-
Notifications
You must be signed in to change notification settings - Fork 1.1k
289 lines (251 loc) · 10.7 KB
/
code-review-sweep.yml
File metadata and controls
289 lines (251 loc) · 10.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
name: Code Review Sweep
on:
schedule:
# Every 15 minutes
- cron: "*/15 * * * *"
workflow_dispatch:
permissions:
contents: read
# Prevent overlapping sweeps
concurrency:
group: code-review-sweep
cancel-in-progress: false
jobs:
# ---------------------------------------------------------------------------
# Job 1: Determine which modules to review
# ---------------------------------------------------------------------------
dispatch:
# Only run on official repo, not forks
if: github.repository == 'open-telemetry/opentelemetry-java-instrumentation'
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.build-matrix.outputs.matrix }}
has_work: ${{ steps.build-matrix.outputs.has_work }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 1
- name: Fetch progress branch
run: git fetch origin otelbot/code-review-progress || true
- name: Build review matrix
id: build-matrix
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Read progress from the dedicated orphan branch (if it exists)
progress=$(git show origin/otelbot/code-review-progress:reviewed.txt 2>/dev/null || true)
if [[ -n "$progress" ]]; then
export REVIEW_PROGRESS="$progress"
fi
python .github/scripts/build-review-matrix.py
# ---------------------------------------------------------------------------
# Job 2: Run copilot review for each module in the matrix
# ---------------------------------------------------------------------------
review:
needs: dispatch
if: needs.dispatch.outputs.has_work == 'true'
runs-on: ubuntu-latest
strategy:
matrix: ${{ fromJSON(needs.dispatch.outputs.matrix) }}
fail-fast: false
max-parallel: 3 # keep low to avoid Copilot API rate limits
environment: protected
permissions:
contents: write # for git push
env:
MODULE_DIR: ${{ matrix.module_dir }}
SHORT_NAME: ${{ matrix.short_name }}
MODEL: "gpt-5.4"
COPILOT_OUTPUT: /tmp/copilot-output.jsonl
FINAL_ASSISTANT_MESSAGE: /tmp/final-assistant-message.txt
REVIEW_REPORT: /tmp/review-report.json
REVIEW_DIAGNOSTICS: /tmp/review-diagnostics.txt
PR_BODY: /tmp/pr-body.md
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Fetch progress branch
run: git fetch origin otelbot/code-review-progress || true
- name: Free disk space
run: .github/scripts/gha-free-disk-space.sh
- name: Set up JDK for running Gradle
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
distribution: temurin
java-version-file: .java-version
- name: Setup Gradle
uses: gradle/actions/setup-gradle@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6.0.1
with:
cache-read-only: true
- name: Install Copilot CLI
run: |
curl -fsSL https://gh.io/copilot-install | bash
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
- name: Use CLA approved bot
run: .github/scripts/use-cla-approved-bot.sh
- name: Check out review branch
run: |
branch="otelbot/code-review-${SHORT_NAME//:/-}"
git checkout -B "$branch" origin/main
- name: Run Copilot review
id: copilot-review
env:
COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}
COPILOT_REVIEW_PROMPT_TEMPLATE: >-
Review all files under __MODULE_DIR__. Apply safe repository-guideline fixes directly.
Return ONLY a valid JSON object as your final answer with this exact schema:
{"summary": string, "changes": [{"path": string, "category": string, "change": string, "reason": string, "line_hint": number|null}], "unresolved": [{"path": string, "reason": string}]}
Include one changes entry for every file you changed.
Use concise factual reasons that cite the review guideline or repository rule behind each change.
In `summary`, `change`, and `reason`, use Markdown inline code backticks around code-like constructs when helpful,
including annotations, class names, method names, field names, file names, Gradle tasks, commands, flags, and config keys.
If no safe fixes were applied, still return valid JSON with an empty changes array and a brief summary.
Do not write markdown and do not wrap the JSON in code fences.
