-
Notifications
You must be signed in to change notification settings - Fork 1.1k
219 lines (193 loc) · 8.23 KB
/
code-review-sweep.yml
File metadata and controls
219 lines (193 loc) · 8.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
name: Code Review Sweep
on:
schedule:
# Every 15 minutes
- cron: "*/15 * * * *"
workflow_dispatch:
permissions:
contents: read
# Prevent overlapping sweeps
concurrency:
group: code-review-sweep
cancel-in-progress: false
jobs:
# ---------------------------------------------------------------------------
# Job 1: Determine which modules to review
# ---------------------------------------------------------------------------
dispatch:
# Only run on official repo, not forks
if: github.repository == 'open-telemetry/opentelemetry-java-instrumentation'
runs-on: ubuntu-latest
outputs:
modules: ${{ steps.build-matrix.outputs.modules }}
has_work: ${{ steps.build-matrix.outputs.has_work }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 1
- name: Fetch progress branch
run: git fetch origin otelbot/code-review-progress || true
- name: Build review matrix
id: build-matrix
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Read progress from the dedicated orphan branch (if it exists)
progress=$(git show origin/otelbot/code-review-progress:reviewed.txt 2>/dev/null || true)
if [[ -n "$progress" ]]; then
export REVIEW_PROGRESS="$progress"
fi
python .github/scripts/code-review/build-review-matrix.py
# ---------------------------------------------------------------------------
# Job 2: Walk modules sequentially on a single branch, stopping once the
# accumulated change set reaches FILE_THRESHOLD modified files. One PR per run.
# ---------------------------------------------------------------------------
review:
needs: dispatch
if: needs.dispatch.outputs.has_work == 'true'
runs-on: ubuntu-latest
environment: protected
permissions:
contents: write # for git push
env:
MODULES_JSON: ${{ needs.dispatch.outputs.modules }}
MODEL: "gpt-5.4"
# Stop processing further modules once at least this many files have been
# modified (vs origin/main) at the end of a module.
FILE_THRESHOLD: 10
COPILOT_ROOT: /tmp/copilot
FRAGMENTS_DIR: /tmp/pr-body-fragments
PROCESSED_MODULES: /tmp/processed-modules.txt
PR_BODY: /tmp/pr-body.md
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Fetch progress branch
run: git fetch origin otelbot/code-review-progress || true
- name: Free disk space
run: .github/scripts/gha-free-disk-space.sh
- name: Set up JDK for running Gradle
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
distribution: temurin
java-version-file: .java-version
- name: Setup Gradle
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0
with:
cache-read-only: true
- name: Install Copilot CLI
run: |
curl -fsSL https://gh.io/copilot-install | bash
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
- name: Use CLA approved bot
run: .github/scripts/use-cla-approved-bot.sh
- name: Check out review branch
id: branch
run: |
branch="otelbot/code-review-sweep-${GITHUB_RUN_ID}"
git checkout -B "$branch" origin/main
echo "name=$branch" >> "$GITHUB_OUTPUT"
- name: Run Copilot review loop
id: review-loop
env:
COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}
COPILOT_REVIEW_PROMPT_TEMPLATE: >-
Review all files under __MODULE_DIR__. Apply safe repository-guideline fixes directly.
Return ONLY a valid JSON object as your final answer with this exact schema:
{"summary": string, "changes": [{"path": string, "category": string, "change": string, "reason": string, "line_hint": number|null}], "unresolved": [{"path": string, "reason": string}]}
Include one changes entry for every file you changed.
Use concise factual reasons that cite the review guideline or repository rule behind each change.
In `summary`, `change`, and `reason`, use Markdown inline code backticks around code-like constructs when helpful,
including annotations, class names, method names, field names, file names, Gradle tasks, commands, flags, and config keys.
If no safe fixes were applied, still return valid JSON with an empty changes array and a brief summary.
Do not write markdown and do not wrap the JSON in code fences.
run: python .github/scripts/code-review/sweep-loop.py
- name: Upload review diagnostics artifact
if: always()
id: upload-review-diagnostics
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: code-review-diagnostics-${{ github.run_id }}
path: |
/tmp/copilot/**
/tmp/processed-modules.txt
if-no-files-found: ignore
- name: Assemble PR body
if: steps.review-loop.outputs.commits_on_branch != '0'
env:
ARTIFACT_URL: ${{ steps.upload-review-diagnostics.outputs.artifact-url }}
run: |
set -euo pipefail
{
echo "Automated code review sweep walked the following modules in order"
echo "and stopped after accumulating at least ${FILE_THRESHOLD} modified files:"
echo
while IFS= read -r m; do
echo "- \`$m\`"
done < "$PROCESSED_MODULES"
echo
echo "---"
echo
for f in "$FRAGMENTS_DIR"/*.md; do
[[ -f "$f" ]] || continue
cat "$f"
echo
done
echo "---"
echo
echo "[Download code review diagnostics]($ARTIFACT_URL)"
echo
} > "$PR_BODY"
- name: Commit summary
if: steps.review-loop.outputs.commits_on_branch != '0'
id: commit
run: |
branch="${{ steps.branch.outputs.name }}"
git push -f origin "$branch"
echo "pushed=true" >> "$GITHUB_OUTPUT"
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: otelbot-token
if: steps.commit.outputs.pushed == 'true'
with:
app-id: ${{ vars.OTELBOT_APP_ID }}
private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
- name: Create PR
if: steps.commit.outputs.pushed == 'true'
env:
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
run: |
branch="${{ steps.branch.outputs.name }}"
title="Code review sweep (run ${GITHUB_RUN_ID})"
gh pr create \
--title "$title" \
--body-file "$PR_BODY" \
--base main \
--head "$branch" \
--label "automated code review"
- name: Ensure progress branch exists
if: steps.review-loop.outputs.processed_count != '0'
run: |
if ! git rev-parse --verify origin/otelbot/code-review-progress >/dev/null 2>&1; then
git checkout --orphan otelbot/code-review-progress
git reset --hard
git commit --allow-empty -m "Initialize progress tracking"
git push origin HEAD:otelbot/code-review-progress || true
fi
- name: Check out progress branch
if: steps.review-loop.outputs.processed_count != '0'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: otelbot/code-review-progress
path: progress
- name: Mark processed modules as reviewed
if: steps.review-loop.outputs.processed_count != '0'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -euo pipefail
cd progress
git config user.name otelbot
git config user.email 197425009+otelbot@users.noreply.github.com
cat "$PROCESSED_MODULES" >> reviewed.txt
git add reviewed.txt
git commit -m "Mark $(wc -l < "$PROCESSED_MODULES" | tr -d ' ') module(s) as reviewed"
git push origin HEAD:otelbot/code-review-progress