|
| 1 | +name: AI Code Review |
| 2 | + |
| 3 | +permissions: |
| 4 | + contents: read |
| 5 | + pull-requests: read |
| 6 | + issues: read |
| 7 | + id-token: write |
| 8 | + |
| 9 | +on: |
| 10 | + pull_request: |
| 11 | + types: [opened, review_requested] |
| 12 | + |
| 13 | +jobs: |
| 14 | + get-commits: |
| 15 | + if: ${{ secrets.KP_REVIEW_BOT_APP_ID != '' }} |
| 16 | + runs-on: 'ubuntu-latest' |
| 17 | + continue-on-error: true |
| 18 | + outputs: |
| 19 | + commits: ${{ steps.get-commits.outputs.commits }} |
| 20 | + steps: |
| 21 | + - name: Checkout Linux source tree |
| 22 | + uses: actions/checkout@v5 |
| 23 | + with: |
| 24 | + fetch-depth: 32 |
| 25 | + |
| 26 | + # Get the list of commits and trigger a review job for each separate commit |
| 27 | + # As a safeguard, check no more than the first 50 commits |
| 28 | + - name: Get PR commits |
| 29 | + id: get-commits |
| 30 | + run: | |
| 31 | + tmp=$(mktemp) |
| 32 | + git rev-list ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} | head -n 50 > pr_commits.txt |
| 33 | + cat pr_commits.txt | tail -n +2 | jq -R -s -c 'split("\n")[:-1]' > $tmp |
| 34 | + echo "commits=$(cat $tmp)" >> $GITHUB_OUTPUT |
| 35 | +
|
| 36 | +
|
| 37 | + ai-review: |
| 38 | + needs: get-commits |
| 39 | + runs-on: 'ubuntu-latest' |
| 40 | + continue-on-error: true |
| 41 | + strategy: |
| 42 | + matrix: |
| 43 | + commit: ${{ fromJson(needs.get-commits.outputs.commits) }} |
| 44 | + fail-fast: false |
| 45 | + env: |
| 46 | + AWS_REGION: us-west-2 |
| 47 | + steps: |
| 48 | + - name: Checkout CI code |
| 49 | + uses: actions/checkout@v5 |
| 50 | + with: |
| 51 | + sparse-checkout: | |
| 52 | + .github |
| 53 | + ci |
| 54 | +
|
| 55 | + - name: Generate GitHub App token |
| 56 | + id: app-token |
| 57 | + uses: actions/create-github-app-token@v2 |
| 58 | + with: |
| 59 | + app-id: ${{ secrets.KP_REVIEW_BOT_APP_ID }} |
| 60 | + private-key: ${{ secrets.KP_REVIEW_BOT_APP_PRIVATE_KEY }} |
| 61 | + |
| 62 | + - name: Configure AWS Credentials (OIDC) |
| 63 | + uses: aws-actions/configure-aws-credentials@v4 |
| 64 | + with: |
| 65 | + role-to-assume: ${{ secrets.AWS_BEDROCK_ROLE }} |
| 66 | + aws-region: us-west-2 |
| 67 | + |
| 68 | + - name: Set up .claude/settings.json |
| 69 | + shell: bash |
| 70 | + run: | |
| 71 | + mkdir -p ~/.claude |
| 72 | + cp ci/claude/settings.json ~/.claude/settings.json |
| 73 | +
|
| 74 | + - name: Checkout Linux source tree |
| 75 | + uses: actions/checkout@v5 |
| 76 | + with: |
| 77 | + fetch-depth: 32 |
| 78 | + ref: ${{ matrix.commit }} |
| 79 | + |
| 80 | + - name: Checkout prompts repo |
| 81 | + uses: actions/checkout@v5 |
| 82 | + with: |
| 83 | + repository: 'kernel-patches/review-prompts' |
| 84 | + path: 'review' |
| 85 | + |
| 86 | + - uses: anthropics/claude-code-action@v1 |
| 87 | + with: |
| 88 | + github_token: ${{ steps.app-token.outputs.token }} |
| 89 | + use_bedrock: "true" |
| 90 | + claude_args: '--max-turns 100' |
| 91 | + prompt: | |
| 92 | + Current directory is the root of a Linux Kernel git repository. |
| 93 | + Using the prompt `review/review-core.md` and the prompt directory `review` |
| 94 | + do a code review of the top commit in the Linux repository. |
| 95 | +
|
| 96 | + - name: Dump review-inline.txt if exists |
| 97 | + shell: bash |
| 98 | + run: | |
| 99 | + review_file=$(find ${{ github.workspace }} -name review-inline.txt) |
| 100 | + cat $review_file |
| 101 | + if [ -s "$review_file" ]; then |
| 102 | + cp -f $review_file ${{ github.workspace }}/review-inline.txt || true |
| 103 | + echo "### Inline review" >> $GITHUB_STEP_SUMMARY |
| 104 | + echo "```" >> $GITHUB_STEP_SUMMARY |
| 105 | + cat $review_file >> $GITHUB_STEP_SUMMARY |
| 106 | + echo "```" >> $GITHUB_STEP_SUMMARY |
| 107 | + fi |
| 108 | +
|
| 109 | + - uses: actions/upload-artifact@v4 |
| 110 | + with: |
| 111 | + name: ai-review-output |
| 112 | + if-no-files-found: ignore |
| 113 | + path: ${{ github.workspace }}/review-inline.txt |
0 commit comments