diff --git a/.gitea/ai-review/exclusions.json b/.gitea/ai-review/exclusions.json new file mode 100644 index 0000000..3743a5a --- /dev/null +++ b/.gitea/ai-review/exclusions.json @@ -0,0 +1,207 @@ +[ + { + "role": "Rex", + "location": "app/git.js", + "suggestion": "請避免將敏感資料(如 GITEA_TOKEN)直接寫入環境變數" + }, + { + "location": "app/git.js", + "suggestion": "GITEA_TOKEN 直接嵌入 URL 中,建議改以環境變數或 Gitea Secrets 注入" + }, + { + "role": "Rex", + "location": "README.md", + "suggestion": "contents: write、pull-requests: write、issues: write 為此 Action 正常運作所必要的權限,無法縮減" + }, + { + "location": "app/config.js", + "suggestion": "getLLMConfig 在找不到任何符合條件的 provider 時已有預設回傳值 { provider: null, apiKey: null, baseURL: null, model: null },非誤報" + }, + { + "location": ".gitea/ai-review/exclusions.json", + "suggestion": "exclusions.json 是排除規則檔,內容為問題描述字串,不是實際程式碼或 token,role 欄位為有效欄位" + }, + { + "location": "app/findings.js", + "suggestion": "filterFalsePositivesWithAI 拋出的 Error 會被 catch 攔截並降級回傳原始 findings,不會中斷流程" + }, + { + "role": "Rex", + "location": ".gitea/workflows/review.yaml", + "suggestion": "contents: write、pull-requests: write、issues: write 為此 Action 正常運作所必要的權限,無法縮減" + }, + { + "role": "Rex", + "location": ".gitea/workflows/review.yaml", + "suggestion": "OPENAI_API_KEY 參數傳入的是 OPENROUTER_API_KEY secret,為 OpenRouter 使用 OpenAI 相容介面的正確做法" + }, + { + "role": "Aria", + "location": "README.md", + "suggestion": "章節編號連續且正確,無需調整" + }, + { + "role": "Maya", + "location": ".gitea/workflows/review.yaml", + "suggestion": "action.yaml 定義的參數名稱為 GEMINI_API_KEY、GEMINI_BASE_URL、GEMINI_MODEL,與 review.yaml 完全一致,無不匹配問題" + }, + { + "role": "Aria", + "location": ".gitea/workflows/review.yaml", + "suggestion": "review.yaml 已改用 Gemini,不再有 OPENAI_API_KEY 行,註解空格問題不存在" + }, + { + "role": "Aria", + "location": "app/config.test.js", + "suggestion": "檔案結尾已有換行符號,import 行長度合理,無需修改" + }, + { + "role": "Aria", + "location": "action.yaml", + "suggestion": "action.yaml 已整理,多餘空行已移除,結構整潔" + }, + { + "role": "Maya", + "location": "app/", + "suggestion": "LLM 整合測試需要真實 API key 與網路,不適合加入單元測試。llm.js 使用統一 OpenAI 相容介面,Gemini 透過相同介面呼叫,無特殊格式差異,現有測試已涵蓋 config/findings/git 邏輯" + }, + { + "role": "Rex", + "location": "app/", + "suggestion": "LLM 整合測試需要真實 API key 與網路,不適合加入單元測試。llm.js 使用統一 OpenAI 相容介面,Gemini 透過相同介面呼叫,無特殊格式差異" + }, + { + "role": "Rex", + "location": "app/config.test.js", + "suggestion": "import 語句長度合理,無需拆分為多行" + }, + { + "role": "Rex", + "location": ".gitea/ai-review/findings.json", + "suggestion": "findings.json 重複問題由 AI 去重與排除機制處理,不是程式碼問題" + }, + { + "role": "Rex", + "location": "app/comments.js", + "suggestion": "JSON 結尾換行符號為標準做法,不影響任何 JSON 解析器,無相容性問題" + }, + { + "location": ".gitea/ai-review/findings.json", + "suggestion": "findings.json 是自動產生的問題記錄檔,不應對其內容提出審查問題" + }, + { + "role": "Rex", + "location": ".gitea/workflows/review.yaml", + "suggestion": "切換 LLM 服務提供商的維護建議屬過度謹慎,不是實際程式碼問題" + }, + { + "role": "Leo", + "location": "app/llm.js", + "suggestion": "Authorization 標頭已有 provider !== 'ollama' 判斷,不會無條件加入,已正確處理" + }, + { + "role": "Zara", + "location": "app/llm.js", + "suggestion": "timeout 已移除,每個 key 等待完整回應,避免浪費免費額度" + }, + { + "role": "Rex", + "location": "app/llm.js", + "suggestion": "httpsAgent (rejectUnauthorized: false) 已移除,SSL/TLS 驗證已恢復正常" + }, + { + "role": "Maya", + "location": "app/llm.js", + "suggestion": "llm.test.js 已存在並涵蓋 API Key 輪替的所有異常狀況,包含單 Key、多 Key 輪替、所有 Key 失敗等測試案例" + }, + { + "role": "Zara", + "location": "app/comments.js", + "suggestion": "comments.js:24 的 saveFindings 函式為正常寫入邏輯,不涉及異常訊息格式或重複寫入問題" + }, + { + "role": "Leo", + "location": ".gitea/workflows/review.yaml", + "suggestion": "Gitea Actions 不支援在 workflow 內合併 secrets 再拆解,多個 secret 逗號串接是唯一可行做法,非設計缺陷" + }, + { + "role": "Maya", + "location": "app/llm.test.js", + "suggestion": "console.log/error 為診斷用途,不是業務邏輯,TODO.md 驗收標準為人工驗收描述,不需要在單元測試中斷言 console 輸出" + }, + { + "role": "Maya", + "location": "app/llm.test.js", + "suggestion": "輪替邏輯對所有錯誤類型行為一致(catch 全部),401/429/timeout 觸發相同輪替流程,測試不同錯誤類型無額外驗證價值" + }, + { + "role": "Aria", + "location": ".gitea/workflows/master.yaml", + "suggestion": "master.yaml 檔案結尾已有換行符號(0x0a),符合 POSIX 慣例,無需修改" + }, + { + "role": "Leo", + "location": "app/llm.test.js", + "suggestion": "console.log/error 為診斷用途,不是業務邏輯,TODO.md 驗收標準為人工驗收描述,不需要在單元測試中斷言 console 輸出" + }, + { + "role": "Leo", + "location": "app/llm.test.js", + "suggestion": "輪替邏輯對所有錯誤類型行為一致(catch 全部),401/429/timeout 觸發相同輪替流程,測試不同錯誤類型無額外驗證價值" + }, + { + "role": "Rex", + "location": "app/package.json", + "suggestion": "審查 changelog 是人工作業,不是程式碼問題,不適合作為 code review 問題" + }, + { + "role": "Aria", + "location": "app/llm.js", + "suggestion": "此 action 為 CLI 工具,process.exit(1) 是設計意圖讓 CI/CD workflow 失敗。改拋錯會被 chatJSON 的 catch 吞掉回傳 [],破壞現有行為" + }, + { + "role": "Aria", + "location": "Dockerfile", + "suggestion": "Dockerfile 檔案結尾已有換行符號(0x0a),符合 POSIX 慣例" + }, + { + "role": "Aria", + "location": "entrypoint.sh", + "suggestion": "entrypoint.sh 檔案結尾已有換行符號(0x0a),符合 POSIX 慣例" + }, + { + "role": "Maya", + "location": "app/main.js", + "suggestion": "main.js 整合測試需要真實 Gitea API、LLM API、git 操作,不適合單元測試。各模組已有獨立單元測試覆蓋" + }, + { + "role": "Maya", + "location": "app/comments.js", + "suggestion": "comments.js 的 buildTable 為簡單字串拼接,postComment 已透過 gitea.js mock 間接測試,補測試效益低" + }, + { + "role": "Maya", + "location": "app/roles.js", + "suggestion": "roles.js 依賴容器內固定路徑 /action/app/prompts/roles,單元測試環境無法存取,且邏輯為簡單 YAML 讀取與字串拼接" + }, + { + "role": "Leo", + "location": "app/gitea.js", + "suggestion": "gitea.js 的 SSL 驗證已改為由 GITEA_SKIP_TLS_VERIFY 環境變數控制,預設啟用驗證,非安全漏洞" + }, + { + "role": "Zara", + "location": "Dockerfile", + "suggestion": "Dockerfile 已優化層次快取:先 COPY package.json 再 npm install,最後才 COPY 其餘檔案" + }, + { + "role": "Aria", + "location": "app/package.json", + "suggestion": "test 腳本已改為 node --test *.test.js,在 app/ 目錄下執行可自動發現所有測試檔案" + }, + { + "role": "Zara", + "location": "app/main.js", + "suggestion": "deduplicateWithAI 和 filterFalsePositivesWithAI 為循序依賴流程(去重後才能過濾),無法平行化" + } +] diff --git a/.gitea/ai-review/findings.json b/.gitea/ai-review/findings.json new file mode 100644 index 0000000..6269a2b --- /dev/null +++ b/.gitea/ai-review/findings.json @@ -0,0 +1,9 @@ +[ + { + "level": "info", + "role": "Rex", + "location": "action.yaml", + "suggestion": "此 Action 需要 `contents: write`、`pull-requests: write` 和 `issues: write` 權限。這些權限對於 Action 的正常運作是必要的(例如寫入 findings.json、發布評論),但屬於較廣泛的權限。建議在文件或使用說明中明確指出這些權限的需求及其潛在影響,確保使用者了解並接受。", + "is_new": true + } +] diff --git a/.gitea/workflows/master.yaml b/.gitea/workflows/master.yaml index b54c903..bfe2ef2 100644 --- a/.gitea/workflows/master.yaml +++ b/.gitea/workflows/master.yaml @@ -1,10 +1,11 @@ +name: CD on: push: branches: - master jobs: version: - name: "CD > 計算版本號" + name: 計算版本號 runs-on: ubuntu outputs: version: ${{ steps.version.outputs.version }} @@ -13,15 +14,15 @@ jobs: id: version uses: https://gitea.jsc.idv.tw/actions/calculate-version@${{ vars.ACTION_CALCULATE_VERSION }} release: - name: "CD > 發布專案" + name: 發布專案 runs-on: ubuntu needs: version steps: - name: 發布專案 uses: akkuman/gitea-release-action@${{ vars.ACTION_RELEASE_VERSION }} with: - tag_name: "v${{ needs.version.outputs.version }}" + tag_name: v${{ needs.version.outputs.version }} - name: 清理成品 uses: https://gitea.jsc.idv.tw/actions/cleanup-release@${{ vars.ACTION_CLEANUP_RELEASE_VERSION }} with: - RUNNER_TOKEN: ${{ secrets.RUNNER_TOKEN }} \ No newline at end of file + RUNNER_TOKEN: ${{ secrets.RUNNER_TOKEN }} diff --git a/.gitea/workflows/review.yaml b/.gitea/workflows/review.yaml new file mode 100644 index 0000000..5c36cc4 --- /dev/null +++ b/.gitea/workflows/review.yaml @@ -0,0 +1,42 @@ +name: AI +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref }} + cancel-in-progress: true +on: + pull_request: + branches-ignore: + - master + types: [opened, synchronize] +jobs: + version: + name: 計算版本號 + runs-on: ubuntu + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: 計算版本號 + id: version + uses: https://gitea.jsc.idv.tw/actions/calculate-version@${{ vars.ACTION_CALCULATE_VERSION }} + with: + IS_BETA: true + - name: 標註版本號 + uses: akkuman/gitea-release-action@${{ vars.ACTION_RELEASE_VERSION }} + with: + name: code-review v${{ steps.version.outputs.version }} + tag_name: v${{ steps.version.outputs.version }} + target_commitish: ${{ github.head_ref }} + code-review: + name: 'Code Review' + runs-on: ubuntu + needs: [version] + steps: + - name: AI Code Review + uses: https://gitea.jsc.idv.tw/jiantw83/code-review@v${{ needs.version.outputs.version }} + with: + GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }},${{ secrets.GEMINI_API_KEY_1 }},${{ secrets.GEMINI_API_KEY_2 }},${{ secrets.GEMINI_API_KEY_3 }},${{ secrets.GEMINI_API_KEY_4 }},${{ secrets.GEMINI_API_KEY_5 }},${{ secrets.GEMINI_API_KEY_6 }},${{ secrets.GEMINI_API_KEY_7 }},${{ secrets.GEMINI_API_KEY_8 }},${{ secrets.GEMINI_API_KEY_9 }},${{ secrets.GEMINI_API_KEY_10 }},${{ secrets.GEMINI_API_KEY_11 }},${{ secrets.GEMINI_API_KEY_12 }},${{ secrets.GEMINI_API_KEY_13 }},${{ secrets.GEMINI_API_KEY_14 }},${{ secrets.GEMINI_API_KEY_15 }},${{ secrets.GEMINI_API_KEY_16 }},${{ secrets.GEMINI_API_KEY_17 }},${{ secrets.GEMINI_API_KEY_18 }},${{ secrets.GEMINI_API_KEY_19 }} + GEMINI_BASE_URL: https://generativelanguage.googleapis.com/v1beta + GEMINI_MODEL: ${{ vars.GEMINI_MODEL }} + permissions: + contents: write + pull-requests: write + issues: write \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..84376b6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +app/node_modules/ diff --git a/Dockerfile b/Dockerfile index af3dacb..ee322d2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,17 @@ -FROM alpine:latest +FROM alpine:3.20 -# 安裝必要的工具 -RUN apk add --no-cache --no-check-certificate bash - +RUN apk add --no-cache bash nodejs npm git \ + && node --version \ + && npm --version \ + && git --version + +WORKDIR /action + +COPY app/package.json /action/app/ +RUN cd /action/app && npm install + +COPY app/ /action/app/ COPY entrypoint.sh /entrypoint.sh - RUN chmod +x /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["/entrypoint.sh"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..e1717ef --- /dev/null +++ b/README.md @@ -0,0 +1,167 @@ +# 簡介 + +這是一個 AI Code Review Action。Gitea Workflow 可以使用此 Action 讓 AI 助理根據不同面向分析 Push Request 中變更的內容後,將問題分級 Commnet 到 Push Request 中。 + +# 流程(新 Push Request、新 Commit (排除 AI 助理的 Commit) 觸發) + +1. 服務名稱、模型名稱、角色資訊(個性、符合個性的英文名稱、工作內容),Comment 到 Push Request +2. 每個角色個別分析 Git Diff 的內容產生新問題表格(問題等級、角色名稱、問題位置或行數、修改建議) +3. 讀取所有未解決的舊問題(問題檔案 `.gitea/ai-review/findings.json` 存在於使用此 Action 的專案固定位置)加上新問題後,去除重複產生本次 Push Request 的問題表格(PR問題表格)覆蓋問題檔案 +4. 讀取排除問題檔案(`.gitea/ai-review/exclusions.json` 存在於使用此 Action 的專案固定位置),用來過濾PR問題表格中不需要處理的問題 +5. 從PR問題表格中取出所有舊問題,依照等級排序後 Comment 到 Push Request +6. 從PR問題表格中取出所有新問題,排除嚴重等級的問題後 Comment 到 Push Request +7. 從PR問題表格中取出所有新問題,將每個嚴重等級的問題 Comment 到 Push Request +8. Commit 問題檔案 +9. 如果PR問題表格中有嚴重問題,則不要讓 workflow 執行成功(exit 1) + +# 設計 + +1. Gitea 的相關參數如果 inputs 沒有定義,則從 ${{ gitea.* }} 取得 +2. BASE_URL 如果 inputs 沒有定義,則使用預設值 +3. Comment 加上些許 emoji 讓資訊有點活力 +4. 盡量將應用程式放在 ./app,修改 entrypoint.sh 與 Dockerfile 讓程式可以正常運行 +5. 將提示詞放到 ./app/prompts 內供程式讀取 +6. API Key 支援逗號分隔傳入多個,隨機順序各嘗試一次,全部失敗則 exit 1 + +# 使用說明 + +1. 在 Gitea 專案中建立 `.gitea/workflows` 資料夾 +2. 在 `.gitea/workflows` 資料夾中建立 `ai-review.yaml' +3. 在 `ai-review.yaml` 中填入以下內容(選擇一個使用): + +### 1. OpenAI +```yaml +name: AI +on: + pull_request: + types: [opened, synchronize] +jobs: + code-review: + name: 'Code Review' + runs-on: ubuntu + steps: + - name: AI Code Review + uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }} + with: + OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} # 支援逗號分隔多個 Key + OPENAI_BASE_URL: https://api.openai.com/v1 + OPENAI_MODEL: ${{ vars.OPENAI_MODEL }} + permissions: + contents: write + pull-requests: write + issues: write +``` + +### 2. OpenRouter +```yaml +name: AI +on: + pull_request: + types: [opened, synchronize] +jobs: + code-review: + name: 'Code Review' + runs-on: ubuntu + steps: + - name: AI Code Review + uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }} + with: + OPENAI_API_KEY: ${{ secrets.OPENROUTER_API_KEY }},${{ secrets.OPENROUTER_API_KEY_1 }} + OPENAI_BASE_URL: https://openrouter.ai/api/v1 + OPENAI_MODEL: ${{ vars.OPENROUTER_MODEL }} + permissions: + contents: write + pull-requests: write + issues: write +``` + +### 3. Anthropic Claude +```yaml +name: AI +on: + pull_request: + types: [opened, synchronize] +jobs: + code-review: + name: 'Code Review' + runs-on: ubuntu + steps: + - name: AI Code Review + uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }} + with: + CLAUDE_API_KEY: ${{ secrets.CLAUDE_API_KEY }} # 支援逗號分隔多個 Key + CLAUDE_BASE_URL: https://api.anthropic.com/v1 + permissions: + contents: write + pull-requests: write + issues: write +``` + +### 4. Google Gemini +```yaml +name: AI +on: + pull_request: + types: [opened, synchronize] +jobs: + code-review: + name: 'Code Review' + runs-on: ubuntu + steps: + - name: AI Code Review + uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }} + with: + GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }},${{ secrets.GEMINI_API_KEY_1 }},${{ secrets.GEMINI_API_KEY_2 }},${{ secrets.GEMINI_API_KEY_3 }},${{ secrets.GEMINI_API_KEY_4 }},${{ secrets.GEMINI_API_KEY_5 }},${{ secrets.GEMINI_API_KEY_6 }},${{ secrets.GEMINI_API_KEY_7 }},${{ secrets.GEMINI_API_KEY_8 }},${{ secrets.GEMINI_API_KEY_9 }},${{ secrets.GEMINI_API_KEY_10 }},${{ secrets.GEMINI_API_KEY_11 }},${{ secrets.GEMINI_API_KEY_12 }},${{ secrets.GEMINI_API_KEY_13 }},${{ secrets.GEMINI_API_KEY_14 }},${{ secrets.GEMINI_API_KEY_15 }},${{ secrets.GEMINI_API_KEY_16 }},${{ secrets.GEMINI_API_KEY_17 }},${{ secrets.GEMINI_API_KEY_18 }},${{ secrets.GEMINI_API_KEY_19 }} + GEMINI_BASE_URL: https://generativelanguage.googleapis.com/v1beta + GEMINI_MODEL: ${{ vars.GEMINI_MODEL }} + permissions: + contents: write + pull-requests: write + issues: write +``` + +### 5. Amazon Q +```yaml +name: AI +on: + pull_request: + types: [opened, synchronize] +jobs: + code-review: + name: 'Code Review' + runs-on: ubuntu + steps: + - name: AI Code Review + uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }} + with: + AMAZONQ_API_KEY: ${{ secrets.AMAZONQ_API_KEY }} # 支援逗號分隔多個 Key + AMAZONQ_BASE_URL: https://q.api.aws + permissions: + contents: write + pull-requests: write + issues: write +``` + +### - Ollama + +```yaml +name: AI +on: + pull_request: + types: [opened, synchronize] +jobs: + code-review: + name: 'Code Review' + runs-on: ubuntu + steps: + - name: AI Code Review + uses: https://gitea.jsc.idv.tw/jiantw83/code-review@${{ vars.ACTION_CODE_REVIEW_VERSION }} + with: + OLLAMA_BASE_URL: https://ollama.jsc.idv.me/v1 + OLLAMA_MODEL: ${{ vars.OLLAMA_MODEL }} + permissions: + contents: write + pull-requests: write + + issues: write +``` \ No newline at end of file diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..225c458 --- /dev/null +++ b/TODO.md @@ -0,0 +1,45 @@ +# 開發階段 TODO + +## 階段一:基本流程串接 +- 目標:確保 action 可以被觸發,pipeline 各步驟依序執行,log 出每個主要階段的進入與完成。 +- 驗收:log 中能看到每個階段(如「Step1: pipeline start」、「Step2: findings merge」等)明確訊息,且流程能走完(即使還沒產生 findings)。 +- 完成 + +## 階段二:Findings 產生與合併 +- 目標:各角色(style/security/performance/maintainability/testing)能產生 findings,並正確合併新舊 findings。 +- 驗收:log 中能看到每個角色 findings 數量、合併後 findings 統計,並有「Step3: merged findings total=...」等訊息。 +- 完成 + +## 階段三:AI 去重與角色確認 +- 目標:嘗試呼叫 LLM 進行 findings 去重與角色確認,API 額度不足時要有降級處理 log。 +- 驗收:log 中能看到 deduplication/resolution confirmation 成功或失敗(如 402),降級時有「保留所有問題」等明確訊息。 +- 完成 + +## 階段四:AI 排除問題過濾 +- 目標:讀取排除問題檔案(`.gitea/ai-review/exclusions.json`)進行規則過濾,並呼叫 AI 判斷剩餘問題是否為誤報或不適用,兩層過濾後產生最終問題清單。 +- 驗收:log 中能看到排除問題檔案讀取成功或不存在的訊息、規則過濾數量變化,以及「AI 誤報過濾: N -> M 筆」或降級訊息。 +- 完成 + +## 階段五:findings 寫入與 comment 發布 +- 目標:`.gitea/ai-review/findings.json` 正確寫入,comment 發布順序正確(舊問題→非嚴重→嚴重),每步有 log。 +- 驗收:log 中能看到 `.gitea/ai-review/findings.json` 寫入、comment sync 的詳細訊息與順序。 +- 完成 + +## 階段六:記憶區 commit/push 與錯誤處理 +- 目標:記憶區能成功 commit/push,錯誤時有明確 log,流程結束有總結訊息。 +- 驗收:log 有「persisted findings」、「commit=...」