Bump the actions group across 1 directory with 4 updates #2

Workflow file for this run

.github/workflows/ai-pr-review-combined.yml at 3418282

	# AI-Powered PR Review - Secure Single Workflow
	# Analyzes PR content and posts review comments securely

	name: AI PR Review

	on:
	pull_request:
	types: [opened, synchronize, reopened]

	# Cancel previous workflow runs for the same PR
	concurrency:
	group: ${{ github.workflow }}-${{ github.event.number }}
	cancel-in-progress: true

	permissions:
	contents: read
	pull-requests: write
	issues: write

	jobs:
	ai-review:
	name: AI Code Review
	runs-on: ubuntu-latest

	steps:
	- name: Checkout base branch
	uses: actions/checkout@v5
	with:
	fetch-depth: 0
	ref: ${{ github.event.pull_request.base.ref }}

	- name: Get PR information
	id: pr-info
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PR_NUMBER: ${{ github.event.number }}
	BASE_SHA: ${{ github.event.pull_request.base.sha }}
	HEAD_SHA: ${{ github.event.pull_request.head.sha }}
	PR_AUTHOR: ${{ github.event.pull_request.user.login }}
	PR_TITLE: ${{ github.event.pull_request.title }}
	REPO_FULL_NAME: ${{ github.repository }}
	run: \|
	# Get PR details from environment variables (secure)
	echo "pr-number=$PR_NUMBER" >> $GITHUB_OUTPUT
	echo "base-sha=$BASE_SHA" >> $GITHUB_OUTPUT
	echo "head-sha=$HEAD_SHA" >> $GITHUB_OUTPUT
	echo "pr-author=$PR_AUTHOR" >> $GITHUB_OUTPUT
	echo "pr-title=$PR_TITLE" >> $GITHUB_OUTPUT

	# Get PR diff using GitHub API (secure with environment variables)
	curl -H "Authorization: token $GITHUB_TOKEN" \
	-H "Accept: application/vnd.github.v3.diff" \
	"https://api.github.com/repos/$REPO_FULL_NAME/compare/$BASE_SHA..$HEAD_SHA" \
	> pr_diff.txt

	# Check if diff file was created successfully
	if [ -s pr_diff.txt ]; then
	echo "diff-available=true" >> $GITHUB_OUTPUT
	# Limit diff size to prevent API limits (max 100KB)
	if [ $(wc -c < pr_diff.txt) -gt 102400 ]; then
	head -c 102400 pr_diff.txt > pr_diff_limited.txt
	mv pr_diff_limited.txt pr_diff.txt
	echo "diff-truncated=true" >> $GITHUB_OUTPUT
	else
	echo "diff-truncated=false" >> $GITHUB_OUTPUT
	fi
	else
	echo "diff-available=false" >> $GITHUB_OUTPUT
	echo "No diff content available" > pr_diff.txt
	fi

	- name: Setup Node.js for Gemini CLI
	uses: actions/setup-node@v5
	with:
	node-version: '18'

	- name: Install Gemini CLI
	run: \|
	npm install -g @google/gemini-cli
	gemini --version

	- name: Run AI Analysis
	id: ai-analysis
	env:
	GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
	PR_TITLE: ${{ steps.pr-info.outputs.pr-title }}
	PR_AUTHOR: ${{ steps.pr-info.outputs.pr-author }}
	run: \|
	# Create prompt file
	cat > analysis_prompt.txt << 'EOF'
	You are an expert WordPress plugin developer and security consultant reviewing a pull request for the "Optimizations ACE MC" WordPress plugin.

