diff --git a/.github/settings.yml b/.github/settings.yml index ad80e998..38f50a47 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -16,6 +16,7 @@ branches: [ Build, Docs Build, + Fro Bot, Typecheck, Lint, Test, diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 869b618b..1ec2326d 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -27,15 +27,15 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2 + uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 with: config-file: ./.github/codeql/codeql-config.yml languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2 + uses: github/codeql-action/autobuild@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2 + uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 with: category: '/language:${{ matrix.language }}' diff --git a/.github/workflows/fro-bot.yaml b/.github/workflows/fro-bot.yaml new file mode 100644 index 00000000..e0d3d8ea --- /dev/null +++ b/.github/workflows/fro-bot.yaml @@ -0,0 +1,82 @@ +--- +name: Fro Bot + +on: + issue_comment: + types: [created] + pull_request_review_comment: + types: [created] + pull_request: + branches: [main] + types: [opened, synchronize, reopened, ready_for_review] + schedule: + - cron: '0 0 * * *' + workflow_dispatch: + inputs: + prompt: + description: Custom prompt for the Fro Bot agent + required: false + +permissions: + contents: read + +concurrency: + group: fro-bot-${{ github.event.issue.number || github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +env: + DEFAULT_PROMPT: | + You are Fro Bot, an AI assistant for managing GitHub repositories. Your tasks include: + - Reviewing new issues and pull requests + - Providing feedback and suggestions + - Triaging and labeling issues + - Assisting with code reviews + - Engaging with the community to keep the repository healthy and active + You have been triggered by a recent event. Please analyze the context and take appropriate actions to help maintain the repository. + SCHEDULE_PROMPT: | + Review the repository's open issues and pull requests. For each item, determine if it is: + - Stale and needs follow-up + - Ready for review + - Needs triage + Summarize your findings in a comment on the issue or PR, or create a new issue if necessary. + +jobs: + fro-bot: + if: >- + ( + github.event.pull_request == null || + !github.event.pull_request.head.repo.fork + ) && + ( + (github.event_name != 'issue_comment' && github.event_name != 'pull_request_review_comment') || + ( + contains(github.event.comment.body || '', '@fro-bot') && + (github.event.comment.user.login || '') != 'fro-bot' && + contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.comment.author_association || '') + ) + ) + name: Fro Bot + runs-on: ubuntu-latest + timeout-minutes: 15 + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 0 + token: ${{ secrets.FRO_BOT_PAT }} + + - name: Setup Bun + uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2 + + - name: Install dependencies + run: bun install --frozen-lockfile + + - name: Run Fro Bot + uses: fro-bot/agent@929db5028efcda98199303941e9edd6c54075980 + env: + OPENCODE_PROMPT_ARTIFACT: 'true' + PROMPT: ${{ (github.event_name == 'workflow_dispatch' && (github.event.inputs.prompt || env.DEFAULT_PROMPT)) || (github.event_name == 'schedule' && env.SCHEDULE_PROMPT) || '' }} + with: + auth-json: '{}' + github-token: ${{ secrets.FRO_BOT_PAT }} + prompt: ${{ env.PROMPT }} diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 80b3995b..e51d64b0 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -38,6 +38,6 @@ jobs: retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2 + uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 with: sarif_file: results.sarif