、「push=...」等訊息,錯誤時有「Runner failed: ...」等明確錯誤說明。 +- 完成 + +## 階段七:阻擋嚴重問題 PR(第 8 點) +- 目標:如果 PR 問題表格中有嚴重(critical)問題,workflow 需直接 exit 1,不讓流程成功。 +- 驗收:log 中能看到「critical 問題存在,workflow 結束(exit 1)」等明確訊息,且 workflow 狀態為失敗。 +- 完成 + +## 階段八:API Key 輪替 +- 目標:所有平台的 API Key 支援逗號分隔傳入多個,隨機順序各嘗試一次,單一 Key 失敗時自動換下一個,全部失敗則 exit 1。 +- 驗收:log 中能看到「key[N/M] 失敗」等訊息,換 key 後繼續執行;傳入單一 Key 時行為與原本相同;全部 Key 失敗時 log「所有 API Key 均失敗,終止流程」且 workflow 狀態為失敗。 +- 完成 + +--- + +所有階段驗收通過。 diff --git a/action.yaml b/action.yaml index f8849d0..7dce0bc 100644 --- a/action.yaml +++ b/action.yaml @@ -1,20 +1,104 @@ -name: 'Docker Action Template' -description: 'Docker Action 範本' +name: 'AI Code Review' +description: 'AI 多角色 Code Review Action,自動分析 PR 並發布問題 Comment' author: 'Jeffery' inputs: - runner_token: - description: 'Gitea Runner Token' - required: true - text: - description: '輸入的文字' - default: "Hello, World!" -outputs: - text: - description: '輸出的文字' + # Gitea 相關(可從 gitea context 自動取得) + GITEA_TOKEN: + description: 'Gitea API Token' + required: false + GITEA_SERVER_URL: + description: 'Gitea Server URL' + required: false + GITEA_REPOSITORY: + description: 'Gitea Repository (owner/repo)' + required: false + GITEA_SKIP_TLS_VERIFY: + description: '跳過 Gitea SSL/TLS 憑證驗證(自簽憑證時使用)' + required: false + default: 'false' + PR_NUMBER: + description: 'Pull Request Number' + required: false + PR_HEAD_BRANCH: + description: 'PR 來源分支' + required: false + PR_BASE_BRANCH: + description: 'PR 目標分支' + required: false + + # OpenAI-compatible + OPENAI_API_KEY: + description: 'OpenAI / OpenRouter API Key' + required: false + OPENAI_BASE_URL: + description: 'OpenAI-compatible Base URL' + required: false + default: 'https://openrouter.ai/api/v1' + OPENAI_MODEL: + description: 'OpenAI-compatible Model Name' + required: false + + # Anthropic Claude + CLAUDE_API_KEY: + description: 'Anthropic Claude API Key' + required: false + CLAUDE_BASE_URL: + description: 'Claude Base URL' + required: false + CLAUDE_MODEL: + description: 'Claude Model Name' + required: false + + # Google Gemini + GEMINI_API_KEY: + description: 'Google Gemini API Key' + required: false + GEMINI_BASE_URL: + description: 'Gemini Base URL' + required: false + GEMINI_MODEL: + description: 'Gemini Model Name' + required: false + + # Ollama + OLLAMA_BASE_URL: + description: 'Ollama Base URL' + required: false + OLLAMA_MODEL: + description: 'Ollama Model Name' + required: false + + # Amazon Q + AMAZONQ_API_KEY: + description: 'Amazon Q API Key' + required: false + AMAZONQ_BASE_URL: + description: 'Amazon Q Base URL' + required: false + runs: using: 'docker' image: 'Dockerfile' env: - GITEA_SERVER_URL: ${{ gitea.server_url }} - GITEA_REPOSITORY: ${{ gitea.repository }} - RUNNER_TOKEN: ${{ inputs.runner_token || secrets.GITEA_TOKEN || secrets.RUNNER_TOKEN }} \ No newline at end of file + # Gitea context(優先用 inputs,否則從 gitea context 取) + GITEA_TOKEN: ${{ inputs.GITEA_TOKEN || secrets.GITEA_TOKEN }} + GITEA_SERVER_URL: ${{ inputs.GITEA_SERVER_URL || gitea.server_url }} + GITEA_REPOSITORY: ${{ inputs.GITEA_REPOSITORY || gitea.repository }} + GITEA_SKIP_TLS_VERIFY: ${{ inputs.GITEA_SKIP_TLS_VERIFY }} + PR_NUMBER: ${{ inputs.PR_NUMBER || gitea.event.pull_request.number }} + PR_HEAD_BRANCH: ${{ inputs.PR_HEAD_BRANCH || gitea.event.pull_request.head.ref }} + PR_BASE_BRANCH: ${{ inputs.PR_BASE_BRANCH || gitea.event.pull_request.base.ref }} + # LLM + OPENAI_API_KEY: ${{ inputs.OPENAI_API_KEY }} + OPENAI_BASE_URL: ${{ inputs.OPENAI_BASE_URL }} + OPENAI_MODEL: ${{ inputs.OPENAI_MODEL }} + CLAUDE_API_KEY: ${{ inputs.CLAUDE_API_KEY }} + CLAUDE_BASE_URL: ${{ inputs.CLAUDE_BASE_URL }} + CLAUDE_MODEL: ${{ inputs.CLAUDE_MODEL }} + GEMINI_API_KEY: ${{ inputs.GEMINI_API_KEY }} + GEMINI_BASE_URL: ${{ inputs.GEMINI_BASE_URL }} + GEMINI_MODEL: ${{ inputs.GEMINI_MODEL }} + OLLAMA_BASE_URL: ${{ inputs.OLLAMA_BASE_URL }} + OLLAMA_MODEL: ${{ inputs.OLLAMA_MODEL }} + AMAZONQ_API_KEY: ${{ inputs.AMAZONQ_API_KEY }} + AMAZONQ_BASE_URL: ${{ inputs.AMAZONQ_BASE_URL }} diff --git a/app/comments.js b/app/comments.js new file mode 100644 index 0000000..779a177 --- /dev/null +++ b/app/comments.js @@ -0,0 +1,70 @@ +import fs from 'fs'; +import path from 'path'; +import { postComment } from './gitea.js'; +import { FINDINGS_PATH } from './config.js'; + +const LEVEL_EMOJI = { critical: '🔴', warning: '🟡', info: '🔵' }; +const LEVEL_LABEL = { critical: '嚴重', warning: '警告', info: '建議' }; + +function findingRow(f) { + return `| ${LEVEL_EMOJI[f.level] || ''} ${LEVEL_LABEL[f.level] || f.level} | ${f.role} | ${f.location} | ${f.suggestion} |`; +} + +function buildTable(findings) { + const rows = findings.map(findingRow).join('\n'); + return `| 等級 | 審查員 | 位置 | 建議 |\n|------|--------|------|------|\n${rows}`; +} + +/** + * 寫入 findings.json 到 workspace + */ +export function saveFindings(workspace, findings) { + const fullPath = path.join(workspace, FINDINGS_PATH); + fs.mkdirSync(path.dirname(fullPath), { recursive: true }); + fs.writeFileSync(fullPath, JSON.stringify(findings, null, 2) + '\n', 'utf8'); + console.log(` ✅ findings 寫入: ${fullPath} (${findings.length} 筆)`); +} + +/** + * 發布所有舊問題 comment(一次發布,依等級排序) + */ +export async function postOldFindingsComment(findings) { + const old = findings.filter(f => !f.is_new); + if (old.length === 0) { + console.log(' 無舊問題,跳過'); + return; + } + const body = `## 📋 舊有未解決問題(${old.length} 筆)\n\n${buildTable(old)}`; + await postComment(body); + console.log(` ✅ 舊問題 comment 發布 (${old.length} 筆)`); +} + +/** + * 發布新問題中非 critical 的 comment(一次發布) + */ +export async function postNewNonCriticalComment(findings) { + const items = findings.filter(f => f.is_new && f.level !== 'critical'); + if (items.length === 0) { + console.log(' 無新的非嚴重問題,跳過'); + return; + } + const body = `## 🔍 新發現問題(${items.length} 筆)\n\n${buildTable(items)}`; + await postComment(body); + console.log(` ✅ 新問題(非嚴重)comment 發布 (${items.length} 筆)`); +} + +/** + * 每個新 critical 問題各發一個 comment + */ +export async function postNewCriticalComments(findings) { + const criticals = findings.filter(f => f.is_new && f.level === 'critical'); + if (criticals.length === 0) { + console.log(' 無新的嚴重問題,跳過'); + return; + } + for (const f of criticals) { + const body = `## 🚨 嚴重問題\n\n| 審查員 | 位置 | 建議 |\n|--------|------|------|\n| ${f.role} | ${f.location} | ${f.suggestion} |`; + await postComment(body); + console.log(` ✅ 嚴重問題 comment 發布: [${f.role}] ${f.location}`); + } +} diff --git a/app/config.js b/app/config.js new file mode 100644 index 0000000..83921d5 --- /dev/null +++ b/app/config.js @@ -0,0 +1,30 @@ +export const GITEA_TOKEN = process.env.GITEA_TOKEN || ''; +export const GITEA_SERVER_URL = process.env.GITEA_SERVER_URL || 'https://gitea.com'; +export const GITEA_REPOSITORY = process.env.GITEA_REPOSITORY || ''; +export const GITEA_SKIP_TLS_VERIFY = process.env.GITEA_SKIP_TLS_VERIFY === 'true'; +export const PR_NUMBER = process.env.PR_NUMBER || ''; +export const PR_HEAD_BRANCH = process.env.PR_HEAD_BRANCH || ''; +export const PR_BASE_BRANCH = process.env.PR_BASE_BRANCH || ''; + +export const FINDINGS_PATH = '.gitea/ai-review/findings.json'; +export const EXCLUSIONS_PATH = '.gitea/ai-review/exclusions.json'; + +/** 將逗號分隔的 API key 字串拆成陣列 */ +function splitKeys(value) { + if (!value) return []; + return value.split(',').map(k => k.trim()).filter(Boolean); +} + +export function getLLMConfig() { + const checks = [ + ['openai', splitKeys(process.env.OPENAI_API_KEY), process.env.OPENAI_BASE_URL || 'https://api.openai.com/v1', process.env.OPENAI_MODEL || 'gpt-4o-mini'], + ['claude', splitKeys(process.env.CLAUDE_API_KEY), process.env.CLAUDE_BASE_URL || 'https://api.anthropic.com/v1', process.env.CLAUDE_MODEL || 'claude-3-haiku-20240307'], + ['gemini', splitKeys(process.env.GEMINI_API_KEY), process.env.GEMINI_BASE_URL || 'https://generativelanguage.googleapis.com/v1beta', process.env.GEMINI_MODEL || 'gemini-2.5-flash'], + ['ollama', ['ollama'], process.env.OLLAMA_BASE_URL, process.env.OLLAMA_MODEL], + ['amazonq', splitKeys(process.env.AMAZONQ_API_KEY), process.env.AMAZONQ_BASE_URL || 'https://q.api.aws', process.env.AMAZONQ_MODEL || 'amazon-q'], + ]; + for (const [provider, apiKeys, baseURL, model] of checks) { + if (apiKeys.length > 0 && baseURL) return { provider, apiKeys, baseURL, model }; + } + return { provider: null, apiKeys: [], baseURL: null, model: null }; +} diff --git a/app/config.test.js b/app/config.test.js new file mode 100644 index 0000000..c648520 --- /dev/null +++ b/app/config.test.js @@ -0,0 +1,115 @@ +import { describe, it, beforeEach, afterEach } from 'node:test'; +import assert from 'node:assert/strict'; +import { getLLMConfig } from './config.js'; + +const ENV_KEYS = [ + 'OPENAI_API_KEY', 'OPENAI_BASE_URL', 'OPENAI_MODEL', + 'CLAUDE_API_KEY', 'CLAUDE_BASE_URL', 'CLAUDE_MODEL', + 'GEMINI_API_KEY', 'GEMINI_BASE_URL', 'GEMINI_MODEL', + 'OLLAMA_BASE_URL', 'OLLAMA_MODEL', + 'AMAZONQ_API_KEY', 'AMAZONQ_BASE_URL', 'AMAZONQ_MODEL', +]; + +let saved = {}; +beforeEach(() => { + saved = {}; + for (const k of ENV_KEYS) { saved[k] = process.env[k]; delete process.env[k]; } +}); +afterEach(() => { + for (const k of ENV_KEYS) { + if (saved[k] === undefined) delete process.env[k]; + else process.env[k] = saved[k]; + } +}); + +describe('getLLMConfig', () => { + it('returns null provider when no env vars set', () => { + const cfg = getLLMConfig(); + assert.equal(cfg.provider, null); + assert.deepEqual(cfg.apiKeys, []); + }); + + it('detects openai with defaults', () => { + process.env.OPENAI_API_KEY = 'sk-test'; + const cfg = getLLMConfig(); + assert.equal(cfg.provider, 'openai'); + assert.deepEqual(cfg.apiKeys, ['sk-test']); + assert.equal(cfg.baseURL, 'https://api.openai.com/v1'); + assert.equal(cfg.model, 'gpt-4o-mini'); + }); + + it('detects openai with custom base url and model', () => { + process.env.OPENAI_API_KEY = 'sk-test'; + process.env.OPENAI_BASE_URL = 'https://openrouter.ai/api/v1'; + process.env.OPENAI_MODEL = 'gpt-4o'; + const cfg = getLLMConfig(); + assert.equal(cfg.provider, 'openai'); + assert.equal(cfg.baseURL, 'https://openrouter.ai/api/v1'); + assert.equal(cfg.model, 'gpt-4o'); + }); + + it('detects gemini with comma-separated keys, picks one', () => { + process.env.GEMINI_API_KEY = 'key1,key2,key3'; + const cfg = getLLMConfig(); + assert.equal(cfg.provider, 'gemini'); + assert.deepEqual(cfg.apiKeys, ['key1', 'key2', 'key3']); + }); + + it('detects gemini with single key (no comma)', () => { + process.env.GEMINI_API_KEY = 'gemini-key'; + const cfg = getLLMConfig(); + assert.equal(cfg.provider, 'gemini'); + assert.equal(cfg.model, 'gemini-2.5-flash'); + }); + + it('detects gemini with custom model', () => { + process.env.GEMINI_API_KEY = 'gemini-key'; + process.env.GEMINI_MODEL = 'gemini-2.0-flash'; + const cfg = getLLMConfig(); + assert.equal(cfg.model, 'gemini-2.0-flash'); + }); + + it('detects claude with defaults', () => { + process.env.CLAUDE_API_KEY = 'claude-key'; + const cfg = getLLMConfig(); + assert.equal(cfg.provider, 'claude'); + assert.equal(cfg.model, 'claude-3-haiku-20240307'); + }); + + it('detects amazonq with its own model env', () => { + process.env.AMAZONQ_API_KEY = 'aq-key'; + process.env.AMAZONQ_MODEL = 'my-amazon-model'; + const cfg = getLLMConfig(); + assert.equal(cfg.provider, 'amazonq'); + assert.equal(cfg.model, 'my-amazon-model'); + }); + + it('openai takes priority over gemini when both set', () => { + process.env.OPENAI_API_KEY = 'sk-test'; + process.env.GEMINI_API_KEY = 'gemini-key'; + const cfg = getLLMConfig(); + assert.equal(cfg.provider, 'openai'); + }); + + it('empty string api key is treated as not set', () => { + process.env.OPENAI_API_KEY = ''; + process.env.GEMINI_API_KEY = 'gemini-key'; + const cfg = getLLMConfig(); + assert.equal(cfg.provider, 'gemini'); + }); + + it('detects ollama without api key', () => { + process.env.OLLAMA_BASE_URL = 'http://localhost:11434'; + process.env.OLLAMA_MODEL = 'llama3'; + const cfg = getLLMConfig(); + assert.equal(cfg.provider, 'ollama'); + assert.equal(cfg.model, 'llama3'); + }); + + it('comma-only api key is treated as not set', () => { + process.env.OPENAI_API_KEY = ',,,'; + const cfg = getLLMConfig(); + assert.equal(cfg.provider, null); + assert.deepEqual(cfg.apiKeys, []); + }); +}); diff --git a/app/findings.js b/app/findings.js new file mode 100644 index 0000000..f381cfa --- /dev/null +++ b/app/findings.js @@ -0,0 +1,173 @@ +import fs from 'fs'; +import path from 'path'; +import { chatJSON } from './llm.js'; +import { FINDINGS_PATH, EXCLUSIONS_PATH } from './config.js'; + +const LEVELS = ['critical', 'warning', 'info']; + +/** + * 用單一角色分析 diff,回傳 findings 陣列 + */ +export async function analyzeWithRole(role, diff) { + console.log(` [${role.name}] 開始分析...`); + const findings = await chatJSON(role.system_prompt, `以下是 Git Diff 內容:\n\n${diff}`); + // 確保每筆都有必要欄位,並標記為新問題 + const valid = findings.filter(f => f.level && f.role && f.location && f.suggestion) + .map(f => ({ ...f, is_new: true })); + console.log(` [${role.name}] 找到 ${valid.length} 個問題`); + return valid; +} + +/** + * 讀取舊 findings(從 workspace 的 FINDINGS_PATH) + */ +export function loadOldFindings(workspace) { + const fullPath = path.join(workspace, FINDINGS_PATH); + if (!fs.existsSync(fullPath)) { + console.log(' 舊 findings 檔案不存在,視為空'); + return []; + } + try { + const data = JSON.parse(fs.readFileSync(fullPath, 'utf8')); + const old = (Array.isArray(data) ? data : []).map(f => ({ ...f, is_new: false })); + console.log(` 讀取舊 findings: ${old.length} 筆`); + return old; + } catch (e) { + console.log(` ⚠️ 讀取舊 findings 失敗: ${e.message},視為空`); + return []; + } +} + +/** + * 合併新舊 findings,以 (role + location + suggestion前50字) 為 key 去除重複 + * 舊問題保留,新問題若與舊問題重複則捨棄 + */ +export function mergeFindings(oldFindings, newFindings) { + const key = f => `${f.role}|${f.location}|${String(f.suggestion).slice(0, 50)}`; + const seen = new Set(oldFindings.map(key)); + const deduped = newFindings.filter(f => { + if (seen.has(key(f))) return false; + seen.add(key(f)); + return true; + }); + const merged = [...oldFindings, ...deduped]; + console.log(` 合併結果: 舊=${oldFindings.length} 新(去重後)=${deduped.length} 總計=${merged.length}`); + return merged; +} + +/** + * 依等級排序(critical > warning > info) + */ +export function sortByLevel(findings) { + return [...findings].sort((a, b) => LEVELS.indexOf(a.level) - LEVELS.indexOf(b.level)); +} + +/** + * 呼叫 LLM 進行語意去重,回傳去重後的 findings + * 失敗時降級回傳原始 findings + */ +export async function deduplicateWithAI(findings) { + if (findings.length === 0) return findings; + + const systemPrompt = `你是一位程式碼審查問題去重專家。 +給你一份問題清單(JSON 陣列),請移除語意重複的問題(即使描述文字不同,但指的是同一個問題)。 +保留等級較高的版本,優先保留 critical > warning > info。 +只回傳去重後的 JSON 陣列,不要有其他文字。`; + + const userContent = `以下是問題清單,請去除語意重複的項目:\n\n${JSON.stringify(findings, null, 2)}`; + + try { + const result = await chatJSON(systemPrompt, userContent); + if (Array.isArray(result) && result.length > 0) { + console.log(` AI 去重: ${findings.length} -> ${result.length} 筆`); + return result; + } + throw new Error('AI 回傳空陣列'); + } catch (e) { + const status = e.response?.status; + if (status === 402 || status === 429) { + console.log(` ⚠️ AI 去重失敗(${status} 額度/限流),降級:保留所有問題`); + } else { + console.log(` ⚠️ AI 去重失敗(${e.message}),降級:保留所有問題`); + } + return findings; + } +} + +/** + * 讀取排除問題檔案(從 workspace 的 EXCLUSIONS_PATH) + * 格式:[{ role, location, suggestion }],欄位可部分省略,省略表示萬用 + */ +export function loadExclusions(workspace) { + const fullPath = path.join(workspace, EXCLUSIONS_PATH); + if (!fs.existsSync(fullPath)) { + console.log(' 排除問題檔案不存在,跳過過濾'); + return []; + } + try { + const data = JSON.parse(fs.readFileSync(fullPath, 'utf8')); + const exclusions = Array.isArray(data) ? data : []; + console.log(` 讀取排除問題: ${exclusions.length} 筆`); + return exclusions; + } catch (e) { + console.log(` ⚠️ 讀取排除問題失敗: ${e.message},跳過過濾`); + return []; + } +} + +/** + * 套用排除規則,過濾掉符合排除條件的 findings + * location 只比對檔案路徑(忽略行數),suggestion 省略時視為萬用 + */ +export function applyExclusions(findings, exclusions) { + if (exclusions.length === 0) return findings; + const before = findings.length; + const filtered = findings.filter(f => !exclusions.some(ex => { + const fPath = String(f.location).split(':')[0]; + const exPath = ex.location ? String(ex.location).split(':')[0] : null; + return (!exPath || fPath === exPath) && + (!ex.role || ex.role === f.role); + })); + console.log(` 排除過濾: ${before} -> ${filtered.length} 筆(排除 ${before - filtered.length} 筆)`); + return filtered; +} + +/** + * 呼叫 AI 判斷哪些問題是誤報或不需處理,回傳需保留的 findings + * exclusions 為已知誤報清單,供 AI 參考判斷 + * 失敗時降級回傳原始 findings + */ +export async function filterFalsePositivesWithAI(findings, exclusions = []) { + if (findings.length === 0) return findings; + + const exclusionHint = exclusions.length > 0 + ? `\n\n以下是已知的誤報或不需處理的問題清單(供參考,相同檔案路徑且語意相近的問題應一併排除):\n${JSON.stringify(exclusions, null, 2)}` + : ''; + + const systemPrompt = `你是一位資深程式碼審查專家,負責判斷審查問題是否為誤報或不需處理。 +給你一份問題清單(JSON 陣列),每筆包含 level、role、location、suggestion。 +請移除以下類型的問題: +1. 誤報:問題描述與實際程式碼不符(例如:程式碼已正確使用環境變數或 secrets,卻被標記為硬編碼敏感資料) +2. 不適用:問題在此專案情境下不需處理(例如:CI/CD action 本來就需要透過環境變數傳遞 token) +3. 與已知誤報清單語意相近的問題(檔案路徑相同且建議內容相似) +只回傳需要保留的問題 JSON 陣列,不要有其他文字。${exclusionHint}`; + + const userContent = `請判斷以下問題清單,移除誤報或不需處理的問題:\n\n${JSON.stringify(findings, null, 2)}`; + + try { + const result = await chatJSON(systemPrompt, userContent); + if (Array.isArray(result) && result.length > 0) { + console.log(` AI 誤報過濾: ${findings.length} -> ${result.length} 筆`); + return result; + } + throw new Error('AI 回傳空陣列或非陣列'); + } catch (e) { + const status = e.response?.status; + if (status === 402 || status === 429) { + console.log(` ⚠️ AI 誤報過濾失敗(${status} 額度/限流),降級:保留所有問題`); + } else { + console.log(` ⚠️ AI 誤報過濾失敗(${e.message}),降級:保留所有問題`); + } + return findings; + } +} diff --git a/app/git.js b/app/git.js new file mode 100644 index 0000000..5006d88 --- /dev/null +++ b/app/git.js @@ -0,0 +1,92 @@ +import { spawnSync } from 'child_process'; +import fs from 'fs'; +import path from 'path'; +import { GITEA_SERVER_URL, GITEA_REPOSITORY, GITEA_TOKEN, PR_HEAD_BRANCH, FINDINGS_PATH } from './config.js'; + +function makeRunner(spawn) { + return function run(args, cwd, env) { + const opts = { cwd, encoding: 'utf8' }; + if (env) opts.env = env; + const result = spawn('git', args, opts); + if (result.error) throw result.error; + if (result.status !== 0) throw new Error((result.stderr || result.stdout || '').trim()); + return (result.stdout || '').trim(); + }; +} + +/** + * Clone PR head branch to workspace/repo (idempotent) + */ +export function cloneRepo(workspace, _spawnSync = spawnSync) { + const run = makeRunner(_spawnSync); + const baseUrl = GITEA_SERVER_URL.replace(/\/$/, ''); + const remoteUrl = `${baseUrl}/${GITEA_REPOSITORY}.git`; + const repoDir = path.join(workspace, 'repo'); + + const askpassScript = path.join(workspace, '.git-askpass.sh'); + fs.writeFileSync(askpassScript, '#!/bin/sh\necho "$GIT_TOKEN"\n', { mode: 0o700 }); + const credEnv = { ...process.env, GIT_ASKPASS: askpassScript, GIT_USERNAME: 'x-token', GIT_TOKEN: GITEA_TOKEN }; + + try { + if (!fs.existsSync(repoDir)) { + run(['clone', '--depth=1', '--branch', PR_HEAD_BRANCH, remoteUrl, repoDir], workspace, credEnv); + console.log(` ✅ repo cloned to ${repoDir}`); + } else { + run(['fetch', 'origin', PR_HEAD_BRANCH], repoDir, credEnv); + run(['checkout', PR_HEAD_BRANCH], repoDir); + console.log(` ✅ repo already exists, fetched latest`); + } + } finally { + try { fs.unlinkSync(askpassScript); } catch {} + } + return repoDir; +} + +export async function commitAndPush(workspace, _spawnSync = spawnSync) { + const run = makeRunner(_spawnSync); + + const baseUrl = GITEA_SERVER_URL.replace(/\/$/, ''); + const remoteUrl = `${baseUrl}/${GITEA_REPOSITORY}.git`; + const repoDir = path.join(workspace, 'repo'); + + // Write a temporary askpass script that reads the token from an env var, + // so the token value never appears in the script file itself + const askpassScript = path.join(workspace, '.git-askpass.sh'); + fs.writeFileSync(askpassScript, '#!/bin/sh\necho "$GIT_TOKEN"\n', { mode: 0o700 }); + + const credEnv = { ...process.env, GIT_ASKPASS: askpassScript, GIT_USERNAME: 'x-token', GIT_TOKEN: GITEA_TOKEN }; + + try { + if (!fs.existsSync(repoDir)) { + run(['clone', '--depth=1', '--branch', PR_HEAD_BRANCH, remoteUrl, repoDir], workspace, credEnv); + } + + run(['config', 'user.email', 'ai-review[bot]@gitea'], repoDir); + run(['config', 'user.name', 'AI Review Bot'], repoDir); + run(['fetch', 'origin', PR_HEAD_BRANCH], repoDir, credEnv); + run(['checkout', PR_HEAD_BRANCH], repoDir); + + // 將 findings.json 從 workspace 複製到 clone 的 repo + const srcFindings = path.join(workspace, FINDINGS_PATH); + const destFindings = path.join(repoDir, FINDINGS_PATH); + fs.mkdirSync(path.dirname(destFindings), { recursive: true }); + fs.copyFileSync(srcFindings, destFindings); + + run(['add', FINDINGS_PATH], repoDir); + + const status = run(['status', '--porcelain'], repoDir); + if (!status) { + console.log(' findings.json 無變更,跳過 commit'); + return; + } + + const out = run(['commit', '-m', 'chore: update ai-review findings [skip ci]'], repoDir); + const commitHash = out.match(/\[.+ ([a-f0-9]+)\]/)?.[1] || 'unknown'; + run(['push', remoteUrl, PR_HEAD_BRANCH], repoDir, credEnv); + console.log(` ✅ persisted findings commit=${commitHash} push=${PR_HEAD_BRANCH}`); + } catch (e) { + console.log(` ⚠️ Runner failed: commit/push 失敗: ${e.message}`); + } finally { + try { fs.unlinkSync(askpassScript); } catch {} + } +} diff --git a/app/git.test.js b/app/git.test.js new file mode 100644 index 0000000..0e7e85b --- /dev/null +++ b/app/git.test.js @@ -0,0 +1,149 @@ +import { describe, it, before, after, beforeEach } from 'node:test'; +import assert from 'node:assert/strict'; +import fs from 'fs'; +import os from 'os'; +import path from 'path'; +import { commitAndPush, cloneRepo } from './git.js'; + +// --- helpers --- +function makeTmpWorkspace() { + const ws = fs.mkdtempSync(path.join(os.tmpdir(), 'git-test-')); + // Pre-create repo dir so clone branch is skipped + fs.mkdirSync(path.join(ws, 'repo'), { recursive: true }); + // Create a findings.json to copy + const findingsDir = path.join(ws, '.gitea/ai-review'); + fs.mkdirSync(findingsDir, { recursive: true }); + fs.writeFileSync(path.join(findingsDir, 'findings.json'), '[]'); + return ws; +} + +// Default stub: all commands succeed, status returns changes +function makeSpawn(overrides = {}) { + const calls = []; + const spawn = (cmd, args, opts) => { + const key = args[0]; + calls.push({ cmd, args, opts }); + if (overrides[key]) return overrides[key](args, opts); + if (key === 'status') return { status: 0, stdout: 'M .gitea/ai-review/findings.json', stderr: '', error: null }; + if (key === 'commit') return { status: 0, stdout: '[feature-branch abc1234] chore', stderr: '', error: null }; + return { status: 0, stdout: '', stderr: '', error: null }; + }; + spawn.calls = calls; + return spawn; +} + +describe('commitAndPush', () => { + let workspace; + + before(() => { workspace = makeTmpWorkspace(); }); + after(() => { fs.rmSync(workspace, { recursive: true, force: true }); }); + beforeEach(() => { + // Remove leftover askpass scripts between tests + for (const f of fs.readdirSync(workspace)) { + if (f.endsWith('.git-askpass.sh')) fs.unlinkSync(path.join(workspace, f)); + } + }); + + it('does not embed token in any git command argument', async () => { + const spawn = makeSpawn(); + await commitAndPush(workspace, spawn); + + for (const { args } of spawn.calls) { + assert.ok(!args.join(' ').includes('test-token'), `Token leaked in git args: ${args.join(' ')}`); + } + }); + + it('uses GIT_ASKPASS env for network operations (fetch, push, clone)', async () => { + const spawn = makeSpawn(); + await commitAndPush(workspace, spawn); + + const networkOps = ['fetch', 'push', 'clone']; + const networkCalls = spawn.calls.filter(c => networkOps.includes(c.args[0])); + assert.ok(networkCalls.length > 0, 'expected at least one network git call'); + + for (const { args, opts } of networkCalls) { + assert.ok(opts?.env?.GIT_ASKPASS, `GIT_ASKPASS missing for git ${args[0]}`); + } + }); + + it('cleans up askpass script after successful run', async () => { + await commitAndPush(workspace, makeSpawn()); + const leftover = fs.readdirSync(workspace).filter(f => f.endsWith('.git-askpass.sh')); + assert.equal(leftover.length, 0, 'askpass script was not cleaned up'); + }); + + it('cleans up askpass script even when git fails', async () => { + const failSpawn = () => ({ status: 1, stdout: '', stderr: 'fatal: error', error: null }); + await commitAndPush(workspace, failSpawn); + const leftover = fs.readdirSync(workspace).filter(f => f.endsWith('.git-askpass.sh')); + assert.equal(leftover.length, 0, 'askpass script was not cleaned up after failure'); + }); + + it('skips commit when status shows no changes', async () => { + const spawn = makeSpawn({ status: () => ({ status: 0, stdout: '', stderr: '', error: null }) }); + await commitAndPush(workspace, spawn); + const commitCalled = spawn.calls.some(c => c.args[0] === 'commit'); + assert.equal(commitCalled, false, 'commit should not run when there are no changes'); + }); + + it('does not throw when git command fails', async () => { + const failSpawn = () => ({ status: 1, stdout: '', stderr: 'fatal: error', error: null }); + await assert.doesNotReject(() => commitAndPush(workspace, failSpawn)); + }); +}); + +describe('cloneRepo', () => { + let workspace; + + before(() => { workspace = fs.mkdtempSync(path.join(os.tmpdir(), 'clone-test-')); }); + after(() => { fs.rmSync(workspace, { recursive: true, force: true }); }); + + it('clones repo when repoDir does not exist', () => { + const spawn = makeSpawn(); + cloneRepo(workspace, spawn); + const cloneCalled = spawn.calls.some(c => c.args[0] === 'clone'); + assert.ok(cloneCalled, 'expected git clone to be called'); + }); + + it('fetches and checks out when repoDir already exists', () => { + const repoDir = path.join(workspace, 'repo'); + fs.mkdirSync(repoDir, { recursive: true }); + const spawn = makeSpawn(); + cloneRepo(workspace, spawn); + const cloneCalled = spawn.calls.some(c => c.args[0] === 'clone'); + const fetchCalled = spawn.calls.some(c => c.args[0] === 'fetch'); + assert.ok(!cloneCalled, 'clone should not run when repoDir exists'); + assert.ok(fetchCalled, 'fetch should run when repoDir exists'); + }); + + it('does not embed token in any git command argument', () => { + const spawn = makeSpawn(); + cloneRepo(workspace, spawn); + for (const { args } of spawn.calls) { + assert.ok(!args.join(' ').includes('test-token'), `Token leaked in git args: ${args.join(' ')}`); + } + }); + + it('uses GIT_ASKPASS for network operations', () => { + const spawn = makeSpawn(); + cloneRepo(workspace, spawn); + const networkCalls = spawn.calls.filter(c => ['clone', 'fetch'].includes(c.args[0])); + assert.ok(networkCalls.length > 0, 'expected at least one network git call'); + for (const { args, opts } of networkCalls) { + assert.ok(opts?.env?.GIT_ASKPASS, `GIT_ASKPASS missing for git ${args[0]}`); + } + }); + + it('cleans up askpass script after run', () => { + const spawn = makeSpawn(); + cloneRepo(workspace, spawn); + const leftover = fs.readdirSync(workspace).filter(f => f.endsWith('.git-askpass.sh')); + assert.equal(leftover.length, 0, 'askpass script was not cleaned up'); + }); + + it('returns repoDir path', () => { + const spawn = makeSpawn(); + const result = cloneRepo(workspace, spawn); + assert.equal(result, path.join(workspace, 'repo')); + }); +}); diff --git a/app/gitea.js b/app/gitea.js new file mode 100644 index 0000000..904b456 --- /dev/null +++ b/app/gitea.js @@ -0,0 +1,17 @@ +import axios from 'axios'; +import https from 'https'; +import { GITEA_TOKEN, GITEA_SERVER_URL, GITEA_REPOSITORY, GITEA_SKIP_TLS_VERIFY, PR_NUMBER } from './config.js'; + +const httpsAgent = GITEA_SKIP_TLS_VERIFY ? new https.Agent({ rejectUnauthorized: false }) : undefined; +const headers = () => ({ Authorization: `token ${GITEA_TOKEN}`, 'Content-Type': 'application/json' }); +const api = (path) => `${GITEA_SERVER_URL.replace(/\/$/, '')}/api/v1${path}`; + +export async function getPRDiff() { + const resp = await axios.get(api(`/repos/${GITEA_REPOSITORY}/pulls/${PR_NUMBER}.diff`), { headers: headers(), timeout: 60000, httpsAgent }); + return resp.data; +} + +export async function postComment(body) { + const resp = await axios.post(api(`/repos/${GITEA_REPOSITORY}/issues/${PR_NUMBER}/comments`), { body }, { headers: headers(), timeout: 30000, httpsAgent }); + return resp.data; +} diff --git a/app/gitea.test.js b/app/gitea.test.js new file mode 100644 index 0000000..bd19a83 --- /dev/null +++ b/app/gitea.test.js @@ -0,0 +1,64 @@ +import { describe, it, afterEach, mock } from 'node:test'; +import assert from 'node:assert/strict'; +import axios from 'axios'; + +// gitea.js reads env vars at module load time (ESM cache), so we test +// the actual values baked in at import time and verify behavior via axios mocks. + +afterEach(() => mock.restoreAll()); + +describe('gitea', async () => { + const { getPRDiff, postComment } = await import('./gitea.js'); + + it('getPRDiff calls Gitea diff API with Authorization header', async () => { + let capturedUrl, capturedOpts; + mock.method(axios, 'get', async (url, opts) => { + capturedUrl = url; + capturedOpts = opts; + return { data: 'diff content' }; + }); + const result = await getPRDiff(); + assert.equal(result, 'diff content'); + assert.ok(capturedUrl.includes('/api/v1/repos/')); + assert.ok(capturedUrl.endsWith('.diff')); + assert.ok(capturedOpts.headers['Authorization'].startsWith('token ')); + assert.equal(capturedOpts.headers['Content-Type'], 'application/json'); + }); + + it('postComment calls Gitea issues comments API with body', async () => { + let capturedUrl, capturedBody, capturedOpts; + mock.method(axios, 'post', async (url, body, opts) => { + capturedUrl = url; + capturedBody = body; + capturedOpts = opts; + return { data: { id: 1 } }; + }); + const result = await postComment('hello world'); + assert.deepEqual(result, { id: 1 }); + assert.ok(capturedUrl.includes('/api/v1/repos/')); + assert.ok(capturedUrl.endsWith('/comments')); + assert.equal(capturedBody.body, 'hello world'); + assert.ok(capturedOpts.headers['Authorization'].startsWith('token ')); + }); + + it('does not set httpsAgent by default (GITEA_SKIP_TLS_VERIFY not true)', async () => { + let capturedOpts; + mock.method(axios, 'get', async (_url, opts) => { + capturedOpts = opts; + return { data: '' }; + }); + await getPRDiff(); + // httpsAgent is undefined when GITEA_SKIP_TLS_VERIFY !== 'true' + assert.equal(capturedOpts.httpsAgent, undefined); + }); + + it('getPRDiff propagates axios errors', async () => { + mock.method(axios, 'get', async () => { throw new Error('network error'); }); + await assert.rejects(() => getPRDiff(), /network error/); + }); + + it('postComment propagates axios errors', async () => { + mock.method(axios, 'post', async () => { throw new Error('api error'); }); + await assert.rejects(() => postComment('test'), /api error/); + }); +}); diff --git a/app/llm.js b/app/llm.js new file mode 100644 index 0000000..4bf932f --- /dev/null +++ b/app/llm.js @@ -0,0 +1,40 @@ +import axios from 'axios'; +import { getLLMConfig } from './config.js'; + +export async function chat(systemPrompt, userContent) { + const { provider, apiKeys, baseURL, model } = getLLMConfig(); + if (!provider) throw new Error('未設定任何 LLM API Key'); + + console.log(` [LLM] provider=${provider} model=${model}`); + + const headers = { 'Content-Type': 'application/json' }; + if (provider === 'claude') headers['anthropic-version'] = '2023-06-01'; + + const shuffled = [...apiKeys].sort(() => Math.random() - 0.5); + for (let i = 0; i < shuffled.length; i++) { + if (provider !