From 6b5c45bbf4673b4f232304859b034128949857b9 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Mon, 18 Aug 2025 15:41:33 -0700 Subject: [PATCH 01/27] feat(actions): add GitHub App authentication support for review actions - Add optional GitHub App integration for bot identity - Add `use_github_app` input parameter (defaults to true) - Generate app tokens when configured for branded bot identity - Provide fallback to standard GitHub Actions token - Update documentation with setup instructions and benefits - Add troubleshooting guide for app configuration issues --- .github/workflows/test-continue-agent.yml | 56 ++++++++++++++++++ actions/README.md | 71 ++++++++++++++++++++--- actions/detailed-review/action.yml | 64 ++++++++++++++++++-- actions/general-review/action.yml | 62 +++++++++++++++++++- 4 files changed, 239 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/test-continue-agent.yml diff --git a/.github/workflows/test-continue-agent.yml b/.github/workflows/test-continue-agent.yml new file mode 100644 index 00000000000..0e6b933af99 --- /dev/null +++ b/.github/workflows/test-continue-agent.yml @@ -0,0 +1,56 @@ +name: Test Continue Agent App Integration +on: + pull_request: + types: [opened, ready_for_review] + issue_comment: + types: [created] + workflow_dispatch: # Allow manual testing + +permissions: + contents: read + pull-requests: write + issues: write + +jobs: + # Test with GitHub App (default behavior) + test-with-app: + name: Test with Continue Agent App + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: General Review with App + uses: ./actions/general-review + with: + continue-api-key: ${{ secrets.CONTINUE_API_KEY }} + continue-org: "test-org" + continue-config: "test-org/review-bot" + # use_github_app defaults to true + + # Test without GitHub App (fallback mode) + test-without-app: + name: Test without GitHub App + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: General Review without App + uses: ./actions/general-review + with: + continue-api-key: ${{ secrets.CONTINUE_API_KEY }} + continue-org: "test-org" + continue-config: "test-org/review-bot" + use_github_app: false # Explicitly disable app authentication + + # Test detailed review with app + test-detailed-with-app: + name: Test Detailed Review with App + runs-on: ubuntu-latest + timeout-minutes: 10 + if: contains(github.event.comment.body, '@test-detailed') + steps: + - name: Detailed Review with App + uses: ./actions/detailed-review + with: + continue-api-key: ${{ secrets.CONTINUE_API_KEY }} + continue-org: "test-org" + continue-config: "test-org/review-bot" + # use_github_app defaults to true \ No newline at end of file diff --git a/actions/README.md b/actions/README.md index 6d3bbf377dd..f6e87c4f270 100644 --- a/actions/README.md +++ b/actions/README.md @@ -119,15 +119,16 @@ jobs: Both actions accept the same inputs: -| Input | Description | Required | -| ------------------ | -------------------------------------- | -------- | -| `continue-api-key` | API key for Continue service | Yes | -| `continue-org` | Organization for Continue config | Yes | -| `continue-config` | Config path (e.g., "myorg/review-bot") | Yes | +| Input | Description | Required | Default | +| ------------------ | -------------------------------------------------------- | -------- | ------- | +| `continue-api-key` | API key for Continue service | Yes | - | +| `continue-org` | Organization for Continue config | Yes | - | +| `continue-config` | Config path (e.g., "myorg/review-bot") | Yes | - | +| `use_github_app` | Use Continue Agent GitHub App for bot identity | No | `true` | ## Setup Requirements -### 1. Continue API Key +### 1. Continue API Key (Required) Add your Continue API key as a secret named `CONTINUE_API_KEY` in your repository: @@ -137,7 +138,41 @@ Add your Continue API key as a secret named `CONTINUE_API_KEY` in your repositor 4. Name: `CONTINUE_API_KEY` 5. Value: Your Continue API key -### 2. Continue Configuration +### 2. Continue Agent GitHub App (Recommended) + +To enable reviews with the `continue-agent[bot]` identity instead of `github-actions[bot]`: + +#### Option A: Install the Continue Agent App + +1. **Install the app**: Visit https://github.com/apps/continue-agent +2. **Grant repository access**: Select the repositories where you want to use Continue reviews +3. **Configure secrets and variables**: + - Add a **repository secret**: `CONTINUE_APP_PRIVATE_KEY` + - This should contain your GitHub App's private key (the entire .pem file content) + - Add a **repository variable**: `CONTINUE_APP_ID` + - This should contain your GitHub App's ID + +#### Option B: Use without GitHub App + +If you prefer to use the standard `github-actions[bot]` identity, add this to your workflow: + +```yaml +- uses: continuedev/continue/actions/general-review@main + with: + continue-api-key: ${{ secrets.CONTINUE_API_KEY }} + continue-org: "your-org-name" + continue-config: "your-org-name/review-bot" + use_github_app: false # Disable GitHub App integration +``` + +#### Benefits of Using the GitHub App + +- ✅ **Branded Identity**: Reviews appear as `continue-agent[bot]` with custom avatar +- ✅ **Better Rate Limits**: App rate limits scale with repository count +- ✅ **Professional Appearance**: Distinctive bot identity for your reviews +- ✅ **Enhanced Security**: Short-lived tokens (1 hour expiry) with automatic revocation + +### 3. Continue Configuration Set up your review bot configuration in Continue: @@ -145,7 +180,7 @@ Set up your review bot configuration in Continue: 2. Configure the review bot settings 3. Note your organization name and config path -### 3. Workflow Permissions +### 4. Workflow Permissions The workflow requires these permissions: @@ -224,6 +259,26 @@ uses: continuedev/continue/actions/general-review@64bda6b2b3dac1037e9895dbee4ce1 ## Troubleshooting +### GitHub App Installation Issues + +#### Error: "Continue Agent GitHub App is not installed or configured properly" + +This error means the GitHub App token could not be generated. Common causes: + +1. **App not installed**: Visit https://github.com/apps/continue-agent and install it +2. **Missing secrets/variables**: Ensure you've added: + - Secret: `CONTINUE_APP_PRIVATE_KEY` (the entire .pem file content) + - Variable: `CONTINUE_APP_ID` (your app's ID number) +3. **No repository access**: Check that the app has access to your repository +4. **Incorrect private key format**: Make sure you include the full private key with headers: + ``` + -----BEGIN RSA PRIVATE KEY----- + [key content] + -----END RSA PRIVATE KEY----- + ``` + +**Quick fix**: Set `use_github_app: false` in your workflow to bypass app authentication + ### Review not triggering - Ensure the PR author or commenter has appropriate permissions (OWNER, MEMBER, or COLLABORATOR) diff --git a/actions/detailed-review/action.yml b/actions/detailed-review/action.yml index 97c47018f9d..e23a833f83b 100644 --- a/actions/detailed-review/action.yml +++ b/actions/detailed-review/action.yml @@ -12,12 +12,71 @@ inputs: continue-config: description: 'Config path to use (e.g., "myorg/review-bot")' required: true + use_github_app: + description: 'Use Continue Agent GitHub App for bot identity (requires app installation)' + default: 'true' + required: false runs: using: 'composite' steps: + - name: Generate Continue Agent App Token + if: inputs.use_github_app == 'true' + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.CONTINUE_APP_ID }} + private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} + continue-on-error: true + + - name: Verify App Installation + if: inputs.use_github_app == 'true' && steps.app-token.outcome == 'failure' + shell: bash + run: | + echo "::error::Continue Agent GitHub App is not installed or configured properly" + echo "" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "🤖 Continue Agent App Setup Required" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + echo "To enable Continue reviews with proper bot identity:" + echo "" + echo "1. 📱 Install the Continue Agent app:" + echo " https://github.com/apps/continue-agent" + echo "" + echo "2. 🔑 Configure repository secrets and variables:" + echo " • Secret: CONTINUE_APP_PRIVATE_KEY (your app's private key)" + echo " • Variable: CONTINUE_APP_ID (your app's ID)" + echo "" + echo "3. ✅ Ensure the app has access to this repository" + echo "" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "💡 Quick Fix Options:" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + echo "• For immediate use without the app, add to your workflow:" + echo " use_github_app: false" + echo "" + echo "• For help, see: https://github.com/continuedev/continue/actions" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + exit 1 + + - name: Set GitHub Token + shell: bash + run: | + # Use app token if available, otherwise use standard token + if [ "${{ inputs.use_github_app }}" = "true" ] && [ "${{ steps.app-token.outcome }}" = "success" ]; then + echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> $GITHUB_ENV + echo "Using Continue Agent app token for GitHub operations" + else + echo "GH_TOKEN=${{ github.token }}" >> $GITHUB_ENV + echo "Using standard GitHub Actions token" + fi + - name: Checkout Repository uses: actions/checkout@v4 + with: + token: ${{ env.GH_TOKEN }} - name: Check Authorization shell: bash @@ -78,8 +137,6 @@ runs: - name: Build Inline Review Prompt if: env.SKIP_REVIEW != 'true' shell: bash - env: - GH_TOKEN: ${{ github.token }} run: | # Get PR number based on event type if [ "${{ github.event_name }}" = "pull_request" ]; then @@ -223,6 +280,7 @@ runs: if: env.SKIP_REVIEW != 'true' uses: actions/github-script@v7 with: + github-token: ${{ env.GH_TOKEN }} script: | const fs = require('fs'); @@ -358,8 +416,6 @@ runs: console.log('Failed to post review:', error.message); console.log('Error details:', error); } - env: - GITHUB_TOKEN: ${{ github.token }} - name: Upload Review Artifacts if: env.SKIP_REVIEW != 'true' && always() diff --git a/actions/general-review/action.yml b/actions/general-review/action.yml index bf5e221e1f3..04f8c935a7d 100644 --- a/actions/general-review/action.yml +++ b/actions/general-review/action.yml @@ -12,12 +12,71 @@ inputs: continue-config: description: 'Config path to use (e.g., "myorg/review-bot")' required: true + use_github_app: + description: 'Use Continue Agent GitHub App for bot identity (requires app installation)' + default: 'true' + required: false runs: using: 'composite' steps: + - name: Generate Continue Agent App Token + if: inputs.use_github_app == 'true' + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.CONTINUE_APP_ID }} + private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} + continue-on-error: true + + - name: Verify App Installation + if: inputs.use_github_app == 'true' && steps.app-token.outcome == 'failure' + shell: bash + run: | + echo "::error::Continue Agent GitHub App is not installed or configured properly" + echo "" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "🤖 Continue Agent App Setup Required" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + echo "To enable Continue reviews with proper bot identity:" + echo "" + echo "1. 📱 Install the Continue Agent app:" + echo " https://github.com/apps/continue-agent" + echo "" + echo "2. 