	PLUGIN CONTEXT:
	- WordPress optimization plugin for WooCommerce and WP Store Locator
	- Supports WordPress 6.5+ and PHP 7.4+
	- Single-site deployment (WooCommerce and WPSL guaranteed active)

	COMPREHENSIVE REVIEW CHECKLIST:

	🔒 SECURITY ANALYSIS:
	1. SQL Injection vulnerabilities - Check for unescaped database queries
	2. XSS (Cross-Site Scripting) issues - Verify output escaping with esc_html(), esc_attr(), etc.
	3. CSRF (Cross-Site Request Forgery) protection - Check for wp_nonce_field() usage
	4. Input validation and sanitization - Look for sanitize_*() functions
	5. Output escaping compliance - Ensure all dynamic output is escaped
	6. Authentication and authorization checks - Verify current_user_can() usage
	7. File upload security - Check file type validation and path traversal protection

	📝 WORDPRESS STANDARDS:
	1. WordPress Coding Standards compliance - PSR-4, naming conventions
	2. Proper use of WordPress APIs - Use WP functions instead of raw PHP
	3. Hook usage (actions/filters) - add_action(), add_filter() best practices
	4. Internationalization (i18n) implementation - __(), _e(), esc_html__() usage
	5. Plugin structure and organization - Proper file organization
	6. PHPDoc documentation quality - @param, @return, @since tags

	⚡ PERFORMANCE REVIEW:
	1. Database query optimization - Check for N+1 queries, use WP_Query properly
	2. Caching strategies - wp_cache_set(), transients usage
	3. Resource loading efficiency - wp_enqueue_script(), wp_enqueue_style()
	4. Memory usage considerations - Avoid memory leaks
	5. Scalability implications - Code that works well with large datasets

	🏗️ CODE QUALITY:
	1. Function complexity and readability - Keep functions focused and simple
	2. Error handling implementation - Proper try/catch and WP_Error usage
	3. Type safety and parameter validation - Validate function parameters
	4. Code reusability and DRY principles - Avoid code duplication
	5. Naming conventions - Clear, descriptive function and variable names

	🔧 PLUGIN-SPECIFIC:
	1. WooCommerce integration best practices - Use WC hooks and functions
	2. WP Store Locator compatibility - Ensure no conflicts
	3. Admin interface usability - Clear, intuitive admin pages
	4. Plugin activation/deactivation handling - Proper cleanup

	REVIEW FORMAT:
	Provide a comprehensive review in the following format:

	## 🛡️ Security Analysis
	[List any security issues found with severity level: CRITICAL/HIGH/MEDIUM/LOW]

	## 📝 WordPress Standards
	[Review compliance with WordPress coding standards]

	## ⚡ Performance Review
	[Identify performance optimizations and concerns]

	## 🏗️ Code Quality
	[Assess code structure, readability, and maintainability]

	## 🔧 Plugin-Specific Review
	[WooCommerce and WPSL integration review]

	## ✅ Recommendations
	[Provide specific, actionable recommendations]

	Focus on actionable feedback that improves security, WordPress compatibility, and code quality.

	PR Title: $PR_TITLE
	PR Author: @$PR_AUTHOR

	Here is the PR diff to analyze:
	EOF

	# Append the diff content
	cat pr_diff.txt >> analysis_prompt.txt

	# Run Gemini analysis and capture output
	gemini generate --prompt-file analysis_prompt.txt > ai_analysis_result.txt 2>&1 \|\| {
	echo "Gemini analysis failed. Creating fallback response..."
	cat > ai_analysis_result.txt << 'EOF'
	## 🤖 AI Analysis Status

	The automated AI analysis encountered an issue during execution. This may be due to:
	- Temporary API limitations
	- Large diff size
	- Network connectivity issues

	### Manual Review Recommended
	Please conduct a manual code review focusing on:
	- WordPress security best practices
	- Coding standards compliance
	- Performance considerations
	- Plugin-specific requirements

	The PR can still be reviewed and merged based on manual inspection.
	EOF
	echo "analysis-failed=true" >> $GITHUB_OUTPUT
	}

	# Verify the analysis result file exists and has content
	if [ -s ai_analysis_result.txt ]; then
	echo "analysis-success=true" >> $GITHUB_OUTPUT
	else
	echo "analysis-success=false" >> $GITHUB_OUTPUT
	fi

