refactor: extract configurable params to workflow file

jescalada · jescalada · commit 54c73c599b9d · 2026-04-17T13:43:35.000+09:00
diff --git a/.github/workflows/pr-quality-check.yml b/.github/workflows/pr-quality-check.yml
@@ -20,14 +20,14 @@ jobs:
           MODEL: ${{ secrets.MODEL }}
           # Only API key for the chosen model is required
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           # Obtained automatically by GH Actions
-          AUTHOR_USERNAME: ${{ github.event.pull_request.user.login }}
           AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
+          AUTHOR_USERNAME: ${{ github.event.pull_request.user.login }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_BODY: ${{ github.event.pull_request.body }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
-          REPO_NAME: ${{ github.repository }}
           PR_TITLE: ${{ github.event.pull_request.title }}
-          PR_BODY: ${{ github.event.pull_request.body }}
+          REPO_NAME: ${{ github.repository }}
         run: python scripts/pr_checker_agent.py
diff --git a/.github/workflows/security-review.yml b/.github/workflows/security-review.yml
@@ -28,15 +28,18 @@ jobs:
       - run: pip install litellm PyGithub
       - name: Run security review agent
         env:
+          IGNORED_EXTENSIONS: .lock,.sum
+          IGNORED_FILENAMES: package-lock.json,yarn.lock,poetry.lock,Gemfile.lock,Cargo.lock,composer.lock,pnpm-lock.yaml,pip.lock
+          MAX_PATCH_CHARS_PER_FILE: 3000
           # e.g: "claude-sonnet-4-6", "gpt-4o", etc.
           MODEL: ${{ secrets.MODEL }}
           # Only API key for the chosen model is required
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           # Obtained automatically by GH Actions
-          REPO_NAME: ${{ github.repository }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
+          REPO_NAME: ${{ github.repository }}
           TRIGGER: ${{ github.event_name }}
         run: python scripts/security_review_agent.py
diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml
@@ -16,16 +16,18 @@ jobs:
       - run: pip install litellm PyGithub
       - name: Run triage agent
         env:
+          AVAILABLE_LABELS: automation,bug,dependencies,documentation,enhancement,good-first-issue,meeting,needs-info,plugins,protocol,question,security,tech-debt,testing
+          LATEST_ISSUES_LIMIT: 100
           # e.g: "claude-sonnet-4-6", "gpt-4o", etc.
           MODEL: ${{ secrets.MODEL }}
           # Only API key for the chosen model is required
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           # Obtained automatically by GH Actions
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ISSUE_BODY: ${{ github.event.issue.body }}
           ISSUE_NUMBER: ${{ github.event.issue.number }}
-          REPO_NAME: ${{ github.repository }}
           ISSUE_TITLE: ${{ github.event.issue.title }}
-          ISSUE_BODY: ${{ github.event.issue.body }}
+          REPO_NAME: ${{ github.repository }}
         run: python scripts/triage_agent.py
diff --git a/scripts/security_review_agent.py b/scripts/security_review_agent.py
@@ -18,23 +18,19 @@
 if not any(os.environ.get(api_key) for api_key in valid_api_keys):
     raise ValueError("No API key is set")
 
+IGNORED_FILENAMES = set(os.environ.get(
+    "IGNORED_FILENAMES",
+    "package-lock.json,yarn.lock,poetry.lock,Gemfile.lock,Cargo.lock,composer.lock,pnpm-lock.yaml,pip.lock"
+).split(","))
 
-# Exclude files that are not useful for security analysis
-IGNORED_FILENAMES = {
-    "package-lock.json",
-    "yarn.lock",
-    "poetry.lock",
-    "Gemfile.lock",
-    "Cargo.lock",
-    "composer.lock",
-    "pnpm-lock.yaml",
-    "pip.lock",
-}
-
-IGNORED_EXTENSIONS = {".lock", ".sum"}
+# Extensions must include a leading dot
+IGNORED_EXTENSIONS = set(os.environ.get(
+    "IGNORED_EXTENSIONS",
+    ".lock,.sum"
+).split(","))
 
 # Truncate very large diffs like generated files to prevent bloating the prompt
-MAX_PATCH_CHARS_PER_FILE = 3000
+MAX_PATCH_CHARS_PER_FILE = int(os.environ.get("MAX_PATCH_CHARS_PER_FILE", 3000))
 
 # System prompt
 
diff --git a/scripts/triage_agent.py b/scripts/triage_agent.py
@@ -9,7 +9,8 @@
 repo = gh.get_repo(os.environ["REPO_NAME"])
 issue = repo.get_issue(int(os.environ["ISSUE_NUMBER"]))
 
-LATEST_ISSUES_LIMIT = 100
+LATEST_ISSUES_LIMIT = int(os.environ["LATEST_ISSUES_LIMIT"], 100)
+AVAILABLE_LABELS = os.environ.get("AVAILABLE_LABELS", "bug,enhancement,question,documentation,needs-info")
 MODEL = os.environ["MODEL"]
 
 for env_var in ["GITHUB_TOKEN", "REPO_NAME", "ISSUE_NUMBER", "ISSUE_TITLE", "ISSUE_BODY", "MODEL"]:
@@ -29,10 +30,7 @@
             "name": "apply_label",
             "description": (
                 "Apply one or more labels to the issue. "
-                "Use labels like: automation, bug, dependencies, "
-                "documentation, enhancement, good-first-issue, "
-                "meeting, needs-info, plugins, protocol, question, "
-                "security, tech-debt, testing."
+                "Use labels like: " + AVAILABLE_LABELS
             ),
             "parameters": {
                 "type": "object",