🔑 Configure repository secrets and variables:" + echo " • Secret: CONTINUE_APP_PRIVATE_KEY (your app's private key)" + echo " • Variable: CONTINUE_APP_ID (your app's ID)" + echo "" + echo "3. ✅ Ensure the app has access to this repository" + echo "" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "💡 Quick Fix Options:" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + echo "• For immediate use without the app, add to your workflow:" + echo " use_github_app: false" + echo "" + echo "• For help, see: https://github.com/continuedev/continue/actions" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + exit 1 + + - name: Set GitHub Token + shell: bash + run: | + # Use app token if available, otherwise use standard token + if [ "${{ inputs.use_github_app }}" = "true" ] && [ "${{ steps.app-token.outcome }}" = "success" ]; then + echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> $GITHUB_ENV + echo "Using Continue Agent app token for GitHub operations" + else + echo "GH_TOKEN=${{ github.token }}" >> $GITHUB_ENV + echo "Using standard GitHub Actions token" + fi + - name: Checkout Repository uses: actions/checkout@v4 + with: + token: ${{ env.GH_TOKEN }} - name: Check Authorization shell: bash @@ -73,8 +132,6 @@ runs: - name: Build PR Review Prompt if: env.SHOULD_RUN == 'true' shell: bash - env: - GH_TOKEN: ${{ github.token }} run: | # Get PR number based on event type if [ "${{ github.event_name }}" = "pull_request" ]; then @@ -186,6 +243,7 @@ runs: if: env.SHOULD_RUN == 'true' && always() uses: actions/github-script@v7 with: + github-token: ${{ env.GH_TOKEN }} script: | const fs = require('fs'); From c10a31acbf7f6fd66175bc4a1210ca5760d9ddf4 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Mon, 18 Aug 2025 15:52:43 -0700 Subject: [PATCH 02/27] prettier and todo --- .github/workflows/test-continue-agent.yml | 6 ++-- actions/README.md | 16 +++++------ actions/detailed-review/action.yml | 35 +++++++++++++---------- actions/general-review/action.yml | 31 +++++++++++--------- 4 files changed, 49 insertions(+), 39 deletions(-) diff --git a/.github/workflows/test-continue-agent.yml b/.github/workflows/test-continue-agent.yml index 0e6b933af99..33f5e1fdffc 100644 --- a/.github/workflows/test-continue-agent.yml +++ b/.github/workflows/test-continue-agent.yml @@ -4,7 +4,7 @@ on: types: [opened, ready_for_review] issue_comment: types: [created] - workflow_dispatch: # Allow manual testing + workflow_dispatch: # Allow manual testing permissions: contents: read @@ -38,7 +38,7 @@ jobs: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} continue-org: "test-org" continue-config: "test-org/review-bot" - use_github_app: false # Explicitly disable app authentication + use_github_app: false # Explicitly disable app authentication # Test detailed review with app test-detailed-with-app: @@ -53,4 +53,4 @@ jobs: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} continue-org: "test-org" continue-config: "test-org/review-bot" - # use_github_app defaults to true \ No newline at end of file + # use_github_app defaults to true diff --git a/actions/README.md b/actions/README.md index f6e87c4f270..741c56dae13 100644 --- a/actions/README.md +++ b/actions/README.md @@ -119,12 +119,12 @@ jobs: Both actions accept the same inputs: -| Input | Description | Required | Default | -| ------------------ | -------------------------------------------------------- | -------- | ------- | -| `continue-api-key` | API key for Continue service | Yes | - | -| `continue-org` | Organization for Continue config | Yes | - | -| `continue-config` | Config path (e.g., "myorg/review-bot") | Yes | - | -| `use_github_app` | Use Continue Agent GitHub App for bot identity | No | `true` | +| Input | Description | Required | Default | +| ------------------ | ---------------------------------------------- | -------- | ------- | +| `continue-api-key` | API key for Continue service | Yes | - | +| `continue-org` | Organization for Continue config | Yes | - | +| `continue-config` | Config path (e.g., "myorg/review-bot") | Yes | - | +| `use_github_app` | Use Continue Agent GitHub App for bot identity | No | `true` | ## Setup Requirements @@ -147,7 +147,7 @@ To enable reviews with the `continue-agent[bot]` identity instead of `github-act 1. **Install the app**: Visit https://github.com/apps/continue-agent 2. **Grant repository access**: Select the repositories where you want to use Continue reviews 3. **Configure secrets and variables**: - - Add a **repository secret**: `CONTINUE_APP_PRIVATE_KEY` + - Add a **repository secret**: `CONTINUE_APP_PRIVATE_KEY` - This should contain your GitHub App's private key (the entire .pem file content) - Add a **repository variable**: `CONTINUE_APP_ID` - This should contain your GitHub App's ID @@ -162,7 +162,7 @@ If you prefer to use the standard `github-actions[bot]` identity, add this to yo continue-api-key: ${{ secrets.CONTINUE_API_KEY }} continue-org: "your-org-name" continue-config: "your-org-name/review-bot" - use_github_app: false # Disable GitHub App integration + use_github_app: false # Disable GitHub App integration ``` #### Benefits of Using the GitHub App diff --git a/actions/detailed-review/action.yml b/actions/detailed-review/action.yml index e23a833f83b..36594041ff2 100644 --- a/actions/detailed-review/action.yml +++ b/actions/detailed-review/action.yml @@ -1,24 +1,24 @@ -name: 'Continue Detailed PR Review' -description: 'Automated inline code review for pull requests using Continue CLI' -author: 'Continue Dev, Inc.' +name: "Continue Detailed PR Review" +description: "Automated inline code review for pull requests using Continue CLI" +author: "Continue Dev, Inc." inputs: continue-api-key: - description: 'API key for Continue service' + description: "API key for Continue service" required: true continue-org: - description: 'Organization for Continue config' + description: "Organization for Continue config" required: true continue-config: description: 'Config path to use (e.g., "myorg/review-bot")' required: true use_github_app: - description: 'Use Continue Agent GitHub App for bot identity (requires app installation)' - default: 'true' + description: "Use Continue Agent GitHub App for bot identity (requires app installation)" + default: "true" required: false runs: - using: 'composite' + using: "composite" steps: - name: Generate Continue Agent App Token if: inputs.use_github_app == 'true' @@ -85,8 +85,13 @@ runs: HAS_TRIGGER_PHRASE: ${{ contains(github.event.comment.body, '@continue-detailed-review') }} run: | # Check if this action should run based on event type and user permissions + # TODO: Future improvement - consolidate into a single action that responds to + # @continue-agent mentions with smart heuristics to determine review type: + # - "@continue-agent" or "@continue-agent review" -> general review + # - "@continue-agent detailed" or similar keywords -> detailed review + # This would provide a more natural bot interaction similar to Claude or GitHub Copilot SHOULD_RUN="false" - + if [ "${{ github.event_name }}" = "pull_request" ]; then # Check if PR is a draft if [ "${{ github.event.pull_request.draft }}" = "true" ]; then @@ -115,12 +120,12 @@ runs: else echo "::notice::Skipping review - Event type ${{ github.event_name }} is not supported" fi - + if [ "$SHOULD_RUN" != "true" ]; then echo "SKIP_REVIEW=true" >> $GITHUB_ENV exit 0 fi - + echo "SKIP_REVIEW=false" >> $GITHUB_ENV - name: Setup Node.js @@ -154,7 +159,7 @@ runs: # Annotate diff with GitHub API positions node ${{ github.action_path }}/annotate-diff.js pr_diff.txt > pr_diff_annotated.txt - + # Debug: Show sample of annotated diff echo "=== SAMPLE OF ANNOTATED DIFF ===" head -100 pr_diff_annotated.txt | grep -E "^\[POS:|^@@|^diff --git" || head -50 pr_diff_annotated.txt @@ -245,7 +250,7 @@ runs: echo "Error: continue-org input is required" exit 1 fi - + if [ -z "${{ inputs.continue-config }}" ]; then echo "Error: continue-config input is required" exit 1 @@ -270,7 +275,7 @@ runs: echo "Error: Invalid JSON output from Continue CLI" exit 1 fi - + # Use the JSON output directly cp inline_review_raw.json inline_review.json echo "Review output:" @@ -428,4 +433,4 @@ runs: inline_review_prompt.txt pr_diff.txt pr_diff_annotated.txt - retention-days: 7 \ No newline at end of file + retention-days: 7 diff --git a/actions/general-review/action.yml b/actions/general-review/action.yml index 04f8c935a7d..4ed9b3e32f3 100644 --- a/actions/general-review/action.yml +++ b/actions/general-review/action.yml @@ -1,24 +1,24 @@ -name: 'Continue PR Review' -description: 'Automated code review for pull requests using Continue CLI' -author: 'Continue Dev, Inc.' +name: "Continue PR Review" +description: "Automated code review for pull requests using Continue CLI" +author: "Continue Dev, Inc." inputs: continue-api-key: - description: 'API key for Continue service' + description: "API key for Continue service" required: true continue-org: - description: 'Organization for Continue config' + description: "Organization for Continue config" required: true continue-config: description: 'Config path to use (e.g., "myorg/review-bot")' required: true use_github_app: - description: 'Use Continue Agent GitHub App for bot identity (requires app installation)' - default: 'true' + description: "Use Continue Agent GitHub App for bot identity (requires app installation)" + default: "true" required: false runs: - using: 'composite' + using: "composite" steps: - name: Generate Continue Agent App Token if: inputs.use_github_app == 'true' @@ -85,8 +85,13 @@ runs: HAS_TRIGGER_PHRASE: ${{ contains(github.event.comment.body, '@continue-general-review') }} run: | # Check if this action should run based on event type and user permissions + # TODO: Future improvement - consolidate into a single action that responds to + # @continue-agent mentions with smart heuristics to determine review type: + # - "@continue-agent" or "@continue-agent review" -> general review + # - "@continue-agent detailed" or similar keywords -> detailed review + # This would provide a more natural bot interaction similar to Claude or GitHub Copilot SHOULD_RUN="false" - + if [ "${{ github.event_name }}" = "pull_request" ]; then # Check if PR is a draft if [ "${{ github.event.pull_request.draft }}" = "true" ]; then @@ -115,7 +120,7 @@ runs: else echo "::notice::Skipping review - Unsupported event type: ${{ github.event_name }}" fi - + echo "SHOULD_RUN=$SHOULD_RUN" >> $GITHUB_ENV - name: Setup Node.js @@ -219,7 +224,7 @@ runs: echo "Error: Invalid organization name. Must contain only alphanumeric characters, hyphens, and underscores." exit 1 fi - + if [[ ! "$CONTINUE_CONFIG" =~ ^[a-zA-Z0-9_/-]+$ ]]; then echo "Error: Invalid config path. Must contain only alphanumeric characters, hyphens, underscores, and forward slashes." exit 1 @@ -287,5 +292,5 @@ runs: } branding: - icon: 'code' - color: 'blue' \ No newline at end of file + icon: "code" + color: "blue" From c68f1c074f0b8b08917d667494746e34b37f4e36 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Tue, 19 Aug 2025 21:33:10 -0700 Subject: [PATCH 03/27] fix; add chckout setp --- .github/workflows/test-continue-agent.