	- name: Post AI Review Comment
	uses: actions/github-script@v8
	env:
	PR_NUMBER: ${{ steps.pr-info.outputs.pr-number }}
	HEAD_SHA: ${{ steps.pr-info.outputs.head-sha }}
	PR_AUTHOR: ${{ steps.pr-info.outputs.pr-author }}
	DIFF_AVAILABLE: ${{ steps.pr-info.outputs.diff-available }}
	DIFF_TRUNCATED: ${{ steps.pr-info.outputs.diff-truncated }}
	ANALYSIS_SUCCESS: ${{ steps.ai-analysis.outputs.analysis-success }}
	with:
	script: \|
	const fs = require('fs');
	const prNumber = process.env.PR_NUMBER;
	const headSha = process.env.HEAD_SHA;
	const prAuthor = process.env.PR_AUTHOR;
	const diffAvailable = process.env.DIFF_AVAILABLE === 'true';
	const diffTruncated = process.env.DIFF_TRUNCATED === 'true';
	const analysisSuccess = process.env.ANALYSIS_SUCCESS === 'true';

	// Read AI analysis results
	let aiAnalysis = '';
	try {
	aiAnalysis = fs.readFileSync('ai_analysis_result.txt', 'utf8');
	} catch (error) {
	aiAnalysis = '## ❌ Analysis Error\n\nFailed to read analysis results. Manual review required.';
	}

	// Create status indicators
	let statusIndicators = '';
	if (!diffAvailable) {
	statusIndicators += '⚠️ Warning: No diff content available for analysis\n';
	}
	if (diffTruncated) {
	statusIndicators += '⚠️ Note: Large diff was truncated for analysis\n';
	}
	if (!analysisSuccess) {
	statusIndicators += '❌ Alert: AI analysis encountered issues\n';
	}

	const reviewContent = `
	## 🤖 AI-Powered Security & Code Review

	Hi @${prAuthor}! I've completed an analysis of this pull request.

	### 📊 Review Summary
	- Plugin: Optimizations ACE MC
	- Commit: \`${headSha.substring(0, 7)}\`
	- WordPress Compatibility: 6.5+
	- PHP Compatibility: 7.4+
	- Analysis Status: ${analysisSuccess ? '✅ Completed' : '⚠️ Partial/Failed'}

	${statusIndicators}

	---

	${aiAnalysis}

	---

	### 📋 Review Checklist for Maintainers
	- [ ] Security vulnerabilities addressed
	- [ ] WordPress coding standards followed
	- [ ] Performance impact considered
	- [ ] Documentation updated if needed
	- [ ] Tests pass (if applicable)

	> 🔄 Note: This analysis was performed securely without executing untrusted code.
	>
	> 🎯 Focus Areas: Security, WordPress Standards, Performance, Code Quality
	`;

	await github.rest.issues.createComment({
	issue_number: prNumber,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: reviewContent
	});

	- name: Handle Analysis Failure
	if: steps.ai-analysis.outputs.analysis-success != 'true'
	uses: actions/github-script@v8
	env:
	PR_NUMBER: ${{ steps.pr-info.outputs.pr-number }}
	WORKFLOW_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
	with:
	script: \|
	const prNumber = process.env.PR_NUMBER;
	const workflowUrl = process.env.WORKFLOW_URL;

	// Create an issue for failed analysis
	const title = `🚨 AI Analysis Failed for PR #${prNumber}`;
	const body = `
	## AI Code Analysis Failure

	The automated AI code analysis workflow failed for PR #${prNumber}.

	Pull Request: #${prNumber}
	Failure Time: ${new Date().toISOString()}
	Workflow Run: ${workflowUrl}

	### Possible Causes
	- API rate limits or temporary service issues
	- Large diff size exceeding analysis limits
	- Invalid file formats or encoding issues
	- GEMINI_API_KEY configuration problems

	### Manual Actions Required
	1. 🔍 Review the failed workflow logs for specific error details
	2. 🔄 Re-run the analysis workflow if it was a temporary issue
	3. 🛠️ Check GEMINI_API_KEY secret configuration
	4. 👥 Proceed with manual code review for the PR

	Note: This does not necessarily indicate issues with the PR code itself.
	`;

	await github.rest.issues.create({
	owner: context.repo.owner,
	repo: context.repo.repo,
	title: title,
	body: body,
	labels: ['ai-analysis', 'workflow-failure', 'needs-attention']
	});

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the actions group across 1 directory with 4 updates #2

Workflow file

Bump the actions group across 1 directory with 4 updates #2

Uh oh!

Workflow file for this run