ai-code-review.yml: post comments on PRs (#395)

theihor · web-flow · commit ff03b67dae20 · 2025-09-25T12:03:01.000-07:00
If Claude produced a review file it means it found a potential
regression/bug. In that case, post a comment on PR with the inline
review and fail the CI job.
diff --git a/.github/workflows/ai-code-review.yml b/.github/workflows/ai-code-review.yml
@@ -2,9 +2,9 @@ name: AI Code Review
 
 permissions:
   contents: read
-  pull-requests: read
-  issues: read
   id-token: write
+  issues: write
+  pull-requests: write
 
 on:
   pull_request:
@@ -38,7 +38,6 @@ jobs:
   ai-review:
     needs: get-commits
     runs-on: 'ubuntu-latest'
-    continue-on-error: true
     strategy:
       matrix:
         commit: ${{ fromJson(needs.get-commits.outputs.commits) }}
@@ -94,21 +93,32 @@ jobs:
             Using the prompt `review/review-core.md` and the prompt directory `review`
             do a code review of the top commit in the Linux repository.
 
-      - name: Dump review-inline.txt if exists
+      # If Claude produced review-inline.txt then it found something
+      # Post a comment on PR and fail the job
+      - name: Check review-inline.txt
+        id: check_review
         shell: bash
         run: |
           review_file=$(find ${{ github.workspace }} -name review-inline.txt)
-          cat $review_file
           if [ -s "$review_file" ]; then
-            cp -f $review_file ${{ github.workspace }}/review-inline.txt || true
-            echo "### Inline review" >> $GITHUB_STEP_SUMMARY
-            echo "```" >> $GITHUB_STEP_SUMMARY
-            cat $review_file >> $GITHUB_STEP_SUMMARY
-            echo "```" >> $GITHUB_STEP_SUMMARY
+              cat $review_file || true
+              echo "review_file=$review_file" >> $GITHUB_OUTPUT
           fi
 
-      - uses: actions/upload-artifact@v4
+      - name: Comment on PR
+        if: steps.check_review.outputs.review_file != ''
+        uses: actions/github-script@v8
+        env:
+          REVIEW_FILE: ${{ steps.check_review.outputs.review_file }}
         with:
-          name: ai-review-output
-          if-no-files-found: ignore
-          path: ${{ github.workspace }}/review-inline.txt
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const commentScript = require('./ci/claude/post-pr-comment.js');
+            await commentScript({github, context});
+
+      - name: Fail CI job if review file exists
+        if: steps.check_review.outputs.review_file != ''
+        run: |
+          echo "Review file found - failing the CI job"
+          exit 42
+
diff --git a/ci/claude/post-pr-comment.js b/ci/claude/post-pr-comment.js
@@ -0,0 +1,20 @@
+module.exports = async ({github, context}) => {
+  const fs = require('fs');
+
+  const jobSummaryUrl = `${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}`;
+  const reviewContent = fs.readFileSync(process.env.REVIEW_FILE, 'utf8');
+  const commentBody = `AI review job summary: ${jobSummaryUrl}
+
+Inline review:
+\`\`\`
+${reviewContent}
+\`\`\``;
+
+  await github.rest.issues.createComment({
+    issue_number: context.issue.number,
+    owner: context.repo.owner,
+    repo: context.repo.repo,
+    body: commentBody
+  });
+};
+