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/test-continue-agent.yml b/.github/workflows/test-continue-agent.yml index 33f5e1fdffc..d77810a443c 100644 --- a/.github/workflows/test-continue-agent.yml +++ b/.github/workflows/test-continue-agent.yml @@ -18,6 +18,9 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: + - name: Checkout Repository + uses: actions/checkout@v4 + - name: General Review with App uses: ./actions/general-review with: @@ -32,6 +35,9 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: + - name: Checkout Repository + uses: actions/checkout@v4 + - name: General Review without App uses: ./actions/general-review with: @@ -47,6 +53,9 @@ jobs: timeout-minutes: 10 if: contains(github.event.comment.body, '@test-detailed') steps: + - name: Checkout Repository + uses: actions/checkout@v4 + - name: Detailed Review with App uses: ./actions/detailed-review with: From 86c76875280b0911400919683d8b70fef638adee Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Tue, 19 Aug 2025 21:36:36 -0700 Subject: [PATCH 04/27] fix: use secrets context for app_id and pass inputs to actions --- .github/workflows/test-continue-agent.yml | 4 ++++ actions/detailed-review/action.yml | 12 +++++++++--- actions/general-review/action.yml | 12 +++++++++--- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test-continue-agent.yml b/.github/workflows/test-continue-agent.yml index d77810a443c..9423c54b2e6 100644 --- a/.github/workflows/test-continue-agent.yml +++ b/.github/workflows/test-continue-agent.yml @@ -27,6 +27,8 @@ jobs: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} continue-org: "test-org" continue-config: "test-org/review-bot" + app_id: ${{ secrets.CONTINUE_APP_ID }} + app_private_key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} # use_github_app defaults to true # Test without GitHub App (fallback mode) @@ -62,4 +64,6 @@ jobs: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} continue-org: "test-org" continue-config: "test-org/review-bot" + app_id: ${{ secrets.CONTINUE_APP_ID }} + app_private_key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} # use_github_app defaults to true diff --git a/actions/detailed-review/action.yml b/actions/detailed-review/action.yml index 36594041ff2..06f0dbeb25d 100644 --- a/actions/detailed-review/action.yml +++ b/actions/detailed-review/action.yml @@ -16,17 +16,23 @@ inputs: description: "Use Continue Agent GitHub App for bot identity (requires app installation)" default: "true" required: false + app_id: + description: "GitHub App ID (required if use_github_app is true)" + required: false + app_private_key: + description: "GitHub App Private Key (required if use_github_app is true)" + required: false runs: using: "composite" steps: - name: Generate Continue Agent App Token - if: inputs.use_github_app == 'true' + if: inputs.use_github_app == 'true' && inputs.app_id != '' && inputs.app_private_key != '' id: app-token uses: actions/create-github-app-token@v2 with: - app-id: ${{ vars.CONTINUE_APP_ID }} - private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} + app-id: ${{ inputs.app_id }} + private-key: ${{ inputs.app_private_key }} continue-on-error: true - name: Verify App Installation diff --git a/actions/general-review/action.yml b/actions/general-review/action.yml index 4ed9b3e32f3..a25e53ed8d6 100644 --- a/actions/general-review/action.yml +++ b/actions/general-review/action.yml @@ -16,17 +16,23 @@ inputs: description: "Use Continue Agent GitHub App for bot identity (requires app installation)" default: "true" required: false + app_id: + description: "GitHub App ID (required if use_github_app is true)" + required: false + app_private_key: + description: "GitHub App Private Key (required if use_github_app is true)" + required: false runs: using: "composite" steps: - name: Generate Continue Agent App Token - if: inputs.use_github_app == 'true' + if: inputs.use_github_app == 'true' && inputs.app_id != '' && inputs.app_private_key != '' id: app-token uses: actions/create-github-app-token@v2 with: - app-id: ${{ vars.CONTINUE_APP_ID }} - private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} + app-id: ${{ inputs.app_id }} + private-key: ${{ inputs.app_private_key }} continue-on-error: true - name: Verify App Installation From 4e5e4fe196b2780b204bb9019bbb122746e19059 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 05:49:53 -0700 Subject: [PATCH 05/27] feat: add base Continue review workflow and simplified action --- .github/workflows/test-continue-agent.yml | 16 ++++++- actions/base-review/action.yml | 54 +++++++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 actions/base-review/action.yml diff --git a/.github/workflows/test-continue-agent.yml b/.github/workflows/test-continue-agent.yml index 9423c54b2e6..af86de187a2 100644 --- a/.github/workflows/test-continue-agent.yml +++ b/.github/workflows/test-continue-agent.yml @@ -1,4 +1,4 @@ -name: Test Continue Agent App Integration +name: Test Continue Agent Actions on: pull_request: types: [opened, ready_for_review] @@ -12,6 +12,20 @@ permissions: issues: write jobs: + # Test the new simplified base-review action + test-base-review: + name: Test Base Review (Simplified) + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Base Review + uses: ./actions/base-review + with: + continue-api-key: ${{ secrets.CONTINUE_API_KEY }} + # Test with GitHub App (default behavior) test-with-app: name: Test with Continue Agent App diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml new file mode 100644 index 00000000000..4c74b1b4cd8 --- /dev/null +++ b/actions/base-review/action.yml @@ -0,0 +1,54 @@ +name: "Continue Base Review" +description: "Zero-config AI code review - just add this action and optionally an API key" +author: "Continue Dev, Inc." + +inputs: + continue-api-key: + description: "API key for Continue service (optional if using default)" + required: false + default: "" + +runs: + using: "composite" + steps: + - name: Check trigger + id: check + shell: bash + run: | + # Determine if we should run based on event type + SHOULD_RUN="false" + REVIEW_TYPE="general" + + if [ "${{ github.event_name }}" = "pull_request" ]; then + if [ "${{ github.event.pull_request.draft }}" != "true" ]; then + SHOULD_RUN="true" + fi + elif [ "${{ github.event_name }}" = "issue_comment" ]; then + if [ "${{ github.event.issue.pull_request }}" != "" ]; then + COMMENT="${{ github.event.comment.body }}" + # Check for @continue-agent mention + if echo "$COMMENT" | grep -qi "@continue-agent"; then + SHOULD_RUN="true" + # Check for review type keywords + if echo "$COMMENT" | grep -qi "detailed"; then + REVIEW_TYPE="detailed" + fi + fi + fi + fi + + echo "should_run=$SHOULD_RUN" >> $GITHUB_OUTPUT + echo "review_type=$REVIEW_TYPE" >> $GITHUB_OUTPUT + + - name: Run Continue Review + if: steps.check.outputs.should_run == 'true' + uses: continuedev/continue/actions/general-review@main + with: + continue-api-key: ${{ inputs.continue-api-key || secrets.CONTINUE_API_KEY || vars.CONTINUE_DEFAULT_KEY || 'demo-key' }} + continue-org: "continue" + continue-config: "continue/default" + use_github_app: false # Keep it simple - no app complexity + +branding: + icon: "code" + color: "blue" \ No newline at end of file From f03faae869a78ea4bde88dcd8a56d06f79873a7a Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 06:01:06 -0700 Subject: [PATCH 06/27] fix: composite action --- actions/base-review/action.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index 4c74b1b4cd8..e41614f0121 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -4,9 +4,8 @@ author: "Continue Dev, Inc." inputs: continue-api-key: - description: "API key for Continue service (optional if using default)" - required: false - default: "" + description: "API key for Continue service (required)" + required: true runs: using: "composite" @@ -44,7 +43,7 @@ runs: if: steps.check.outputs.should_run == 'true' uses: continuedev/continue/actions/general-review@main with: - continue-api-key: ${{ inputs.continue-api-key || secrets.CONTINUE_API_KEY || vars.CONTINUE_DEFAULT_KEY || 'demo-key' }} + continue-api-key: ${{ inputs.continue-api-key }} continue-org: "continue" continue-config: "continue/default" use_github_app: false # Keep it simple - no app complexity From a56b143cbadfe3308e70d8e9ebf5a4772cd4c8c4 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 06:06:10 -0700 Subject: [PATCH 07/27] fix: use correct branch reference in base-review action --- actions/base-review/action.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index e41614f0121..841df0c1058 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -38,10 +38,15 @@ runs: echo "should_run=$SHOULD_RUN" >> $GITHUB_OUTPUT echo "review_type=$REVIEW_TYPE" >> $GITHUB_OUTPUT + + # Debug output + echo "Event: ${{ github.event_name }}" + echo "Should run: $SHOULD_RUN" + echo "Review type: $REVIEW_TYPE" - name: Run Continue Review if: steps.check.outputs.should_run == 'true' - uses: continuedev/continue/actions/general-review@main + uses: continuedev/continue/actions/general-review@bdougie/continue-agent with: continue-api-key: ${{ inputs.continue-api-key }} continue-org: "continue" From 061d33f8b88742187689ff141c75a312bdaf863b Mon Sep 17 00:00:00 2001 From: Brian Douglas Date: Wed, 20 Aug 2025 06:13:10 -0700 Subject: [PATCH 08/27] fix: Update action.yml --- actions/base-review/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index 841df0c1058..de1711e0fed 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -51,8 +51,8 @@ runs: continue-api-key: ${{ inputs.continue-api-key }} continue-org: "continue" continue-config: "continue/default" - use_github_app: false # Keep it simple - no app complexity + use_github_app: true # Keep it simple - install the app for the best experience branding: icon: "code" - color: "blue" \ No newline at end of file + color: "blue" From 568ada4f118538c71139dfd09e0d2032ad358c9d Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 06:32:54 -0700 Subject: [PATCH 09/27] refactor: simplify GitHub App token handling in actions - Remove use_github_app complexity from general-review action - Add github-token as optional input to both actions - Allow token generation to be handled by workflow instead of action - Simplify token logic to use provided token or default to github.token This allows users to generate GitHub App tokens in their workflows and pass them to the actions, providing more flexibility. --- actions/base-review/action.yml | 5 ++- actions/general-review/action.yml | 62 ++++--------------------------- 2 files changed, 11 insertions(+), 56 deletions(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index de1711e0fed..fb1ae33560a 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -6,6 +6,9 @@ inputs: continue-api-key: description: "API key for Continue service (required)" required: true + github-token: + description: "GitHub token for API operations (optional, defaults to github.token)" + required: false runs: using: "composite" @@ -51,7 +54,7 @@ runs: continue-api-key: ${{ inputs.continue-api-key }} continue-org: "continue" continue-config: "continue/default" - use_github_app: true # Keep it simple - install the app for the best experience + github-token: ${{ inputs.github-token }} branding: icon: "code" diff --git a/actions/general-review/action.yml b/actions/general-review/action.yml index a25e53ed8d6..ee7e9d6d83b 100644 --- a/actions/general-review/action.yml +++ b/actions/general-review/action.yml @@ -12,71 +12,23 @@ inputs: continue-config: description: 'Config path to use (e.g., "myorg/review-bot")' required: true - use_github_app: - description: "Use Continue Agent GitHub App for bot identity (requires app installation)" - default: "true" - required: false - app_id: - description: "GitHub App ID (required if use_github_app is true)" - required: false - app_private_key: - description: "GitHub App Private Key (required if use_github_app is true)" + github-token: + description: "GitHub token for API operations (defaults to github.token)" required: false runs: using: "composite" steps: - - name: Generate Continue Agent App Token - if: inputs.use_github_app == 'true' && inputs.app_id != '' && inputs.app_private_key != '' - id: app-token - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ inputs.app_id }} - private-key: ${{ inputs.app_private_key }} - continue-on-error: true - - - name: Verify App Installation - if: inputs.use_github_app == 'true' && steps.app-token.outcome == 'failure' - shell: bash - run: | - echo "::error::Continue Agent GitHub App is not installed or configured properly" - echo "" - echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" - echo "🤖 Continue Agent App Setup Required" - echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" - echo "" - echo "To enable Continue reviews with proper bot identity:" - echo "" - echo "1. 📱 Install the Continue Agent app:" - echo " https://github.com/apps/continue-agent" - echo "" - echo "2. 