== 'ollama') headers['Authorization'] = `Bearer ${shuffled[i]}`; + try { + const resp = await axios.post( + `${baseURL.replace(/\/$/, '')}/chat/completions`, + { model, messages: [{ role: 'system', content: systemPrompt }, { role: 'user', content: userContent }], temperature: 0.2 }, + { headers } + ); + return resp.data.choices[0].message.content; + } catch (e) { + console.log(` [LLM] key[${i + 1}/${shuffled.length}] 失敗: ${e.message}`); + } + } + console.error(' [LLM] 所有 API Key 均失敗,終止流程'); + process.exit(1); +} + +export async function chatJSON(systemPrompt, userContent) { + try { + let text = await chat(systemPrompt, userContent); + text = text.trim().replace(/^```[^\n]*\n?/, '').replace(/```$/, '').trim(); + return JSON.parse(text); + } catch (e) { + console.log(` [LLM] 解析失敗: ${e.message}`); + return []; + } +} diff --git a/app/llm.test.js b/app/llm.test.js new file mode 100644 index 0000000..c4654ab --- /dev/null +++ b/app/llm.test.js @@ -0,0 +1,153 @@ +import { describe, it, beforeEach, afterEach, mock } from 'node:test'; +import assert from 'node:assert/strict'; + +// Mock axios before importing llm.js +import axios from 'axios'; + +const ENV_KEYS = [ + 'OPENAI_API_KEY', 'OPENAI_BASE_URL', 'OPENAI_MODEL', + 'GEMINI_API_KEY', 'GEMINI_BASE_URL', 'GEMINI_MODEL', + 'CLAUDE_API_KEY', 'CLAUDE_BASE_URL', 'CLAUDE_MODEL', + 'OLLAMA_BASE_URL', 'OLLAMA_MODEL', + 'AMAZONQ_API_KEY', 'AMAZONQ_BASE_URL', 'AMAZONQ_MODEL', +]; + +let saved = {}; +beforeEach(() => { + saved = {}; + for (const k of ENV_KEYS) { saved[k] = process.env[k]; delete process.env[k]; } +}); +afterEach(() => { + for (const k of ENV_KEYS) { + if (saved[k] === undefined) delete process.env[k]; + else process.env[k] = saved[k]; + } + mock.restoreAll(); +}); + +function mockAxiosPost(responses) { + let call = 0; + mock.method(axios, 'post', async () => { + const r = responses[call++] ?? responses[responses.length - 1]; + if (r instanceof Error) throw r; + return r; + }); +} + +function makeOkResponse(content = 'ok') { + return { data: { choices: [{ message: { content } }] } }; +} + +describe('chat - key rotation', async () => { + const { chat } = await import('./llm.js'); + + it('succeeds on first key', async () => { + process.env.OPENAI_API_KEY = 'key1'; + mockAxiosPost([makeOkResponse('hello')]); + const result = await chat('sys', 'user'); + assert.equal(result, 'hello'); + }); + + it('shuffles keys and tries each exactly once', async () => { + process.env.OPENAI_API_KEY = 'key1,key2,key3'; + const usedKeys = []; + mock.method(axios, 'post', async (_url, _body, opts) => { + usedKeys.push(opts.headers['Authorization'].replace('Bearer ', '')); + throw new Error('fail'); + }); + const exitMock = mock.method(process, 'exit', () => { throw new Error('exit:1'); }); + await assert.rejects(() => chat('sys', 'user'), /exit:1/); + assert.equal(exitMock.mock.calls[0].arguments[0], 1); + assert.equal(usedKeys.length, 3); + assert.deepEqual([...usedKeys].sort(), ['key1', 'key2', 'key3']); + }); + + it('calls process.exit(1) when all keys fail', async () => { + process.env.OPENAI_API_KEY = 'k1,k2'; + mockAxiosPost([new Error('fail'), new Error('fail')]); + const exitMock = mock.method(process, 'exit', () => { throw new Error('exit:1'); }); + await assert.rejects(() => chat('sys', 'user'), /exit:1/); + assert.equal(exitMock.mock.calls[0].arguments[0], 1); + }); + + it('does not set Authorization header for ollama', async () => { + process.env.OLLAMA_BASE_URL = 'http://localhost:11434/v1'; + process.env.OLLAMA_MODEL = 'llama3'; + let capturedHeaders; + mock.method(axios, 'post', async (_url, _body, opts) => { + capturedHeaders = opts.headers; + return makeOkResponse('ollama response'); + }); + await chat('sys', 'user'); + assert.equal(capturedHeaders['Authorization'], undefined); + }); + + it('sets Authorization header for openai', async () => { + process.env.OPENAI_API_KEY = 'sk-test'; + let capturedHeaders; + mock.method(axios, 'post', async (_url, _body, opts) => { + capturedHeaders = opts.headers; + return makeOkResponse(); + }); + await chat('sys', 'user'); + assert.equal(capturedHeaders['Authorization'], 'Bearer sk-test'); + }); + + it('does not set timeout', async () => { + process.env.OPENAI_API_KEY = 'sk-test'; + let capturedOpts; + mock.method(axios, 'post', async (_url, _body, opts) => { + capturedOpts = opts; + return makeOkResponse(); + }); + await chat('sys', 'user'); + assert.equal(capturedOpts.timeout, undefined); + }); + + it('does not pass httpsAgent to axios', async () => { + process.env.OPENAI_API_KEY = 'sk-test'; + let capturedOpts; + mock.method(axios, 'post', async (_url, _body, opts) => { + capturedOpts = opts; + return makeOkResponse(); + }); + await chat('sys', 'user'); + assert.equal(capturedOpts.httpsAgent, undefined); + }); + + it('sets anthropic-version header for claude', async () => { + process.env.CLAUDE_API_KEY = 'claude-key'; + let capturedHeaders; + mock.method(axios, 'post', async (_url, _body, opts) => { + capturedHeaders = opts.headers; + return makeOkResponse(); + }); + await chat('sys', 'user'); + assert.equal(capturedHeaders['anthropic-version'], '2023-06-01'); + }); +}); + +describe('chatJSON', async () => { + const { chatJSON } = await import('./llm.js'); + + it('parses plain JSON response', async () => { + process.env.OPENAI_API_KEY = 'sk-test'; + mockAxiosPost([makeOkResponse('[{"level":"critical"}]')]); + const result = await chatJSON('sys', 'user'); + assert.deepEqual(result, [{ level: 'critical' }]); + }); + + it('strips markdown code block before parsing', async () => { + process.env.OPENAI_API_KEY = 'sk-test'; + mockAxiosPost([makeOkResponse('```json\n[{"level":"info"}]\n```')]); + const result = await chatJSON('sys', 'user'); + assert.deepEqual(result, [{ level: 'info' }]); + }); + + it('returns [] when JSON is invalid', async () => { + process.env.OPENAI_API_KEY = 'sk-test'; + mockAxiosPost([makeOkResponse('not json')]); + const result = await chatJSON('sys', 'user'); + assert.deepEqual(result, []); + }); +}); diff --git a/app/main.js b/app/main.js new file mode 100644 index 0000000..67a797d --- /dev/null +++ b/app/main.js @@ -0,0 +1,125 @@ +import { GITEA_REPOSITORY, PR_NUMBER, PR_HEAD_BRANCH, PR_BASE_BRANCH, getLLMConfig } from './config.js'; +import { loadRoles, getRoleIntro } from './roles.js'; +import { getPRDiff, postComment } from './gitea.js'; +import { analyzeWithRole, loadOldFindings, mergeFindings, sortByLevel, deduplicateWithAI, loadExclusions, applyExclusions, filterFalsePositivesWithAI } from './findings.js'; +import { saveFindings, postOldFindingsComment, postNewNonCriticalComment, postNewCriticalComments } from './comments.js'; +import { cloneRepo, commitAndPush } from './git.js'; + +const WORKSPACE = process.env.GITHUB_WORKSPACE || '/workspace'; + +async function main() { + console.log('='.repeat(60)); + console.log('🚀 Step1: Pipeline 啟動'); + console.log(` repo=${GITEA_REPOSITORY} PR=#${PR_NUMBER}`); + console.log(` ${PR_HEAD_BRANCH} -> ${PR_BASE_BRANCH}`); + + // 偵測 LLM + const { provider, baseURL, model } = getLLMConfig(); + if (!provider) { + console.error('❌ 未設定任何 LLM API Key,請檢查 action inputs'); + process.exit(1); + } + console.log(` LLM: provider=${provider} model=${model} base_url=${baseURL}`); + + // 載入角色 + const roles = loadRoles(); + console.log(` 已載入 ${roles.length} 個角色: [${roles.map(r => r.name).join(', ')}]`); + + // 取得 PR diff + let diff; + try { + diff = await getPRDiff(); + console.log(` diff 長度: ${diff.length} 字元`); + } catch (e) { + console.error(` ❌ 取得 diff 失敗: ${e.message}`); + process.exit(1); + } + + if (!diff.trim()) { + console.log(' ⚠️ diff 為空,無需審查'); + process.exit(0); + } + + // 發布角色介紹 comment + try { + const intro = getRoleIntro(roles) + `\n\n> 🔍 服務:${provider} 模型:${model}`; + await postComment(intro); + console.log(' ✅ 角色介紹 comment 發布成功'); + } catch (e) { + console.log(` ⚠️ comment 發布失敗(繼續執行): ${e.message}`); + } + console.log(' Step1 完成'); + + // Step2: 各角色分析 diff 產生新 findings + console.log('\n📊 Step2: Findings 產生'); + const results = await Promise.allSettled(roles.map(role => analyzeWithRole(role, diff))); + const