Code Review Sweep #782
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Review Sweep | |
| on: | |
| schedule: | |
| # Every 15 minutes | |
| - cron: "*/15 * * * *" | |
| permissions: | |
| contents: read | |
| # Prevent overlapping sweeps | |
| concurrency: | |
| group: code-review-sweep | |
| cancel-in-progress: false | |
| jobs: | |
| # --------------------------------------------------------------------------- | |
| # Job 1: Determine which modules to review | |
| # --------------------------------------------------------------------------- | |
| dispatch: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.build-matrix.outputs.matrix }} | |
| has_work: ${{ steps.build-matrix.outputs.has_work }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 1 | |
| - name: Fetch progress branch | |
| run: git fetch origin otelbot/code-review-progress || true | |
| - name: Build review matrix | |
| id: build-matrix | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Read progress from the dedicated orphan branch (if it exists) | |
| progress=$(git show origin/otelbot/code-review-progress:reviewed.txt 2>/dev/null || true) | |
| if [[ -n "$progress" ]]; then | |
| export REVIEW_PROGRESS="$progress" | |
| fi | |
| python .github/scripts/build-review-matrix.py | |
| # --------------------------------------------------------------------------- | |
| # Job 2: Run copilot review for each module in the matrix | |
| # --------------------------------------------------------------------------- | |
| review: | |
| needs: dispatch | |
| if: needs.dispatch.outputs.has_work == 'true' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: ${{ fromJSON(needs.dispatch.outputs.matrix) }} | |
| fail-fast: false | |
| max-parallel: 2 # keep low to avoid Copilot API rate limits | |
| environment: protected | |
| permissions: | |
| contents: write # for git push | |
| env: | |
| MODULE_DIR: ${{ matrix.module_dir }} | |
| SHORT_NAME: ${{ matrix.short_name }} | |
| MODELS: "gpt-5.4 claude-sonnet-4.6" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Fetch progress branch | |
| run: git fetch origin otelbot/code-review-progress || true | |
| - name: Free disk space | |
| run: .github/scripts/gha-free-disk-space.sh | |
| - name: Set up JDK for running Gradle | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: temurin | |
| java-version-file: .java-version | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 | |
| with: | |
| cache-read-only: true | |
| - name: Install Copilot CLI | |
| run: | | |
| curl -fsSL https://gh.io/copilot-install | bash | |
| echo "$HOME/.local/bin" >> "$GITHUB_PATH" | |
| - name: Use CLA approved bot | |
| run: .github/scripts/use-cla-approved-bot.sh | |
| - name: Run Copilot review | |
| env: | |
| COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} | |
| run: | | |
| for model in $MODELS; do | |
| echo "::group::Copilot review ($model) for $MODULE_DIR" | |
| copilot -p "Review all files under $MODULE_DIR. Write ONLY the findings table and totals to /tmp/summary-${model}.md — no headings, no file-reviewed lists, no git diff instructions. If no issues, write 'No issues found.'" \ | |
| --agent code-review-and-fix \ | |
| --model "$model" \ | |
| --yolo \ | |
| || echo "::warning::copilot ($model) exited with code $?" | |
| echo "::endgroup::" | |
| done | |
| - name: Commit and push fixes | |
| id: commit | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| branch="otelbot/code-review-${SHORT_NAME//:/-}" | |
| # Skip if a PR already exists — a maintainer may have pushed follow-up commits | |
| existing=$(gh pr list --head "$branch" --state open --json number --jq 'length') | |
| if [[ "$existing" -ne 0 ]]; then | |
| echo "PR already exists for $branch — skipping to avoid overwriting maintainer changes" | |
| exit 0 | |
| fi | |
| # Reset any copilot commits back to origin/main, keeping changes staged | |
| base_sha=$(git rev-parse origin/main) | |
| git reset --soft "$base_sha" | |
| # Stage everything and check if there are real changes vs origin/main | |
| git add -A | |
| if git diff --cached --quiet origin/main; then | |
| echo "No changes to submit" | |
| exit 0 | |
| fi | |
| git commit -m "Review fixes for ${SHORT_NAME}" \ | |
| -m "Automated code review of ${MODULE_DIR}." | |
| git checkout -b "$branch" | |
| git push -f origin "$branch" | |
| echo "pushed=true" >> "$GITHUB_OUTPUT" | |
| - name: Prepare PR body | |
| run: | | |
| { | |
| echo "Automated code review of \`${MODULE_DIR}\`." | |
| echo "" | |
| for model in $MODELS; do | |
| f="/tmp/summary-${model}.md" | |
| if [[ -s "$f" ]]; then | |
| echo "### ${model}" | |
| echo "" | |
| cat "$f" | |
| echo "" | |
| fi | |
| done | |
| echo "---" | |
| echo "" | |
| echo "[View workflow run](${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID})" | |
| } > /tmp/pr-body.md | |
| - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 | |
| id: otelbot-token | |
| if: steps.commit.outputs.pushed == 'true' | |
| with: | |
| app-id: ${{ vars.OTELBOT_APP_ID }} | |
| private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }} | |
| - name: Create PR | |
| if: steps.commit.outputs.pushed == 'true' | |
| env: | |
| GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} | |
| run: | | |
| branch="otelbot/code-review-${SHORT_NAME//:/-}" | |
| # Create PR (skip if one already exists for this branch) | |
| existing=$(gh pr list --head "$branch" --state open --json number --jq 'length') | |
| if [[ "$existing" -eq 0 ]]; then | |
| gh pr create \ | |
| --title "Review fixes for ${SHORT_NAME}" \ | |
| --body-file /tmp/pr-body.md \ | |
| --base main \ | |
| --head "$branch" \ | |
| --label automated-code-review | |
| else | |
| echo "PR already exists for $branch — skipping creation" | |
| fi | |
| - name: Ensure progress branch exists | |
| run: | | |
| if ! git rev-parse --verify origin/otelbot/code-review-progress >/dev/null 2>&1; then | |
| git checkout --orphan otelbot/code-review-progress | |
| git reset --hard | |
| git commit --allow-empty -m "Initialize progress tracking" | |
| git push origin HEAD:otelbot/code-review-progress || true | |
| fi | |
| - name: Check out progress branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| ref: otelbot/code-review-progress | |
| path: progress | |
| - name: Mark module as reviewed | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| cd progress | |
| git config user.name otelbot | |
| git config user.email 197425009+otelbot@users.noreply.github.com | |
| # Append this module (one per line, matching build-review-matrix.py) | |
| echo "$SHORT_NAME" >> reviewed.txt | |
| git add reviewed.txt | |
| git commit -m "Mark $SHORT_NAME as reviewed" | |
| git push origin HEAD:otelbot/code-review-progress |