From 19b703464b192ada206aca4447e4ae1e7f74b9b2 Mon Sep 17 00:00:00 2001 From: Carl Mathieu Date: Thu, 5 Mar 2026 15:08:08 -0500 Subject: [PATCH 1/2] ci: add pr review bot --- .github/PULL_REQUEST_TEMPLATE.md | 3 +- .github/workflows/pr-review.yml | 29 ++++++++++++++++++ CONTRIBUTING.md | 5 ++++ README.md | 5 ++++ doc/GitHubActions.md | 50 ++++++++++++++++++++++++++++++++ pull-request-bot.json | 18 ++++++++++++ src/cli/CHANGELOG.md | 3 ++ 7 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/pr-review.yml create mode 100644 doc/GitHubActions.md create mode 100644 pull-request-bot.json diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index b5c1d9db..5a192540 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -38,7 +38,8 @@ No matter your changes, these checks always apply. - If you create a new header, it aligns with the **Impact on version** section and matches what is generated in the build pipeline. - [ ] Documentation files were updated according with the changes. - Update `README.md` and `src/cli/CLI.md` if you made changes to **templating**. - - Update `AzurePipelines.md` and `src/app/README.md` if you made changes to **pipelines**. + - Update `AzurePipelines.md` and `src/app/README.md` if you made changes to **Azure Pipelines**. + - Update `GitHubActions.md` if you made changes to **GitHub Actions workflows**. - Update `Diagnostics.md` if you made changes to **diagnostic tools**. - Update `Architecture.md` and its diagrams if you made **architecture decisions** or if you introduced new **recipes**. - ...and so forth: Make sure you update the documentation files associated to the recipes you changed. Review the topics by looking at the content of the `doc/` folder. diff --git a/.github/workflows/pr-review.yml b/.github/workflows/pr-review.yml new file mode 100644 index 00000000..5f90ad90 --- /dev/null +++ b/.github/workflows/pr-review.yml @@ -0,0 +1,29 @@ +name: PR Review Bot + +on: + pull_request: + types: [opened, synchronize, reopened] + +permissions: + contents: read + pull-requests: write + +jobs: + review: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.11" + + - name: Run Pull Request Bot + uses: nventive/pull-request-bot@v2 + with: + api-key: ${{ secrets.ANTHROPIC_API_KEY }} + config-path: "./pull-request-bot.json" \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2f408a45..739a6b16 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -81,6 +81,11 @@ use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. +> 💡 Pull requests are automatically reviewed by an **AI-powered PR Review Bot** +> in addition to human reviewers. The bot may post review comments and suggest +> fixes on your pull request. See [GitHubActions.md](doc/GitHubActions.md) for +> details on how this is configured. + ## Community Guidelines This project follows [Google's Open Source Community diff --git a/README.md b/README.md index 7914016f..9f59e13f 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,11 @@ Please read [CONTRIBUTING](CONTRIBUTING.md) for details on the process for contr Be mindful of our [Code of Conduct](CODE_OF_CONDUCT.md). +## CI/CD & Automation + +- [Azure Pipelines](doc/AzurePipelines.md) — Build, test, and release pipelines. +- [GitHub Actions](doc/GitHubActions.md) — Pull request automation (conventional commits validation, AI-powered code review). + ### Application Template To debug the app from within the template, run the following commands: diff --git a/doc/GitHubActions.md b/doc/GitHubActions.md new file mode 100644 index 00000000..ef6d6fe6 --- /dev/null +++ b/doc/GitHubActions.md @@ -0,0 +1,50 @@ +# GitHub Actions + +This project uses [GitHub Actions](https://docs.github.com/en/actions) workflows for pull request automation. These are separate from the [Azure Pipelines](AzurePipelines.md) which handle the build, test, and release CI/CD process. + +All workflow files are located under [`.github/workflows/`](../.github/workflows/). + +## Workflows + +### Conventional Commits ([conventional-commits.yml](../.github/workflows/conventional-commits.yml)) + +This workflow validates that all commit messages in a pull request follow the [Conventional Commits](https://www.conventionalcommits.org/) specification. It runs [Commitsar](https://commitsar.aevea.ee/) via Docker on every pull request. + +This ensures consistent commit history and enables automated versioning based on commit types. + +### PR Review Bot ([pr-review.yml](../.github/workflows/pr-review.yml)) + +This workflow provides **AI-powered code review** on pull requests using the [`nventive/pull-request-bot`](https://github.com/nventive/pull-request-bot) action. + +#### Triggers + +The bot runs automatically when a pull request is: +- **Opened** +- **Synchronized** (new commits pushed) +- **Reopened** + +#### Permissions + +The workflow requires the following permissions: +- `contents: read` — to read the repository code. +- `pull-requests: write` — to post review comments and update the PR description. + +#### Configuration + +The bot behavior is configured in [`pull-request-bot.json`](../pull-request-bot.json): + +| Setting | Value | Description | +|-|-|-| +| Model | Claude Opus | The AI model used for code review. | +| Excluded patterns | `tests/**`, `**/*.test.js` | Files excluded from review. | +| Max file size | 320 KB | Files larger than this are skipped. | +| Auto-fix enabled | Yes | The bot can suggest automatic fixes. | +| Confidence threshold | 85% | Minimum confidence required for auto-fix suggestions. | +| Max fixes per file | 5 | Maximum number of auto-fix suggestions per file. | +| PR description mode | Append | The bot appends a summary to the PR description. | + +#### Required Secret + +| Secret | Description | +|-|-| +| `ANTHROPIC_API_KEY` | API key for the Anthropic Claude model used by the PR Review Bot. This must be configured in the repository's [GitHub Actions secrets](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions). | diff --git a/pull-request-bot.json b/pull-request-bot.json new file mode 100644 index 00000000..e8260682 --- /dev/null +++ b/pull-request-bot.json @@ -0,0 +1,18 @@ +{ + "claude_code": { + "model": "opus" + }, + "file_filter": { + "exclude_patterns": ["tests/**", "**/*.test.js"], + "max_file_size": 327680 + }, + "auto_fix": { + "enabled": true, + "confidence_threshold": 0.85, + "max_fixes_per_file": 5 + }, + "pr_description": { + "enabled": true, + "mode": "append" + } +} \ No newline at end of file diff --git a/src/cli/CHANGELOG.md b/src/cli/CHANGELOG.md index 2691f3ad..d9976cea 100644 --- a/src/cli/CHANGELOG.md +++ b/src/cli/CHANGELOG.md @@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) Prefix your items with `(Template)` if the change is about the template and not the resulting application. +## 0.26.3 +- Add PR bot to check PRs in GitHub. + ## 0.26.2 - Fix issue with dispose in VM. - Fix errors in documentation. From da72c09d2e57f1a97fd4af7d01ef66f484eea01f Mon Sep 17 00:00:00 2001 From: Carl Mathieu Date: Thu, 5 Mar 2026 15:45:00 -0500 Subject: [PATCH 2/2] ci: change to access private repo --- .github/workflows/pr-review.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-review.yml b/.github/workflows/pr-review.yml index 5f90ad90..1faba042 100644 --- a/.github/workflows/pr-review.yml +++ b/.github/workflows/pr-review.yml @@ -17,13 +17,16 @@ jobs: with: fetch-depth: 0 + - name: Pull pull-request-bot action + run: git clone --depth 1 --branch v2 https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/nventive/pull-request-bot.git .github/actions/pull-request-bot + - name: Set up Python uses: actions/setup-python@v5 with: python-version: "3.11" - name: Run Pull Request Bot - uses: nventive/pull-request-bot@v2 - with: - api-key: ${{ secrets.ANTHROPIC_API_KEY }} - config-path: "./pull-request-bot.json" \ No newline at end of file + run: node .github/actions/pull-request-bot/dist/index.js + env: + INPUT_API-KEY: ${{ secrets.ANTHROPIC_API_KEY }} + INPUT_CONFIG-PATH: "./pull-request-bot.json" \ No newline at end of file