🔑 Configure repository secrets and variables:" - echo " • Secret: CONTINUE_APP_PRIVATE_KEY (your app's private key)" - echo " • Variable: CONTINUE_APP_ID (your app's ID)" - echo "" - echo "3. ✅ Ensure the app has access to this repository" - echo "" - echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" - echo "💡 Quick Fix Options:" - echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" - echo "" - echo "• For immediate use without the app, add to your workflow:" - echo " use_github_app: false" - echo "" - echo "• For help, see: https://github.com/continuedev/continue/actions" - echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" - exit 1 - - name: Set GitHub Token shell: bash run: | - # Use app token if available, otherwise use standard token - if [ "${{ inputs.use_github_app }}" = "true" ] && [ "${{ steps.app-token.outcome }}" = "success" ]; then - echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> $GITHUB_ENV - echo "Using Continue Agent app token for GitHub operations" + # Use provided token or default to github.token + if [ "${{ inputs.github-token }}" != "" ]; then + echo "GH_TOKEN=${{ inputs.github-token }}" >> $GITHUB_ENV + echo "Using provided GitHub token for operations" else echo "GH_TOKEN=${{ github.token }}" >> $GITHUB_ENV - echo "Using standard GitHub Actions token" + echo "Using default GitHub Actions token" fi - name: Checkout Repository From 9d0583aa033e587ae97447d5b656e1fda83a16fd Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 06:34:24 -0700 Subject: [PATCH 10/27] feat: auto-generate GitHub App token in base-review action - Base action now generates GitHub App token internally - Uses Continue's app credentials (vars.CONTINUE_APP_ID and secrets.CONTINUE_APP_PRIVATE_KEY) - Users only need to provide CONTINUE_API_KEY - Simplifies setup - no GitHub App configuration needed by users --- actions/base-review/action.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index fb1ae33560a..606b01cf211 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -6,9 +6,6 @@ inputs: continue-api-key: description: "API key for Continue service (required)" required: true - github-token: - description: "GitHub token for API operations (optional, defaults to github.token)" - required: false runs: using: "composite" @@ -47,6 +44,14 @@ runs: echo "Should run: $SHOULD_RUN" echo "Review type: $REVIEW_TYPE" + - name: Generate GitHub App Token + if: steps.check.outputs.should_run == 'true' + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.CONTINUE_APP_ID }} + private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} + - name: Run Continue Review if: steps.check.outputs.should_run == 'true' uses: continuedev/continue/actions/general-review@bdougie/continue-agent @@ -54,7 +59,7 @@ runs: continue-api-key: ${{ inputs.continue-api-key }} continue-org: "continue" continue-config: "continue/default" - github-token: ${{ inputs.github-token }} + github-token: ${{ steps.app-token.outputs.token }} branding: icon: "code" From a3ebba0480aeeb11841a2f9801d8e47553ab9a3b Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 06:38:47 -0700 Subject: [PATCH 11/27] docs: update test workflow to show external user example - Simplified workflow to match what external users would use - Shows minimal setup with just CONTINUE_API_KEY - Includes proper permissions for GitHub App operations - Demonstrates the zero-config approach for AI code reviews --- .github/workflows/test-continue-agent.yml | 74 +++-------------------- 1 file changed, 7 insertions(+), 67 deletions(-) diff --git a/.github/workflows/test-continue-agent.yml b/.github/workflows/test-continue-agent.yml index af86de187a2..d8d1ac6ada7 100644 --- a/.github/workflows/test-continue-agent.yml +++ b/.github/workflows/test-continue-agent.yml @@ -1,83 +1,23 @@ -name: Test Continue Agent Actions +name: AI Code Review on: pull_request: - types: [opened, ready_for_review] + types: [opened, synchronize, ready_for_review] issue_comment: types: [created] - workflow_dispatch: # Allow manual testing permissions: contents: read pull-requests: write issues: write + actions: read + checks: write jobs: - # Test the new simplified base-review action - test-base-review: - name: Test Base Review (Simplified) + review: runs-on: ubuntu-latest - timeout-minutes: 10 steps: - - name: Checkout Repository - uses: actions/checkout@v4 + - uses: actions/checkout@v4 - - name: Base Review - uses: ./actions/base-review + - uses: continuedev/continue/actions/base-review@bdougie/continue-agent with: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} - - # Test with GitHub App (default behavior) - test-with-app: - name: Test with Continue Agent App - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - - - name: General Review with App - uses: ./actions/general-review - with: - continue-api-key: ${{ secrets.CONTINUE_API_KEY }} - continue-org: "test-org" - continue-config: "test-org/review-bot" - app_id: ${{ secrets.CONTINUE_APP_ID }} - app_private_key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} - # use_github_app defaults to true - - # Test without GitHub App (fallback mode) - test-without-app: - name: Test without GitHub App - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - - - name: General Review without App - uses: ./actions/general-review - with: - continue-api-key: ${{ secrets.CONTINUE_API_KEY }} - continue-org: "test-org" - continue-config: "test-org/review-bot" - use_github_app: false # Explicitly disable app authentication - - # Test detailed review with app - test-detailed-with-app: - name: Test Detailed Review with App - runs-on: ubuntu-latest - timeout-minutes: 10 - if: contains(github.event.comment.body, '@test-detailed') - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - - - name: Detailed Review with App - uses: ./actions/detailed-review - with: - continue-api-key: ${{ secrets.CONTINUE_API_KEY }} - continue-org: "test-org" - continue-config: "test-org/review-bot" - app_id: ${{ secrets.CONTINUE_APP_ID }} - app_private_key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} - # use_github_app defaults to true From a2d25393bea68b58bac245e0d867426bfcdb9217 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 06:43:42 -0700 Subject: [PATCH 12/27] fix: resolve GitHub Actions variable scope issue - Composite actions cannot access repository vars/secrets directly - Changed to accept app-id and app-private-key as inputs - Defaults app-id to Continue Agent App ID (1090372) - Falls back to github.token if no app credentials provided - Added examples showing both basic and GitHub App usage --- .github/workflows/test-continue-agent.yml | 8 ++++++++ actions/base-review/action.yml | 15 +++++++++++---- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-continue-agent.yml b/.github/workflows/test-continue-agent.yml index d8d1ac6ada7..583196e8ff7 100644 --- a/.github/workflows/test-continue-agent.yml +++ b/.github/workflows/test-continue-agent.yml @@ -18,6 +18,14 @@ jobs: steps: - uses: actions/checkout@v4 + # Example 1: Basic usage (no GitHub App - uses default token) - uses: continuedev/continue/actions/base-review@bdougie/continue-agent with: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} + + # Example 2: With GitHub App (if you have your own app) + # - uses: continuedev/continue/actions/base-review@bdougie/continue-agent + # with: + # continue-api-key: ${{ secrets.CONTINUE_API_KEY }} + # app-id: ${{ vars.MY_APP_ID }} + # app-private-key: ${{ secrets.MY_APP_PRIVATE_KEY }} diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index 606b01cf211..4cb0c40bb3a 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -6,6 +6,13 @@ inputs: continue-api-key: description: "API key for Continue service (required)" required: true + app-id: + description: "GitHub App ID (optional, defaults to Continue's app)" + required: false + default: "1090372" # Continue Agent App ID + app-private-key: + description: "GitHub App Private Key (optional, defaults to Continue's app)" + required: false runs: using: "composite" @@ -45,12 +52,12 @@ runs: echo "Review type: $REVIEW_TYPE" - name: Generate GitHub App Token - if: steps.check.outputs.should_run == 'true' + if: steps.check.outputs.should_run == 'true' && inputs.app-private-key != '' id: app-token uses: actions/create-github-app-token@v2 with: - app-id: ${{ vars.CONTINUE_APP_ID }} - private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} + app-id: ${{ inputs.app-id }} + private-key: ${{ inputs.app-private-key }} - name: Run Continue Review if: steps.check.outputs.should_run == 'true' @@ -59,7 +66,7 @@ runs: continue-api-key: ${{ inputs.continue-api-key }} continue-org: "continue" continue-config: "continue/default" - github-token: ${{ steps.app-token.outputs.token }} + github-token: ${{ steps.app-token.outputs.token || github.token }} branding: icon: "code" From 3d7aa1b7ccfc51dc394cdb5c061246ced7fd5d96 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 06:45:27 -0700 Subject: [PATCH 13/27] fix: use CONTINUE_APP_ID and CONTINUE_APP_PRIVATE_KEY secrets - Both app-id and app-private-key are now passed as secrets - Removed default app-id value - Updated test workflow to use proper secret names - Users need to set CONTINUE_APP_ID and CONTINUE_APP_PRIVATE_KEY in their repo secrets --- .github/workflows/test-continue-agent.yml | 10 ++-------- actions/base-review/action.yml | 5 ++--- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/.github/workflows/test-continue-agent.yml b/.github/workflows/test-continue-agent.yml index 583196e8ff7..75cab16244b 100644 --- a/.github/workflows/test-continue-agent.yml +++ b/.github/workflows/test-continue-agent.yml @@ -18,14 +18,8 @@ jobs: steps: - uses: actions/checkout@v4 - # Example 1: Basic usage (no GitHub App - uses default token) - uses: continuedev/continue/actions/base-review@bdougie/continue-agent with: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} - - # Example 2: With GitHub App (if you have your own app) - # - uses: continuedev/continue/actions/base-review@bdougie/continue-agent - # with: - # continue-api-key: ${{ secrets.CONTINUE_API_KEY }} - # app-id: ${{ vars.MY_APP_ID }} - # app-private-key: ${{ secrets.MY_APP_PRIVATE_KEY }} + app-id: ${{ secrets.CONTINUE_APP_ID }} + app-private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index 4cb0c40bb3a..4c297311222 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -7,11 +7,10 @@ inputs: description: "API key for Continue service (required)" required: true app-id: - description: "GitHub App ID (optional, defaults to Continue's app)" + description: "GitHub App ID (optional)" required: false - default: "1090372" # Continue Agent App ID app-private-key: - description: "GitHub App Private Key (optional, defaults to Continue's app)" + description: "GitHub App Private Key (optional)" required: false runs: From b82697e13be099c800c9de15d0a14d285078455d Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 06:48:47 -0700 Subject: [PATCH 14/27] fix: make GitHub App optional with graceful fallback - Added continue-on-error to GitHub App token generation - Made app-id and app-private-key truly optional in workflow - Action will use GitHub App token if available, otherwise falls back to github.token - Prevents 'Not Found' error when app is not installed on repository - Simplifies setup for users who don't have the GitHub App installed --- .github/workflows/test-continue-agent.yml | 6 ++++-- actions/base-review/action.yml | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-continue-agent.yml b/.github/workflows/test-continue-agent.yml index 75cab16244b..debeaa97dd6 100644 --- a/.github/workflows/test-continue-agent.yml +++ b/.github/workflows/test-continue-agent.yml @@ -18,8 +18,10 @@ jobs: steps: - uses: actions/checkout@v4 + # This will use GitHub App token if available, otherwise falls back to github.token - uses: continuedev/continue/actions/base-review@bdougie/continue-agent with: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} - app-id: ${{ secrets.CONTINUE_APP_ID }} - app-private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} + # Optional: Provide these if you have a GitHub App installed + # app-id: ${{ secrets.CONTINUE_APP_ID }} + # app-private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index 4c297311222..9f05cae2e41 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -57,6 +57,7 @@ runs: with: app-id: ${{ inputs.app-id }} private-key: ${{ inputs.app-private-key }} + continue-on-error: true - name: Run Continue Review if: steps.check.outputs.should_run == 'true' From 10001f0b0b882236eda2d93ad0c23045533bb690 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 06:50:04 -0700 Subject: [PATCH 15/27] feat: add helpful comment when GitHub App is not installed - Automatically posts a comment if GitHub App token generation fails - Provides clear instructions on how to install the Continue Agent app - Explains benefits of using the app vs default token - Helps users understand the setup process - Still allows reviews to work without the app --- actions/base-review/action.