | | - --allowedTools "mcp__github_comment__update_claude_comment,mcp__github_inline_comment__create_inline_comment,Bash(gh pr diff:*),Bash(gh pr view:*)" |
0 commit comments