opensearch-build/.github/workflows/code-diff-reviewer.yml at main · opensearch-project/opensearch-build · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
---
name: Code Diff Reviewer
on:
  workflow_call:
    secrets:
      BEDROCK_ACCESS_ROLE:
        required: true
    inputs:
      skip_diff_reviewer_on_push:
        required: false
        type: boolean
        default: true
      skip_diff_reviewer_with_label_name:
        required: false
        type: string
        default: 'skip-diff-reviewer'

jobs:
  Code-Diff-Reviewer:
    runs-on: ubuntu-latest
    permissions:
      id-token: write  # github oidc to assume aws roles
      pull-requests: write  # to create or update comment (peter-evans/create-or-update-comment)
    timeout-minutes: 10
    steps:
      - name: Verify reviewer status
        run: |
          echo "skip_diff_reviewer=false" >> $GITHUB_ENV
          if [ "${{ github.event_name }}" = "push" ]; then
            if [ "${{ inputs.skip_diff_reviewer_on_push }}" = "true" ]; then
              echo "Diff reviewer skipped due to inputs.skip_diff_reviewer_on_push is set to 'true'"
              echo "skip_diff_reviewer=true" >> $GITHUB_ENV
            fi
          elif [ "${{ github.event_name }}" = "pull_request_target" ]; then
            PR_AUTHOR="${{ github.event.pull_request.user.login }}"
            if [ "$PR_AUTHOR" != "dependabot[bot]" ] && \
               [ "$PR_AUTHOR" != "opensearch-trigger-bot[bot]" ] && \
               [ "$PR_AUTHOR" != "mend-for-github-com[bot]" ]; then
              echo "PR author '$PR_AUTHOR' is not a bot, proceeding..."

              PR_LABELS=$(curl -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
                -H "Accept: application/vnd.github.v3+json" \
                "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.number }}/labels" \
                | jq -r '.[].name')
              echo "labels: $PR_LABELS"
              echo "Verifying skip label: ${{ inputs.skip_diff_reviewer_with_label_name }}"
              if [ -n "$PR_LABELS" ]; then
                for label in $PR_LABELS
                do
                  if [[ "$label" = "${{ inputs.skip_diff_reviewer_with_label_name }}" ]]; then
                    echo "Diff analyzer skipped due to label ${{ inputs.skip_diff_reviewer_with_label_name }}."
                    echo "skip_diff_reviewer=true" >> $GITHUB_ENV
                    break
                  fi
                done
              fi
            else
              echo "PR author '$PR_AUTHOR' is a bot, skipping..."
              echo "skip_diff_reviewer=true" >> $GITHUB_ENV
            fi
          else
            echo "wrong github event: ${{ github.event_name }}, must be 'push' or 'pull_request_target'"
            exit 1
          fi
      - name: Configure AWS credentials
        if: ${{ env.skip_diff_reviewer != 'true' }}
        uses: aws-actions/configure-aws-credentials@v6
        with:
          role-to-assume: ${{ secrets.BEDROCK_ACCESS_ROLE }}
          aws-region: us-east-1
      - name: PR Agent Review
        if: ${{ env.skip_diff_reviewer != 'true' }}
        # Temporary fix due to pr-agent not lock to the specific docker image in github tag
        # Causing PRs like this to break bedrock integration:
        # https://github.com/qodo-ai/pr-agent/pull/2278
        uses: peterzhuamazon/pr-agent@4708eba6e61e9bcff9e90162e91b758076c62d1b
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          github_action_config.auto_review: true
          github_action_config.auto_describe: false
          github_action_config.auto_improve: true
          github_action_config.pr_actions: '["opened", "synchronize", "reopened"]'
          pr_reviewer.require_estimate_effort_to_review: false
          pr_reviewer.require_can_be_split_review: true  # avoid huge PRs
          pr_reviewer.num_max_findings: 5
          pr_reviewer.require_todo_scan: true
          pr_reviewer.require_ticket_analysis_review: false
          pr_reviewer.require_security_review: true
          pr_reviewer.enable_review_labels_security: false  # avoid too many labels at the moment
          pr_reviewer.enable_review_labels_effort: false
          pr_code_suggestions.max_history_len: 5  # max number of history of previous suggestions in same persistent comment
          pr_code_suggestions.max_number_of_calls: 3  # max number of chunks to cut PR, make X number of calls per commit on PR, each 32000 token
          pr_code_suggestions.num_code_suggestions_per_chunk: 4  # max number of suggestions per chunk
          pr_code_suggestions.enable_chat_in_code_suggestions: false  # only for app
          pr_code_suggestions.commitable_code_suggestions: false  # Too much similar changes on every push
          pr_code_suggestions.apply_suggestions_checkbox: false
          pr_code_suggestions.enable_more_suggestions_checkbox: false
          pr_code_suggestions.wiki_page_accepted_suggestions: false
          pr_code_suggestions.allow_thumbs_up_down: true
          pr_code_suggestions.publish_output_no_suggestions: false  # avoid comment even if there is no suggestions
          config.model: 'bedrock/us.anthropic.claude-sonnet-4-6'
          config.fallback_models: '["bedrock/us.anthropic.claude-haiku-4-5-20251001-v1:0"]'