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index 9f05cae2e41..aa9de8437e8 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -59,6 +59,22 @@ runs: private-key: ${{ inputs.app-private-key }} continue-on-error: true + - name: Comment on App Installation + if: steps.check.outputs.should_run == 'true' && inputs.app-private-key != '' && steps.app-token.outcome == 'failure' + uses: actions/github-script@v7 + with: + github-token: ${{ github.token }} + script: | + const prNumber = context.payload.pull_request?.number || context.payload.issue?.number; + if (prNumber) { + await github.rest.issues.createComment({ + issue_number: prNumber, + owner: context.repo.owner, + repo: context.repo.repo, + body: `## 🤖 Continue Agent Setup\n\nI noticed the Continue Agent GitHub App isn't installed on this repository.\n\n**To enable AI-powered code reviews with proper bot identity:**\n\n1. 📱 [Install the Continue Agent app](https://github.com/apps/continue-agent)\n2. ✅ Grant it access to this repository\n3. 🔄 Re-run this workflow or comment \`@continue-agent\` to trigger a new review\n\n**Benefits of using the app:**\n- Reviews appear from the Continue Agent bot instead of github-actions\n- Better formatting and threading of review comments\n- Enhanced permissions for code analysis\n\n*Note: Reviews will still work without the app, but with limited features.*` + }); + } + - name: Run Continue Review if: steps.check.outputs.should_run == 'true' uses: continuedev/continue/actions/general-review@bdougie/continue-agent From d2da1f2949b59b92663c2ed23e68e98eaf789be2 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 07:47:48 -0700 Subject: [PATCH 16/27] chore: update Continue config to use clean-code profile - Changed org from 'continue' to 'continuedev' - Changed config from 'continue/default' to 'continuedev/clean-code' - Uses the clean code review configuration for better code analysis --- actions/base-review/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index aa9de8437e8..ed108d90f64 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -80,8 +80,8 @@ runs: uses: continuedev/continue/actions/general-review@bdougie/continue-agent with: continue-api-key: ${{ inputs.continue-api-key }} - continue-org: "continue" - continue-config: "continue/default" + continue-org: "continuedev" + continue-config: "continuedev/clean-code" github-token: ${{ steps.app-token.outputs.token || github.token }} branding: From 862a46bfcef6278ca156d9d5e166d275848d3c33 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 07:49:29 -0700 Subject: [PATCH 17/27] chore: update Continue config to use review-bot profile - Changed config from 'continuedev/clean-code' to 'continuedev/review-bot' - Uses the dedicated review bot configuration --- actions/base-review/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index ed108d90f64..e17d0d658ad 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -81,7 +81,7 @@ runs: with: continue-api-key: ${{ inputs.continue-api-key }} continue-org: "continuedev" - continue-config: "continuedev/clean-code" + continue-config: "continuedev/review-bot" github-token: ${{ steps.app-token.outputs.token || github.token }} branding: From bf319dd8f0e1281ae75933e39f2c5ebf7f9ff9ed Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 15:01:06 -0700 Subject: [PATCH 18/27] feat: add github-token input parameter to base-review action - Added github-token as optional input parameter - Prioritizes passed github-token over generated app token - Allows users to provide their own GitHub App token from workflow - Maintains backward compatibility with existing workflows This enables workflows to generate GitHub App tokens externally and pass them to the action, allowing comments to appear from the GitHub App bot even when the action doesn't have direct access to app credentials. --- actions/base-review/action.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index e17d0d658ad..99452a42603 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -12,6 +12,9 @@ inputs: app-private-key: description: "GitHub App Private Key (optional)" required: false + github-token: + description: "GitHub token for API access (optional - for posting comments with GitHub App)" + required: false runs: using: "composite" @@ -82,7 +85,7 @@ runs: continue-api-key: ${{ inputs.continue-api-key }} continue-org: "continuedev" continue-config: "continuedev/review-bot" - github-token: ${{ steps.app-token.outputs.token || github.token }} + github-token: ${{ inputs.github-token || steps.app-token.outputs.token || github.token }} branding: icon: "code" From 21d3aa97ef6aa641f55eb901134e53cf5bf19040 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 15:31:38 -0700 Subject: [PATCH 19/27] refactor: standardize all review actions to use github-token pattern - Removed use_github_app flag and app credential inputs from all actions - All actions now accept optional github-token parameter - Simplified detailed-review action to match general-review pattern - Base-review action now follows same token priority: passed token > app token > default - Consistent authentication approach across all review actions This allows users to: 1. Use default github.token (comments as github-actions bot) 2. Pass their own GitHub App token (comments as app bot) 3. Let base-review generate app token if credentials provided --- actions/detailed-review/action.yml | 62 ++++-------------------------- 1 file changed, 7 insertions(+), 55 deletions(-) diff --git a/actions/detailed-review/action.yml b/actions/detailed-review/action.yml index 06f0dbeb25d..9f688e20d8f 100644 --- a/actions/detailed-review/action.yml +++ b/actions/detailed-review/action.yml @@ -12,71 +12,23 @@ inputs: continue-config: description: 'Config path to use (e.g., "myorg/review-bot")' required: true - use_github_app: - description: "Use Continue Agent GitHub App for bot identity (requires app installation)" - default: "true" - required: false - app_id: - description: "GitHub App ID (required if use_github_app is true)" - required: false - app_private_key: - description: "GitHub App Private Key (required if use_github_app is true)" + github-token: + description: "GitHub token for API operations (defaults to github.token)" required: false runs: using: "composite" steps: - - name: Generate Continue Agent App Token - if: inputs.use_github_app == 'true' && inputs.app_id != '' && inputs.app_private_key != '' - id: app-token - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ inputs.app_id }} - private-key: ${{ inputs.app_private_key }} - continue-on-error: true - - - name: Verify App Installation - if: inputs.use_github_app == 'true' && steps.app-token.outcome == 'failure' - shell: bash - run: | - echo "::error::Continue Agent GitHub App is not installed or configured properly" - echo "" - echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" - echo "🤖 Continue Agent App Setup Required" - echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" - echo "" - echo "To enable Continue reviews with proper bot identity:" - echo "" - echo "1. 📱 Install the Continue Agent app:" - echo " https://github.com/apps/continue-agent" - echo "" - echo "2. 🔑 Configure repository secrets and variables:" - echo " • Secret: CONTINUE_APP_PRIVATE_KEY (your app's private key)" - echo " • Variable: CONTINUE_APP_ID (your app's ID)" - echo "" - echo "3. ✅ Ensure the app has access to this repository" - echo "" - echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" - echo "💡 Quick Fix Options:" - echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" - echo "" - echo "• For immediate use without the app, add to your workflow:" - echo " use_github_app: false" - echo "" - echo "• For help, see: https://github.com/continuedev/continue/actions" - echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" - exit 1 - - name: Set GitHub Token shell: bash run: | - # Use app token if available, otherwise use standard token - if [ "${{ inputs.use_github_app }}" = "true" ] && [ "${{ steps.app-token.outcome }}" = "success" ]; then - echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> $GITHUB_ENV - echo "Using Continue Agent app token for GitHub operations" + # Use provided token or default to github.token + if [ "${{ inputs.github-token }}" != "" ]; then + echo "GH_TOKEN=${{ inputs.github-token }}" >> $GITHUB_ENV + echo "Using provided GitHub token for operations" else echo "GH_TOKEN=${{ github.token }}" >> $GITHUB_ENV - echo "Using standard GitHub Actions token" + echo "Using default GitHub Actions token" fi - name: Checkout Repository From 1e364ecf41d10004286a5531c3a263ee2148c015 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 15:35:50 -0700 Subject: [PATCH 20/27] feat: standardize GitHub App authentication across all actions - All actions now have use_github_app flag (defaults to true) - All actions can fallback to CONTINUE_APP_ID and CONTINUE_APP_PRIVATE_KEY secrets - Default app-id is 1090372 (Continue Agent App ID) - Base-review now uses detailed-review action for all reviews - Token priority: provided token > app token > default token This enables GitHub App authentication by default while allowing fallback to: 1. Repository secrets (CONTINUE_APP_ID, CONTINUE_APP_PRIVATE_KEY) 2. Default GitHub Actions token if app auth fails --- actions/base-review/action.yml | 29 +++++++++++++++++------------ actions/detailed-review/action.yml | 27 +++++++++++++++++++++++++-- actions/general-review/action.yml | 27 +++++++++++++++++++++++++-- 3 files changed, 67 insertions(+), 16 deletions(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index 99452a42603..bf66dc00fc7 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -6,14 +6,16 @@ inputs: continue-api-key: description: "API key for Continue service (required)" required: true + use_github_app: + description: "Use GitHub App for bot identity (defaults to true)" + default: "true" + required: false app-id: - description: "GitHub App ID (optional)" + description: "GitHub App ID (optional, defaults to Continue Agent app)" required: false + default: "1090372" # Continue Agent App ID app-private-key: - description: "GitHub App Private Key (optional)" - required: false - github-token: - description: "GitHub token for API access (optional - for posting comments with GitHub App)" + description: "GitHub App Private Key (optional, defaults to repository secret)" required: false runs: @@ -54,16 +56,16 @@ runs: echo "Review type: $REVIEW_TYPE" - name: Generate GitHub App Token - if: steps.check.outputs.should_run == 'true' && inputs.app-private-key != '' + if: steps.check.outputs.should_run == 'true' && inputs.use_github_app == 'true' id: app-token uses: actions/create-github-app-token@v2 with: - app-id: ${{ inputs.app-id }} - private-key: ${{ inputs.app-private-key }} + app-id: ${{ inputs.app-id || secrets.CONTINUE_APP_ID || '1090372' }} + private-key: ${{ inputs.app-private-key || secrets.CONTINUE_APP_PRIVATE_KEY }} continue-on-error: true - name: Comment on App Installation - if: steps.check.outputs.should_run == 'true' && inputs.app-private-key != '' && steps.app-token.outcome == 'failure' + if: steps.check.outputs.should_run == 'true' && inputs.use_github_app == 'true' && steps.app-token.outcome == 'failure' uses: actions/github-script@v7 with: github-token: ${{ github.token }} @@ -78,14 +80,17 @@ runs: }); } - - name: Run Continue Review + - name: Run Continue Detailed Review if: steps.check.outputs.should_run == 'true' - uses: continuedev/continue/actions/general-review@bdougie/continue-agent + uses: continuedev/continue/actions/detailed-review@bdougie/continue-agent with: continue-api-key: ${{ inputs.continue-api-key }} continue-org: "continuedev" continue-config: "continuedev/review-bot" - github-token: ${{ inputs.github-token || steps.app-token.outputs.token || github.token }} + use_github_app: ${{ inputs.use_github_app }} + app-id: ${{ inputs.app-id }} + app-private-key: ${{ inputs.app-private-key }} + github-token: ${{ steps.app-token.outputs.token || github.token }} branding: icon: "code" diff --git a/actions/detailed-review/action.yml