File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : jules-review
2+
3+ # Optional: auto-invoke Jules for a security-focused review on every PR.
4+ # PRIMARY path is simply commenting "@jules review this PR for security" on a PR —
5+ # Jules reads AGENTS.md + .github/agents/security-reviewer.agent.md and responds.
6+ # This workflow automates that, but only runs when a JULES_API_KEY secret is present,
7+ # so it no-ops safely in repos that haven't set one.
8+
9+ on :
10+ pull_request :
11+ types : [opened, synchronize, ready_for_review]
12+
13+ permissions :
14+ contents : read
15+ pull-requests : write
16+
17+ jobs :
18+ jules :
19+ runs-on : ubuntu-latest
20+ steps :
21+ - name : Guard — only run when a Jules key is configured
22+ id : guard
23+ run : |
24+ if [ -n "${{ secrets.JULES_API_KEY }}" ]; then
25+ echo "enabled=true" >> "$GITHUB_OUTPUT"
26+ else
27+ echo "enabled=false" >> "$GITHUB_OUTPUT"
28+ echo "No JULES_API_KEY set — skipping automated Jules review. Use @jules on the PR instead."
29+ fi
30+ - name : Jules security review
31+ if : steps.guard.outputs.enabled == 'true'
32+ uses : sanjay3290/jules-pr-reviewer@main
33+ with :
34+ jules-api-key : ${{ secrets.JULES_API_KEY }}
35+ github-token : ${{ github.token }}
36+ review-prompt : >
37+ Review this pull request as an adversarial application-security reviewer.
38+ Follow .github/agents/security-reviewer.agent.md: hunt for broken authorization
39+ and multi-tenant data leakage, BYOK secret handling, injection/SSRF, and weak
40+ crypto. Default to "this is a finding" when unsure. Cite file:line and propose the fix.
You can’t perform that action at this time.
0 commit comments