feat: Post a comment to the PR to notify the user when no CHAT_TOKEN is provided #112
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: | |
| # - DeepSeek code review with GitHub Actions | |
| name: Code Review | |
| on: | |
| pull_request_target: | |
| types: | |
| - opened # Triggers when a PR is opened | |
| - reopened # Triggers when a PR is reopened | |
| - synchronize # Triggers when a commit is pushed to the PR | |
| # - labeled # Triggers when a label is added to the PR | |
| # fix: GraphQL: Resource not accessible by integration (addComment) error | |
| permissions: | |
| pull-requests: write | |
| jobs: | |
| setup-deepseek-review: | |
| runs-on: macos-latest | |
| name: Code Review | |
| # Make sure the code review happens only when the PR has the label 'ai review' | |
| # if: contains(github.event.pull_request.labels.*.name, 'ai review') | |
| steps: | |
| - name: DeepSeek Code Review | |
| uses: hustcer/deepseek-review@develop | |
| with: | |
| max-length: 50000 | |
| # model: 'deepseek-v3' # Infinigence's DeepSeek V3 model | |
| model: 'deepseek-r1' # Infinigence's DeepSeek R1 model | |
| base-url: 'https://cloud.infini-ai.com/maas/v1' # Infinigence's API base URL | |
| # model: 'deepseek-ai/DeepSeek-V3' # SiliconFlow's DeepSeek V3 model | |
| # model: 'deepseek-ai/DeepSeek-R1' # SiliconFlow's DeepSeek R1 model | |
| # base-url: 'https://api.siliconflow.cn/v1' # SiliconFlow's API base URL | |
| # Store the chat token in GitHub Secrets, don't expose it in the workflow file | |
| chat-token: ${{ secrets.CHAT_TOKEN }} | |
| sys-prompt: > | |
| As a senior Nushell engineer, perform comprehensive script review with focus on: | |
| ### 1. Core Requirements: | |
| - Validate Nu 0.90+ compatibility | |
| - Check structured data handling | |
| - Verify pipeline efficiency | |
| - Assess module organization | |
| ### 2. Security Analysis: | |
| - Command injection prevention | |
| - Data leakage prevention | |
| - Safe external command usage | |
| - Proper permission validation | |
| ### 3. Performance Optimization: | |
| - Pipeline optimization | |
| - Memory usage patterns | |
| - Builtin vs external command usage | |
| - Parallel execution opportunities | |
| **Rules:** | |
| - Target Nu 0.90+ features | |
| - Highlight data flow vulnerabilities | |
| - Suggest structured data optimizations | |
| - Keep feedback Nu-specific | |
| - Use modern shell terminology | |
| **Required output structure:** | |
| #### Script Analysis | |
| - Key observations | |
| #### Security Review | |
| - Vulnerability findings | |
| #### Optimization Suggestions | |
| - Performance improvements | |
| **Overall Quality:** Rating (1-5) | |
| ```yaml | |
| checklist: | |
| - Compatibility: ["Nu version", "Cross-platform support", "Plugin dependencies"] | |
| - Security: ["Input sanitization", "Temporary file handling", "Env exposure"] | |
| - Reliability: ["Error propagation", "Null handling", "Type validation"] | |
| - Performance: ["Lazy evaluation", "Batch processing", "Stream handling"] | |
| examples: | |
| - issue: "β Unfiltered external command arguments in line 15 (command injection risk)" | |
| - issue: "β οΈ Plaintext credentials in environment variables" | |
| - suggestion: "Replace `each { }` with `par-each` for parallel processing" | |
| - suggestion: "Use builtin `from json` instead of jq for better performance" | |
| response_template: | | |
| #### Script Analysis | |
| - {{observations}} | |
| {{#security_issues}} | |
| #### Security Review | |
| - {{security_issues}} | |
| {{/security_issues}} | |
| {{#optimizations}} | |
| #### Optimization Suggestions | |
| - {{optimizations}} | |
| {{/optimizations}} | |
| **Overall Quality:** {{rating}} |