b/actions/detailed-review/action.yml index 9f688e20d8f..caea4c9d464 100644 --- a/actions/detailed-review/action.yml +++ b/actions/detailed-review/action.yml @@ -12,20 +12,43 @@ inputs: continue-config: description: 'Config path to use (e.g., "myorg/review-bot")' required: true + use_github_app: + description: "Use GitHub App for bot identity (defaults to true)" + default: "true" + required: false + app-id: + description: "GitHub App ID (optional, defaults to Continue Agent app)" + required: false + default: "1090372" # Continue Agent App ID + app-private-key: + description: "GitHub App Private Key (optional, defaults to repository secret)" + required: false github-token: - description: "GitHub token for API operations (defaults to github.token)" + description: "GitHub token for API operations (optional, overrides app token)" required: false runs: using: "composite" steps: + - name: Generate GitHub App Token + if: inputs.use_github_app == 'true' && inputs.github-token == '' + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ inputs.app-id || secrets.CONTINUE_APP_ID || '1090372' }} + private-key: ${{ inputs.app-private-key || secrets.CONTINUE_APP_PRIVATE_KEY }} + continue-on-error: true + - name: Set GitHub Token shell: bash run: | - # Use provided token or default to github.token + # Priority: provided token > app token > default token if [ "${{ inputs.github-token }}" != "" ]; then echo "GH_TOKEN=${{ inputs.github-token }}" >> $GITHUB_ENV echo "Using provided GitHub token for operations" + elif [ "${{ inputs.use_github_app }}" = "true" ] && [ "${{ steps.app-token.outcome }}" = "success" ]; then + echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> $GITHUB_ENV + echo "Using GitHub App token for operations" else echo "GH_TOKEN=${{ github.token }}" >> $GITHUB_ENV echo "Using default GitHub Actions token" diff --git a/actions/general-review/action.yml b/actions/general-review/action.yml index ee7e9d6d83b..5fe5b75e76e 100644 --- a/actions/general-review/action.yml +++ b/actions/general-review/action.yml @@ -12,20 +12,43 @@ inputs: continue-config: description: 'Config path to use (e.g., "myorg/review-bot")' required: true + use_github_app: + description: "Use GitHub App for bot identity (defaults to true)" + default: "true" + required: false + app-id: + description: "GitHub App ID (optional, defaults to Continue Agent app)" + required: false + default: "1090372" # Continue Agent App ID + app-private-key: + description: "GitHub App Private Key (optional, defaults to repository secret)" + required: false github-token: - description: "GitHub token for API operations (defaults to github.token)" + description: "GitHub token for API operations (optional, overrides app token)" required: false runs: using: "composite" steps: + - name: Generate GitHub App Token + if: inputs.use_github_app == 'true' && inputs.github-token == '' + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ inputs.app-id || secrets.CONTINUE_APP_ID || '1090372' }} + private-key: ${{ inputs.app-private-key || secrets.CONTINUE_APP_PRIVATE_KEY }} + continue-on-error: true + - name: Set GitHub Token shell: bash run: | - # Use provided token or default to github.token + # Priority: provided token > app token > default token if [ "${{ inputs.github-token }}" != "" ]; then echo "GH_TOKEN=${{ inputs.github-token }}" >> $GITHUB_ENV echo "Using provided GitHub token for operations" + elif [ "${{ inputs.use_github_app }}" = "true" ] && [ "${{ steps.app-token.outcome }}" = "success" ]; then + echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> $GITHUB_ENV + echo "Using GitHub App token for operations" else echo "GH_TOKEN=${{ github.token }}" >> $GITHUB_ENV echo "Using default GitHub Actions token" From 4f0622bf28c91920918a3e5e4a35c710901abb55 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 15:44:59 -0700 Subject: [PATCH 21/27] style: format action YAML files with prettier - Removed trailing spaces - Standardized comment formatting - Consistent indentation and spacing --- actions/base-review/action.yml | 10 +++++----- actions/detailed-review/action.yml | 2 +- actions/general-review/action.yml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index bf66dc00fc7..6657c7f910c 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -13,7 +13,7 @@ inputs: app-id: description: "GitHub App ID (optional, defaults to Continue Agent app)" required: false - default: "1090372" # Continue Agent App ID + default: "1090372" # Continue Agent App ID app-private-key: description: "GitHub App Private Key (optional, defaults to repository secret)" required: false @@ -28,7 +28,7 @@ runs: # Determine if we should run based on event type SHOULD_RUN="false" REVIEW_TYPE="general" - + if [ "${{ github.event_name }}" = "pull_request" ]; then if [ "${{ github.event.pull_request.draft }}" != "true" ]; then SHOULD_RUN="true" @@ -46,10 +46,10 @@ runs: fi fi fi - + echo "should_run=$SHOULD_RUN" >> $GITHUB_OUTPUT echo "review_type=$REVIEW_TYPE" >> $GITHUB_OUTPUT - + # Debug output echo "Event: ${{ github.event_name }}" echo "Should run: $SHOULD_RUN" @@ -80,7 +80,7 @@ runs: }); } - - name: Run Continue Detailed Review + - name: Run Continue Detailed Review if: steps.check.outputs.should_run == 'true' uses: continuedev/continue/actions/detailed-review@bdougie/continue-agent with: diff --git a/actions/detailed-review/action.yml b/actions/detailed-review/action.yml index caea4c9d464..27f246facd0 100644 --- a/actions/detailed-review/action.yml +++ b/actions/detailed-review/action.yml @@ -19,7 +19,7 @@ inputs: app-id: description: "GitHub App ID (optional, defaults to Continue Agent app)" required: false - default: "1090372" # Continue Agent App ID + default: "1090372" # Continue Agent App ID app-private-key: description: "GitHub App Private Key (optional, defaults to repository secret)" required: false diff --git a/actions/general-review/action.yml b/actions/general-review/action.yml index 5fe5b75e76e..e7c60f05b76 100644 --- a/actions/general-review/action.yml +++ b/actions/general-review/action.yml @@ -19,7 +19,7 @@ inputs: app-id: description: "GitHub App ID (optional, defaults to Continue Agent app)" required: false - default: "1090372" # Continue Agent App ID + default: "1090372" # Continue Agent App ID app-private-key: description: "GitHub App Private Key (optional, defaults to repository secret)" required: false From 2b23c23f590ccdc9fc5b39d88923cc09b4beff06 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 15:49:24 -0700 Subject: [PATCH 22/27] fix: address PR review comments - Add continue-org and continue-config as configurable inputs to base-review (defaults maintained) - Add authorization checks to base-review action for security - Add validation for GitHub App credentials (warn if only one provided) - Remove TODO comments from production code - Keep action reference as @main until PR is merged - Improve user permissions validation for both PR and comment events This addresses the main review concerns: - Security: Added permission checks for OWNER/MEMBER/COLLABORATOR - Flexibility: Made base-review configurable while keeping zero-config defaults - Consistency: Better validation and error messages - Code quality: Removed TODO comments --- actions/base-review/action.yml | 53 ++++++++++++++++++++++++++++-- actions/detailed-review/action.yml | 5 --- actions/general-review/action.yml | 5 --- 3 files changed, 50 insertions(+), 13 deletions(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index 6657c7f910c..6f627b12cab 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -10,6 +10,14 @@ inputs: description: "Use GitHub App for bot identity (defaults to true)" default: "true" required: false + continue-org: + description: "Organization for Continue config (optional)" + required: false + default: "continuedev" + continue-config: + description: "Config path to use (optional)" + required: false + default: "continuedev/review-bot" app-id: description: "GitHub App ID (optional, defaults to Continue Agent app)" required: false @@ -80,13 +88,52 @@ runs: }); } + - name: Validate GitHub App Credentials + if: steps.check.outputs.should_run == 'true' && inputs.use_github_app == 'true' + shell: bash + run: | + # Validate that both app-id and app-private-key are provided together + if [ -n "${{ inputs.app-private-key }}" ] && [ -z "${{ inputs.app-id }}" ]; then + echo "::warning::app-private-key provided without app-id. Both are required for GitHub App authentication." + elif [ -n "${{ inputs.app-id }}" ] && [ -z "${{ inputs.app-private-key }}" ] && [ -z "${{ secrets.CONTINUE_APP_PRIVATE_KEY }}" ]; then + echo "::warning::app-id provided without app-private-key. Both are required for GitHub App authentication." + fi + + - name: Check Authorization + if: steps.check.outputs.should_run == 'true' + shell: bash + run: | + # Check user permissions for PR or comment events + AUTHORIZED="false" + + if [ "${{ github.event_name }}" = "pull_request" ]; then + AUTHOR_ASSOC="${{ github.event.pull_request.author_association }}" + if [ "$AUTHOR_ASSOC" = "OWNER" ] || [ "$AUTHOR_ASSOC" = "MEMBER" ] || [ "$AUTHOR_ASSOC" = "COLLABORATOR" ]; then + AUTHORIZED="true" + else + echo "::notice::Skipping review - PR author is not a team member (association: $AUTHOR_ASSOC)" + fi + elif [ "${{ github.event_name }}" = "issue_comment" ]; then + COMMENTER_ASSOC="${{ github.event.comment.author_association }}" + if [ "$COMMENTER_ASSOC" = "OWNER" ] || [ "$COMMENTER_ASSOC" = "MEMBER" ] || [ "$COMMENTER_ASSOC" = "COLLABORATOR" ]; then + AUTHORIZED="true" + else + echo "::notice::Skipping review - Commenter is not a team member (association: $COMMENTER_ASSOC)" + fi + fi + + if [ "$AUTHORIZED" != "true" ]; then + echo "should_run=false" >> $GITHUB_OUTPUT + exit 0 + fi + - name: Run Continue Detailed Review if: steps.check.outputs.should_run == 'true' - uses: continuedev/continue/actions/detailed-review@bdougie/continue-agent + uses: continuedev/continue/actions/detailed-review@main with: continue-api-key: ${{ inputs.continue-api-key }} - continue-org: "continuedev" - continue-config: "continuedev/review-bot" + continue-org: ${{ inputs.continue-org }} + continue-config: ${{ inputs.continue-config }} use_github_app: ${{ inputs.use_github_app }} app-id: ${{ inputs.app-id }} app-private-key: ${{ inputs.app-private-key }} diff --git a/actions/detailed-review/action.yml b/actions/detailed-review/action.yml index 27f246facd0..ff66b3cc8a4 100644 --- a/actions/detailed-review/action.yml +++ b/actions/detailed-review/action.yml @@ -66,11 +66,6 @@ runs: HAS_TRIGGER_PHRASE: ${{ contains(github.event.comment.body, '@continue-detailed-review') }} run: | # Check if this action should run based on event type and user permissions - # TODO: Future improvement - consolidate into a single action that responds to - # @continue-agent mentions with smart heuristics to determine review type: - # - "@continue-agent" or "@continue-agent review" -> general review - # - "@continue-agent detailed" or similar keywords -> detailed review - # This would provide a more natural bot interaction similar to Claude or GitHub Copilot SHOULD_RUN="false" if [ "${{ github.event_name }}" = "pull_request" ]; then diff --git a/actions/general-review/action.yml b/actions/general-review/action.yml index e7c60f05b76..aaa88914e18 100644 --- a/actions/general-review/action.yml +++ b/actions/general-review/action.yml @@ -66,11 +66,6 @@ runs: HAS_TRIGGER_PHRASE: ${{ contains(github.event.comment.body, '@continue-general-review') }} run: | # Check if this action should run based on event type and user permissions - # TODO: Future improvement - consolidate into a single action that responds to - # @continue-agent mentions with smart heuristics to determine review type: - # - "@continue-agent" or "@continue-agent review" -> general review - # - "@continue-agent detailed" or similar keywords -> detailed review - # This would provide a more natural bot interaction similar to Claude or GitHub Copilot SHOULD_RUN="false" if [ "${{ github.event_name }}" = "pull_request" ]; then From 98f37fe84618e91a480a05a5e86963884aa93311 