Code Review Sweep #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Review Sweep | |
| on: | |
| schedule: | |
| # Every 15 minutes | |
| - cron: "*/15 * * * *" | |
| permissions: | |
| contents: read | |
| # Prevent overlapping sweeps | |
| concurrency: | |
| group: code-review-sweep | |
| cancel-in-progress: false | |
| jobs: | |
| # --------------------------------------------------------------------------- | |
| # Job 1: Determine which modules to review | |
| # --------------------------------------------------------------------------- | |
| dispatch: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.build-matrix.outputs.matrix }} | |
| has_work: ${{ steps.build-matrix.outputs.has_work }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Restore progress cache | |
| uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| with: | |
| path: /tmp/review-progress | |
| key: code-review-progress | |
| restore-keys: code-review-progress- | |
| - name: Build review matrix | |
| id: build-matrix | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: python .github/scripts/build-review-matrix.py | |
| # --------------------------------------------------------------------------- | |
| # Job 2: Run copilot review for each module in the matrix | |
| # --------------------------------------------------------------------------- | |
| review: | |
| needs: dispatch | |
| if: needs.dispatch.outputs.has_work == 'true' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: ${{ fromJSON(needs.dispatch.outputs.matrix) }} | |
| fail-fast: false | |
| max-parallel: 2 # keep low to avoid Copilot API rate limits | |
| permissions: | |
| contents: write # for git push | |
| env: | |
| MODULE_DIR: ${{ matrix.module_dir }} | |
| SHORT_NAME: ${{ matrix.short_name }} | |
| MODELS: "gpt-5.3-codex claude-sonnet-4.6" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Free disk space | |
| run: .github/scripts/gha-free-disk-space.sh | |
| - name: Set up JDK for running Gradle | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: temurin | |
| java-version-file: .java-version | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1 | |
| with: | |
| cache-read-only: true | |
| - name: Install Copilot CLI | |
| run: | | |
| curl -fsSL https://gh.io/copilot-install | bash | |
| echo "$HOME/.local/bin" >> "$GITHUB_PATH" | |
| - name: Use CLA approved bot | |
| run: .github/scripts/use-cla-approved-bot.sh | |
| - name: Run Copilot review | |
| env: | |
| COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} | |
| run: | | |
| for model in $MODELS; do | |
| echo "::group::Copilot review ($model) for $MODULE_DIR" | |
| copilot -p "review all files under $MODULE_DIR. Write the fix review summary to /tmp/summary-${model}.md" \ | |
| --agent code-review-and-fix \ | |
| --model "$model" \ | |
| --yolo \ | |
| || echo "::warning::copilot ($model) exited with code $?" | |
| echo "::endgroup::" | |
| done | |
| - name: Commit and push fixes | |
| id: commit | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| branch="otelbot/code-review-${SHORT_NAME//:/-}" | |
| # Skip if a PR already exists — a maintainer may have pushed follow-up commits | |
| existing=$(gh pr list --head "$branch" --state open --json number --jq 'length') | |
| if [[ "$existing" -ne 0 ]]; then | |
| echo "PR already exists for $branch — skipping to avoid overwriting maintainer changes" | |
| exit 0 | |
| fi | |
| # Reset any copilot commits back to origin/main, keeping changes staged | |
| base_sha=$(git rev-parse origin/main) | |
| git reset --soft "$base_sha" | |
| # Stage everything and check if there are real changes vs origin/main | |
| git add -A | |
| if git diff --cached --quiet origin/main; then | |
| echo "No changes to submit" | |
| exit 0 | |
| fi | |
| git commit -m "Review fixes for ${SHORT_NAME}" \ | |
| -m "Automated code review of ${MODULE_DIR}." | |
| git checkout -b "$branch" | |
| git push -f origin "$branch" | |
| echo "pushed=true" >> "$GITHUB_OUTPUT" | |
| - name: Prepare PR body | |
| run: | | |
| > /tmp/pr-body.md | |
| for model in $MODELS; do | |
| f="/tmp/summary-${model}.md" | |
| [[ -s "$f" ]] && cat "$f" >> /tmp/pr-body.md && echo >> /tmp/pr-body.md | |
| done | |
| - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 | |
| id: otelbot-token | |
| if: steps.commit.outputs.pushed == 'true' | |
| with: | |
| app-id: ${{ vars.OTELBOT_APP_ID }} | |
| private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }} | |
| - name: Create PR | |
| if: steps.otelbot-token.outcome == 'success' | |
| env: | |
| GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} | |
| run: | | |
| branch="otelbot/code-review-${SHORT_NAME//:/-}" | |
| # Create PR (skip if one already exists for this branch) | |
| existing=$(gh pr list --head "$branch" --state open --json number --jq 'length') | |
| if [[ "$existing" -eq 0 ]]; then | |
| gh pr create \ | |
| --title "Review fixes for ${SHORT_NAME}" \ | |
| --body-file /tmp/pr-body.md \ | |
| --base main \ | |
| --head "$branch" \ | |
| --label automated-code-review | |
| else | |
| echo "PR already exists for $branch — skipping creation" | |
| fi | |
| # --------------------------------------------------------------------------- | |
| # Job 3: Record reviewed modules only when the entire batch succeeded | |
| # --------------------------------------------------------------------------- | |
| finalize: | |
| needs: [dispatch, review] | |
| if: needs.review.result == 'success' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Restore progress cache | |
| uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| with: | |
| path: /tmp/review-progress | |
| key: code-review-progress | |
| restore-keys: code-review-progress- | |
| - name: Mark batch as reviewed | |
| run: | | |
| mkdir -p /tmp/review-progress | |
| touch /tmp/review-progress/reviewed.txt | |
| matrix='${{ needs.dispatch.outputs.matrix }}' | |
| for name in $(echo "$matrix" | jq -r '.include[].short_name'); do | |
| echo "$name" >> /tmp/review-progress/reviewed.txt | |
| echo "Marking as reviewed: $name" | |
| done | |
| sort -u /tmp/review-progress/reviewed.txt -o /tmp/review-progress/reviewed.txt | |
| echo "Total reviewed modules: $(wc -l < /tmp/review-progress/reviewed.txt)" | |
| - name: Save progress cache | |
| uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| with: | |
| path: /tmp/review-progress | |
| key: code-review-progress-${{ github.run_id }} |