run: |
rm -f "$COPILOT_OUTPUT"
rm -f "$FINAL_ASSISTANT_MESSAGE"
rm -f "$REVIEW_REPORT"
echo "::group::Copilot review ($MODEL) for $MODULE_DIR"
prompt=${COPILOT_REVIEW_PROMPT_TEMPLATE/__MODULE_DIR__/$MODULE_DIR}
copilot -p "$prompt" \
--agent code-review-and-fix \
--model "$MODEL" \
--output-format json \
--silent \
--stream off \
--yolo \
> "$COPILOT_OUTPUT"
echo "::endgroup::"
- name: Extract review report
id: extract-review-report
run: |
python .github/scripts/code-review-extract-report.py \
--input "$COPILOT_OUTPUT" \
--final-message-output "$FINAL_ASSISTANT_MESSAGE" \
--output "$REVIEW_REPORT"
echo "::group::Extracted review report"
python -m json.tool "$REVIEW_REPORT"
echo "::endgroup::"
- name: Generate review diagnostics
if: always()
run: |
python .github/scripts/code-review-jsonl-diagnostics.py --input "$COPILOT_OUTPUT" > "$REVIEW_DIAGNOSTICS"
- name: Dump review diagnostics on failure
if: failure()
run: |
echo "::group::Copilot JSONL diagnostics"
cat "$REVIEW_DIAGNOSTICS"
echo "::endgroup::"
if [[ -f "$FINAL_ASSISTANT_MESSAGE" ]]; then
echo "::group::Extracted final assistant message"
cat "$FINAL_ASSISTANT_MESSAGE"
echo "::endgroup::"
fi
if [[ -f "$REVIEW_REPORT" ]]; then
echo "::group::Partial extracted review report"
cat "$REVIEW_REPORT"
echo "::endgroup::"
fi
if [[ -f "$COPILOT_OUTPUT" ]]; then
echo "::group::Raw Copilot JSONL"
cat "$COPILOT_OUTPUT"
echo "::endgroup::"
fi
- name: Prepare diagnostics artifact name
if: always()
id: diagnostics-artifact-name
run: |
echo "name=code-review-diagnostics-${SHORT_NAME//:/-}" >> "$GITHUB_OUTPUT"
- name: Upload review diagnostics artifact
if: always()
id: upload-review-diagnostics
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: ${{ steps.diagnostics-artifact-name.outputs.name }}
path: |
/tmp/copilot-output.jsonl
/tmp/final-assistant-message.txt
/tmp/review-report.json
/tmp/review-diagnostics.txt
if-no-files-found: ignore
- name: Prepare PR body
run: |
python .github/scripts/code-review-pr-body.py \
--input "$REVIEW_REPORT" \
--output "$PR_BODY" \
--module-dir "$MODULE_DIR" \
--model "$MODEL" \
--artifact-url "${{ steps.upload-review-diagnostics.outputs.artifact-url }}"
- name: Commit and push fixes
id: commit
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
branch="otelbot/code-review-${SHORT_NAME//:/-}"
# Skip if a PR already exists — a maintainer may have pushed follow-up commits
existing=$(gh pr list --head "$branch" --state open --json number --jq 'length')
if [[ "$existing" -ne 0 ]]; then
echo "PR already exists for $branch — skipping to avoid overwriting maintainer changes"
exit 0
fi
# Reset any copilot commits back to origin/main, keeping changes staged
base_sha=$(git rev-parse origin/main)
git reset --soft "$base_sha"
# Stage everything and check if there are real changes vs origin/main
git add -A
if git diff --cached --quiet origin/main; then
echo "No changes to submit"
exit 0
fi
git commit -m "Review fixes for ${SHORT_NAME}" \
-m "Automated code review of ${MODULE_DIR}."
git push -f origin "$branch"
echo "pushed=true" >> "$GITHUB_OUTPUT"
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
id: otelbot-token
if: steps.commit.outputs.pushed == 'true'
with:
app-id: ${{ vars.OTELBOT_APP_ID }}
private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
- name: Create PR
if: steps.commit.outputs.pushed == 'true'
env:
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
run: |
branch="otelbot/code-review-${SHORT_NAME//:/-}"
# Create PR (skip if one already exists for this branch)
existing=$(gh pr list --head "$branch" --state open --json number --jq 'length')
if [[ "$existing" -eq 0 ]]; then
gh pr create \
--title "Review fixes for ${SHORT_NAME}" \
--body-file "$PR_BODY" \
--base main \
--head "$branch" \
--label "automated code review"
else
echo "PR already exists for $branch — skipping creation"
fi
- name: Ensure progress branch exists
run: |
if ! git rev-parse --verify origin/otelbot/code-review-progress >/dev/null 2>&1; then
git checkout --orphan otelbot/code-review-progress
git reset --hard
git commit --allow-empty -m "Initialize progress tracking"
git push origin HEAD:otelbot/code-review-progress || true
fi
- name: Check out progress branch
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: otelbot/code-review-progress
path: progress
- name: Mark module as reviewed
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cd progress
git config user.name otelbot
git config user.email 197425009+otelbot@users.noreply.github.com
# Append this module (one per line, matching build-review-matrix.py)
echo "$SHORT_NAME" >> reviewed.txt
git add reviewed.txt
git commit -m "Mark $SHORT_NAME as reviewed"
git push origin HEAD:otelbot/code-review-progress