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 15:51:12 -0700 Subject: [PATCH 23/27] revert: restore TODO comments for future improvements - Re-added TODO comments for action consolidation feature - These represent valid future improvements to track - Will be addressed in a follow-up PR to consolidate actions --- actions/detailed-review/action.yml | 5 +++++ actions/general-review/action.yml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/actions/detailed-review/action.yml b/actions/detailed-review/action.yml index ff66b3cc8a4..27f246facd0 100644 --- a/actions/detailed-review/action.yml +++ b/actions/detailed-review/action.yml @@ -66,6 +66,11 @@ runs: HAS_TRIGGER_PHRASE: ${{ contains(github.event.comment.body, '@continue-detailed-review') }} run: | # Check if this action should run based on event type and user permissions + # TODO: Future improvement - consolidate into a single action that responds to + # @continue-agent mentions with smart heuristics to determine review type: + # - "@continue-agent" or "@continue-agent review" -> general review + # - "@continue-agent detailed" or similar keywords -> detailed review + # This would provide a more natural bot interaction similar to Claude or GitHub Copilot SHOULD_RUN="false" if [ "${{ github.event_name }}" = "pull_request" ]; then diff --git a/actions/general-review/action.yml b/actions/general-review/action.yml index aaa88914e18..e7c60f05b76 100644 --- a/actions/general-review/action.yml +++ b/actions/general-review/action.yml @@ -66,6 +66,11 @@ runs: HAS_TRIGGER_PHRASE: ${{ contains(github.event.comment.body, '@continue-general-review') }} run: | # Check if this action should run based on event type and user permissions + # TODO: Future improvement - consolidate into a single action that responds to + # @continue-agent mentions with smart heuristics to determine review type: + # - "@continue-agent" or "@continue-agent review" -> general review + # - "@continue-agent detailed" or similar keywords -> detailed review + # This would provide a more natural bot interaction similar to Claude or GitHub Copilot SHOULD_RUN="false" if [ "${{ github.event_name }}" = "pull_request" ]; then From 84c71613d6c07298cd27df44ae648362df4d1e1f Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 15:55:26 -0700 Subject: [PATCH 24/27] fix: add workflow-level filtering and secure prompt handling - Add if condition to workflow to only run on PRs or @continue-agent mentions - Prevent workflow from running on every issue comment (security fix) - Implement secure handling of custom prompts after @continue-agent - Sanitize input by using temp files and treating as data, not code - Support custom review instructions: '@continue-agent focus on security' - Add example usage documentation This addresses the security concern about exposing secrets on every comment while adding support for custom review prompts in a secure way. --- .github/workflows/test-continue-agent.yml | 6 +++ actions/base-review/action.yml | 41 +++++++++++++++-- example-usage.md | 55 +++++++++++++++++++++++ 3 files changed, 98 insertions(+), 4 deletions(-) create mode 100644 example-usage.md diff --git a/.github/workflows/test-continue-agent.yml b/.github/workflows/test-continue-agent.yml index debeaa97dd6..df72303010f 100644 --- a/.github/workflows/test-continue-agent.yml +++ b/.github/workflows/test-continue-agent.yml @@ -14,6 +14,12 @@ permissions: jobs: review: + # Only run on PRs (for automatic reviews) or when @continue-agent is mentioned in a comment + if: | + github.event_name == 'pull_request' || + (github.event_name == 'issue_comment' && + github.event.issue.pull_request && + contains(github.event.comment.body, '@continue-agent')) runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index 6f627b12cab..791e336aaad 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -36,6 +36,7 @@ runs: # Determine if we should run based on event type SHOULD_RUN="false" REVIEW_TYPE="general" + CUSTOM_PROMPT="" if [ "${{ github.event_name }}" = "pull_request" ]; then if [ "${{ github.event.pull_request.draft }}" != "true" ]; then @@ -43,25 +44,47 @@ runs: fi elif [ "${{ github.event_name }}" = "issue_comment" ]; then if [ "${{ github.event.issue.pull_request }}" != "" ]; then - COMMENT="${{ github.event.comment.body }}" + # Safely handle comment body to prevent injection + COMMENT_FILE=$(mktemp) + cat > "$COMMENT_FILE" << 'END_COMMENT' + ${{ github.event.comment.body }} + END_COMMENT + # Check for @continue-agent mention - if echo "$COMMENT" | grep -qi "@continue-agent"; then + if grep -qi "@continue-agent" "$COMMENT_FILE"; then SHOULD_RUN="true" - # Check for review type keywords - if echo "$COMMENT" | grep -qi "detailed"; then + + # Extract custom prompt after @continue-agent (if any) + # This sanitizes the input by reading it as data, not executing it + CUSTOM_PROMPT=$(grep -i "@continue-agent" "$COMMENT_FILE" | sed 's/.*@continue-agent\s*//i' | head -1) + + # Check for review type keywords in the full comment + if grep -qi "detailed" "$COMMENT_FILE"; then REVIEW_TYPE="detailed" fi fi + + rm -f "$COMMENT_FILE" fi fi + # Write outputs safely echo "should_run=$SHOULD_RUN" >> $GITHUB_OUTPUT echo "review_type=$REVIEW_TYPE" >> $GITHUB_OUTPUT + + # Save custom prompt to a file to avoid issues with special characters + if [ -n "$CUSTOM_PROMPT" ]; then + echo "$CUSTOM_PROMPT" > custom_prompt.txt + echo "has_custom_prompt=true" >> $GITHUB_OUTPUT + else + echo "has_custom_prompt=false" >> $GITHUB_OUTPUT + fi # Debug output echo "Event: ${{ github.event_name }}" echo "Should run: $SHOULD_RUN" echo "Review type: $REVIEW_TYPE" + echo "Has custom prompt: $([ -n "$CUSTOM_PROMPT" ] && echo "yes" || echo "no")" - name: Generate GitHub App Token if: steps.check.outputs.should_run == 'true' && inputs.use_github_app == 'true' @@ -127,6 +150,16 @@ runs: exit 0 fi + - name: Pass Custom Prompt to Review + if: steps.check.outputs.should_run == 'true' && steps.check.outputs.has_custom_prompt == 'true' + shell: bash + run: | + # Append custom prompt to the review configuration + # This will be picked up by the detailed-review action + echo "CUSTOM_REVIEW_PROMPT<> $GITHUB_ENV + cat custom_prompt.txt >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + - name: Run Continue Detailed Review if: steps.check.outputs.should_run == 'true' uses: continuedev/continue/actions/detailed-review@main diff --git a/example-usage.md b/example-usage.md new file mode 100644 index 00000000000..bec7ac7ae3e --- /dev/null +++ b/example-usage.md @@ -0,0 +1,55 @@ +# Continue Agent Usage Examples + +## Basic Usage + +### 1. Automatic Review on PR +When a PR is opened or marked ready for review, the Continue Agent will automatically perform a code review. + +### 2. Manual Trigger with @mention +Comment on any PR with: +``` +@continue-agent +``` + +### 3. Request Detailed Review +``` +@continue-agent detailed +``` + +### 4. Custom Review Focus +You can provide specific instructions after the @mention: + +``` +@continue-agent please focus on security implications and performance +``` + +``` +@continue-agent check if this follows our team's React best practices +``` + +``` +@continue-agent detailed review the error handling and edge cases +``` + +## Security Features + +1. **Workflow-level filtering**: The workflow only runs when: + - It's a PR event (opened, synchronized, ready_for_review) + - It's a comment on a PR that contains `@continue-agent` + +2. **Action-level authorization**: Only authorized users (OWNER, MEMBER, COLLABORATOR) can trigger reviews + +3. **Input sanitization**: Custom prompts are: + - Read as data, not executed as code + - Written to temporary files to prevent injection + - Passed through environment variables safely + +## How Custom Prompts Work + +When you comment `@continue-agent [your custom instructions]`, the action: +1. Extracts the text after `@continue-agent` +2. Sanitizes it by treating it as data (no shell execution) +3. Passes it to the review action as additional context +4. The AI incorporates your instructions into its review + +This allows flexible, context-aware reviews while maintaining security. \ No newline at end of file From 1422c483803f778e8850ba80c7b959d0f3b95b48 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 16:13:39 -0700 Subject: [PATCH 25/27] fix: quote shell variables to prevent word splitting - Quote all GITHUB_OUTPUT and GITHUB_ENV variables - Prevents potential word splitting issues in shell scripts - Follows shell scripting best practices for variable quoting - Improves script robustness and security --- actions/base-review/action.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index 791e336aaad..bc5ff3395c5 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -69,15 +69,15 @@ runs: fi # Write outputs safely - echo "should_run=$SHOULD_RUN" >> $GITHUB_OUTPUT - echo "review_type=$REVIEW_TYPE" >> $GITHUB_OUTPUT + echo "should_run=$SHOULD_RUN" >> "$GITHUB_OUTPUT" + echo "review_type=$REVIEW_TYPE" >> "$GITHUB_OUTPUT" # Save custom prompt to a file to avoid issues with special characters if [ -n "$CUSTOM_PROMPT" ]; then echo "$CUSTOM_PROMPT" > custom_prompt.txt - echo "has_custom_prompt=true" >> $GITHUB_OUTPUT + echo "has_custom_prompt=true" >> "$GITHUB_OUTPUT" else - echo "has_custom_prompt=false" >> $GITHUB_OUTPUT + echo "has_custom_prompt=false" >> "$GITHUB_OUTPUT" fi # Debug output @@ -146,7 +146,7 @@ runs: fi if [ "$AUTHORIZED" != "true" ]; then - echo "should_run=false" >> $GITHUB_OUTPUT + echo "should_run=false" >> "$GITHUB_OUTPUT" exit 0 fi @@ -156,9 +156,9 @@ runs: run: | # Append custom prompt to the review configuration # This will be picked up by the detailed-review action - echo "CUSTOM_REVIEW_PROMPT<> $GITHUB_ENV - cat custom_prompt.txt >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV + echo "CUSTOM_REVIEW_PROMPT<> "$GITHUB_ENV" + cat custom_prompt.txt >> "$GITHUB_ENV" + echo "EOF" >> "$GITHUB_ENV" - name: Run Continue Detailed Review if: steps.check.outputs.should_run == 'true' From 9c6c833bda72770d1383eab341f101ee65eb0933 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 16:17:15 -0700 Subject: [PATCH 26/27] docs: update README with base-review action and usage examples - Add comprehensive documentation for base-review action - Include zero-config setup examples - Add custom review prompt examples with @continue-agent - Document security features and multi-layer protection - Remove test workflow and standalone example file - Consolidate all documentation in actions/README.md --- .github/workflows/test-continue-agent.yml | 33 ---- actions/README.md | 180 +++++++++++++++++++++- example-usage.md | 55 ------- 3 files changed, 175 insertions(+), 93 deletions(-) delete mode 100644 .github/workflows/test-continue-agent.yml delete mode 100644 example-usage.md diff --git a/.github/workflows/test-continue-agent.yml b/.github/workflows/test-continue-agent.yml deleted file mode 100644 index df72303010f..00000000000 --- a/.github/workflows/test-continue-agent.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: AI Code Review -on: - pull_request: - types: [opened, synchronize, ready_for_review] - issue_comment: - types: [created] - -permissions: - contents: read - pull-requests: write - issues: write - actions: read - checks: write - -jobs: - review: - # Only run on PRs (for automatic reviews) or when @continue-agent is mentioned in a comment - if: | - github.event_name == 'pull_request' || - (github.event_name == 'issue_comment' && - github.event.issue.pull_request && - contains(github.event.comment.body, '@continue-agent')) - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - # This will use GitHub App token if available, otherwise falls back to github.token - - uses: continuedev/continue/actions/base-review@bdougie/continue-agent - with: - continue-api-key: ${{ secrets.CONTINUE_API_KEY }} - # Optional: Provide these if you have a GitHub App installed - # app-id: ${{ secrets.CONTINUE_APP_ID }} - # app-private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} diff --git a/actions/README.md b/actions/README.md index 741c56dae13..77a5ca9d9e7 100644 --- a/actions/README.md +++ b/actions/README.md @@ -4,26 +4,182 @@ GitHub Actions that provide automated code reviews for pull requests using Conti ## Available Actions -This repository provides two GitHub Actions for different review styles: +This repository provides three GitHub Actions for automated code reviews: -### 1. General Review Action +### 1. Base Review Action (Recommended) + +Zero-config AI code review that automatically handles both general and detailed reviews. + +- **Path:** `continuedev/continue/actions/base-review@main` +- **Trigger:** `@continue-agent` (with optional custom instructions) +- **Output:** Comprehensive review with inline comments + +### 2. General Review Action Provides high-level PR assessment with overall feedback and recommendations. -- **Path:** `continuedev/continue/actions/general-review@` +- **Path:** `continuedev/continue/actions/general-review@main` - **Trigger:** `@continue-general-review` - **Output:** Summary comment with strengths, issues, and recommendations -### 2. Detailed Review Action +### 3. Detailed Review Action Provides line-by-line inline comments on specific code changes. -- **Path:** `continuedev/continue/actions/detailed-review@` +- **Path:** `continuedev/continue/actions/detailed-review@main` - **Trigger:** `@continue-detailed-review` - **Output:** Inline review comments on specific lines of code ## Quick Start +### Zero-Config Setup (Recommended) + +The simplest way to add AI code reviews to your repository: + +```yaml +name: AI Code Review +on: + pull_request: + types: [opened, synchronize, ready_for_review] + issue_comment: + types: [created] + +permissions: + contents: read + pull-requests: write + issues: write + actions: read + checks: write + +jobs: + review: + # Only run on PRs or when @continue-agent is mentioned + if: | + github.event_name == 'pull_request' || + (github.event_name == 'issue_comment' && + github.event.issue.pull_request && + contains(github.event.comment.body, '@continue-agent')) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: continuedev/continue/actions/base-review@main + with: + continue-api-key: ${{ secrets.CONTINUE_API_KEY }} +``` + +### With GitHub App (For Bot Identity) + +```yaml +name: AI Code Review +on: + pull_request: + types: [opened, synchronize, ready_for_review] + issue_comment: + types: [created] + +permissions: + contents: read + pull-requests: write + issues: write + actions: read + checks: write + +jobs: + review: + if: | + github.event_name == 'pull_request' || + (github.event_name == 'issue_comment' && + github.event.issue.pull_request && + contains(github.event.comment.body, '@continue-agent')) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Generate GitHub App Token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.CONTINUE_APP_ID }} + private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} + + - uses: continuedev/continue/actions/base-review@main + with: + continue-api-key: ${{ secrets.CONTINUE_API_KEY }} + github-token: ${{ steps.app-token.outputs.token }} +``` + +### With Custom Configuration + +```yaml +- uses: continuedev/continue/actions/base-review@main + with: + continue-api-key: ${{ secrets.CONTINUE_API_KEY }} + continue-org: "your-org-name" + continue-config: "your-org-name/custom-review-bot" +``` + +## Usage Examples + +### Basic Usage + +#### Automatic Review on PR +When a PR is opened or marked ready for review, the Continue Agent will automatically perform a code review. + +#### Manual Trigger with @mention +Comment on any PR with: +``` +@continue-agent +``` + +#### Request Detailed Review +``` +@continue-agent detailed +``` + +### Custom Review Focus + +You can provide specific instructions after the @mention: + +``` +@continue-agent please focus on security implications and performance +``` + +``` +@continue-agent check if this follows our team's React best practices +``` + +``` +@continue-agent detailed review the error handling and edge cases +``` + +## Security Features + +### Multi-Layer Security + +1. **Workflow-level filtering**: The workflow only runs when: + - It's a PR event (opened, synchronized, ready_for_review) + - It's a comment on a PR that contains `@continue-agent` + +2. **Action-level authorization**: Only authorized users (OWNER, MEMBER, COLLABORATOR) can trigger reviews + +3. **Input sanitization**: Custom prompts are: + - Read as data, not executed as code + - Written to temporary files to prevent injection + - Passed through environment variables safely + +### How Custom Prompts Work + +When you comment `@continue-agent [your custom instructions]`, the action: +1. Extracts the text after `@continue-agent` +2. Sanitizes it by treating it as data (no shell execution) +3. Passes it to the review action as additional context +4. The AI incorporates your instructions into its review + +This allows flexible, context-aware reviews while maintaining security. + +## Quick Start + ### Using Both Actions Together ```yaml @@ -117,6 +273,20 @@ jobs: ## Inputs +### Base Review Action + +| Input | Description | Required | Default | +| ------------------ | ---------------------------------------------- | -------- | ------- | +| `continue-api-key` | API key for Continue service | Yes | - | +| `continue-org` | Organization for Continue config | No | `continuedev` | +| `continue-config` | Config path (e.g., "myorg/review-bot") | No | `continuedev/review-bot` | +| `use_github_app` | Use GitHub App for bot identity | No | `true` | +| `app-id` | GitHub App ID | No | `1090372` | +| `app-private-key` | GitHub App Private Key | No | - | +| `github-token` | GitHub token for API access | No | - | + +### General and Detailed Review Actions + Both actions accept the same inputs: | Input | Description | Required | Default | diff --git a/example-usage.md b/example-usage.md deleted file mode 100644 index bec7ac7ae3e..00000000000 --- a/example-usage.md +++ /dev/null @@ -1,55 +0,0 @@ -# Continue Agent Usage Examples - -## Basic Usage - -### 1. Automatic Review on PR -When a PR is opened or marked ready for review, the Continue Agent will automatically perform a code review. - -### 2. Manual Trigger with @mention -Comment on any PR with: -``` -@continue-agent -``` - -### 3. Request Detailed Review -``` -@continue-agent detailed -``` - -### 4. Custom Review Focus -You can provide specific instructions after the @mention: - -``` -@continue-agent please focus on security implications and performance -``` - -``` -@continue-agent check if this follows our team's React best practices -``` - -``` -@continue-agent detailed review the error handling and edge cases -``` - -## Security Features - -1. **Workflow-level filtering**: The workflow only runs when: - - It's a PR event (opened, synchronized, ready_for_review) - - It's a comment on a PR that contains `@continue-agent` - -2. **Action-level authorization**: Only authorized users (OWNER, MEMBER, COLLABORATOR) can trigger reviews - -3. **Input sanitization**: Custom prompts are: - - Read as data, not executed as code - - Written to temporary files to prevent injection - - Passed through environment variables safely - -## How Custom Prompts Work - -When you comment `@continue-agent [your custom instructions]`, the action: -1. Extracts the text after `@continue-agent` -2. Sanitizes it by treating it as data (no shell execution) -3. Passes it to the review action as additional context -4. The AI incorporates your instructions into its review - -This allows flexible, context-aware reviews while maintaining security. \ No newline at end of file From 0a522a3599cba180970f314482ff5080441ae4ff Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Wed, 20 Aug 2025 16:19:02 -0700 Subject: [PATCH 27/27] style: run prettier formatting - Format YAML and Markdown files with prettier - Fix trailing spaces and consistent formatting - Align table columns in README - Ensure consistent line breaks and spacing --- actions/README.md | 30 ++++++++++++++++++------------ actions/base-review/action.yml | 6 +++--- 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/actions/README.md b/actions/README.md index 77a5ca9d9e7..6e1ddd9e70c 100644 --- a/actions/README.md +++ b/actions/README.md @@ -62,7 +62,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - + - uses: continuedev/continue/actions/base-review@main with: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} @@ -95,14 +95,14 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - + - name: Generate GitHub App Token id: app-token uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.CONTINUE_APP_ID }} private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} - + - uses: continuedev/continue/actions/base-review@main with: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} @@ -124,15 +124,19 @@ jobs: ### Basic Usage #### Automatic Review on PR + When a PR is opened or marked ready for review, the Continue Agent will automatically perform a code review. #### Manual Trigger with @mention + Comment on any PR with: + ``` @continue-agent ``` #### Request Detailed Review + ``` @continue-agent detailed ``` @@ -158,6 +162,7 @@ You can provide specific instructions after the @mention: ### Multi-Layer Security 1. **Workflow-level filtering**: The workflow only runs when: + - It's a PR event (opened, synchronized, ready_for_review) - It's a comment on a PR that contains `@continue-agent` @@ -171,6 +176,7 @@ You can provide specific instructions after the @mention: ### How Custom Prompts Work When you comment `@continue-agent [your custom instructions]`, the action: + 1. Extracts the text after `@continue-agent` 2. Sanitizes it by treating it as data (no shell execution) 3. Passes it to the review action as additional context @@ -275,15 +281,15 @@ jobs: ### Base Review Action -| Input | Description | Required | Default | -| ------------------ | ---------------------------------------------- | -------- | ------- | -| `continue-api-key` | API key for Continue service | Yes | - | -| `continue-org` | Organization for Continue config | No | `continuedev` | -| `continue-config` | Config path (e.g., "myorg/review-bot") | No | `continuedev/review-bot` | -| `use_github_app` | Use GitHub App for bot identity | No | `true` | -| `app-id` | GitHub App ID | No | `1090372` | -| `app-private-key` | GitHub App Private Key | No | - | -| `github-token` | GitHub token for API access | No | - | +| Input | Description | Required | Default | +| ------------------ | -------------------------------------- | -------- | ------------------------ | +| `continue-api-key` | API key for Continue service | Yes | - | +| `continue-org` | Organization for Continue config | No | `continuedev` | +| `continue-config` | Config path (e.g., "myorg/review-bot") | No | `continuedev/review-bot` | +| `use_github_app` | Use GitHub App for bot identity | No | `true` | +| `app-id` | GitHub App ID | No | `1090372` | +| `app-private-key` | GitHub App Private Key | No | - | +| `github-token` | GitHub token for API access | No | - | ### General and Detailed Review Actions diff --git a/actions/base-review/action.yml b/actions/base-review/action.yml index bc5ff3395c5..961d47ed741 100644 --- a/actions/base-review/action.yml +++ b/actions/base-review/action.yml @@ -71,7 +71,7 @@ runs: # Write outputs safely echo "should_run=$SHOULD_RUN" >> "$GITHUB_OUTPUT" echo "review_type=$REVIEW_TYPE" >> "$GITHUB_OUTPUT" - + # Save custom prompt to a file to avoid issues with special characters if [ -n "$CUSTOM_PROMPT" ]; then echo "$CUSTOM_PROMPT" > custom_prompt.txt @@ -128,7 +128,7 @@ runs: run: | # Check user permissions for PR or comment events AUTHORIZED="false" - + if [ "${{ github.event_name }}" = "pull_request" ]; then AUTHOR_ASSOC="${{ github.event.pull_request.author_association }}" if [ "$AUTHOR_ASSOC" = "OWNER" ] || [ "$AUTHOR_ASSOC" = "MEMBER" ] || [ "$AUTHOR_ASSOC" = "COLLABORATOR" ]; then @@ -144,7 +144,7 @@ runs: echo "::notice::Skipping review - Commenter is not a team member (association: $COMMENTER_ASSOC)" fi fi - + if [ "$AUTHORIZED" != "true" ]; then echo "should_run=false" >> "$GITHUB_OUTPUT" exit 0