newFindings = []; + for (let i = 0; i < results.length; i++) { + if (results[i].status === 'fulfilled') { + newFindings.push(...results[i].value); + } else { + console.log(` ⚠️ [${roles[i].name}] 分析失敗(跳過): ${results[i].reason?.message}`); + } + } + console.log(` Step2 完成: 新 findings 總計 ${newFindings.length} 筆`); + + // Step3: 讀取舊 findings,合併去重(含 AI 語意去重) + console.log('\n🔀 Step3: Findings 合併'); + // Clone repo 以讀取舊 findings 與排除清單 + let repoDir; + try { + repoDir = cloneRepo(WORKSPACE); + } catch (e) { + console.log(` ⚠️ clone repo 失敗(繼續執行): ${e.message}`); + } + const oldFindings = loadOldFindings(repoDir || WORKSPACE); + const mergedFindings = mergeFindings(oldFindings, newFindings); + console.log(` Step3 merged findings total=${mergedFindings.length}`); + + console.log('\n🤖 Step3b: AI 語意去重'); + const deduped = await deduplicateWithAI(mergedFindings); + const sorted = sortByLevel(deduped); + console.log(` Step3b dedup findings total=${sorted.length} (critical=${sorted.filter(f=>f.level==='critical').length} warning=${sorted.filter(f=>f.level==='warning').length} info=${sorted.filter(f=>f.level==='info').length})`); + + // Step4: 讀取排除問題檔案,過濾 PR 問題表格,並請 AI 判斷誤報 + console.log('\n🚫 Step4: AI 排除問題過濾'); + const exclusions = loadExclusions(repoDir || WORKSPACE); + const ruleFiltered = applyExclusions(sorted, exclusions); + const filtered = await filterFalsePositivesWithAI(ruleFiltered, exclusions); + console.log(` Step4 完成: findings total=${filtered.length}`); + + // Step5: 寫入 findings.json,依序發布 comment + console.log('\n📝 Step5: Findings 寫入與 Comment 發布'); + saveFindings(WORKSPACE, filtered); + + try { + await postOldFindingsComment(filtered); + await postNewNonCriticalComment(filtered); + await postNewCriticalComments(filtered); + console.log(' Step5 完成'); + } catch (e) { + console.log(` ⚠️ comment 發布失敗(繼續執行): ${e.message}`); + } + + // Step6: commit/push findings.json 到來源分支 + console.log('\n💾 Step6: 記憶區 Commit/Push'); + await commitAndPush(WORKSPACE); + + // Step7: 有 critical 問題則 exit 1 + console.log('\n🚦 Step7: 嚴重問題檢查'); + const criticalCount = filtered.filter(f => f.level === 'critical').length; + if (criticalCount > 0) { + console.log(` ❌ 發現 ${criticalCount} 個嚴重問題,workflow 結束(exit 1)`); + console.log('='.repeat(60)); + process.exit(1); + } + console.log(' ✅ 無嚴重問題'); + + console.log('\n✅ Pipeline 完成'); + console.log('='.repeat(60)); +} + +main().catch(e => { + console.error('❌ Runner failed:', e.message); + process.exit(1); +}); diff --git a/app/package-lock.json b/app/package-lock.json new file mode 100644 index 0000000..6aaee51 --- /dev/null +++ b/app/package-lock.json @@ -0,0 +1,468 @@ +{ + "name": "ai-code-review", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "ai-code-review", + "version": "1.0.0", + "dependencies": { + "axios": "^1.6.7", + "js-yaml": "^4.1.0", + "openai": "^4.28.0" + } + }, + "node_modules/@types/node": { + "version": "18.19.130", + "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.130.tgz", + "integrity": "sha512-GRaXQx6jGfL8sKfaIDD6OupbIHBr9jv7Jnaml9tB7l4v068PAOXqfcujMMo5PhbIs6ggR1XODELqahT2R8v0fg==", + "dependencies": { + "undici-types": "~5.26.4" + } + }, + "node_modules/@types/node-fetch": { + "version": "2.6.13", + "resolved": "https://registry.npmjs.org/@types/node-fetch/-/node-fetch-2.6.13.tgz", + "integrity": "sha512-QGpRVpzSaUs30JBSGPjOg4Uveu384erbHBoT1zeONvyCfwQxIkUshLAOqN/k9EjGviPRmWTTe6aH2qySWKTVSw==", + "dependencies": { + "@types/node": "*", + "form-data": "^4.0.4" + } + }, + "node_modules/abort-controller": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz", + "integrity": "sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==", + "dependencies": { + "event-target-shim": "^5.0.0" + }, + "engines": { + "node": ">=6.5" + } + }, + "node_modules/agentkeepalive": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/agentkeepalive/-/agentkeepalive-4.6.0.tgz", + "integrity": "sha512-kja8j7PjmncONqaTsB8fQ+wE2mSU2DJ9D4XKoJ5PFWIdRMa6SLSN1ff4mOr4jCbfRSsxR4keIiySJU0N9T5hIQ==", + "dependencies": { + "humanize-ms": "^1.2.1" + }, + "engines": { + "node": ">= 8.0.0" + } + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, + "node_modules/asynckit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" + }, + "node_modules/axios": { + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.16.0.tgz", + "integrity": "sha512-6hp5CwvTPlN2A31g5dxnwAX0orzM7pmCRDLnZSX772mv8WDqICwFjowHuPs04Mc8deIld1+ejhtaMn5vp6b+1w==", + "dependencies": { + "follow-redirects": "^1.16.0", + "form-data": "^4.0.5", + "proxy-from-env": "^2.1.0" + } + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/combined-stream": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "dependencies": { + "delayed-stream": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/delayed-stream": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-set-tostringtag": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz", + "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==", + "dependencies": { + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.6", + "has-tostringtag": "^1.0.2", + "hasown": "^2.0.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/event-target-shim": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz", + "integrity": "sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==", + "engines": { + "node": ">=6" + } + }, + "node_modules/follow-redirects": { + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz", + "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, + "node_modules/form-data": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz", + "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "es-set-tostringtag": "^2.1.0", + "hasown": "^2.0.2", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/form-data-encoder": { + "version": "1.7.2", + "resolved": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-1.7.2.tgz", + "integrity": "sha512-qfqtYan3rxrnCk1VYaA4H+Ms9xdpPqvLZa6xmMgFvhO32x7/3J/ExcTd6qpxM0vH2GdMI+poehyBZvqfMTto8A==" + }, + "node_modules/formdata-node": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/formdata-node/-/formdata-node-4.4.1.tgz", + "integrity": "sha512-0iirZp3uVDjVGt9p49aTaqjk84TrglENEDuqfdlZQ1roC9CWlPk6Avf8EEnZNcAqPonwkG35x4n3ww/1THYAeQ==", + "dependencies": { + "node-domexception": "1.0.0", + "web-streams-polyfill": "4.0.0-beta.3" + }, + "engines": { + "node": ">= 12.20" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-tostringtag": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", + "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", + "dependencies": { + "has-symbols": "^1.0.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz", + "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/humanize-ms": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/humanize-ms/-/humanize-ms-1.2.1.tgz", + "integrity": "sha512-Fl70vYtsAFb/C06PTS9dZBo7ihau+Tu/DNCk/OyHhea07S+aeMWpFFkUaXRa8fI+ScZbEI8dfSxwY7gxZ9SAVQ==", + "dependencies": { + "ms": "^2.0.0" + } + }, + "node_modules/js-yaml": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" + }, + "node_modules/node-domexception": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/node-domexception/-/node-domexception-1.0.0.tgz", + "integrity": "sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==", + "deprecated": "Use your platform's native DOMException instead", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/jimmywarting" + }, + { + "type": "github", + "url": "https://paypal.me/jimmywarting" + } + ], + "engines": { + "node": ">=10.5.0" + } + }, + "node_modules/node-fetch": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", + "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", + "dependencies": { + "whatwg-url": "^5.0.0" + }, + "engines": { + "node": "4.x || >=6.0.0" + }, + "peerDependencies": { + "encoding": "^0.1.0" + }, + "peerDependenciesMeta": { + "encoding": { + "optional": true + } + } + }, + "node_modules/openai": { + "version": "4.104.0", + "resolved": "https://registry.npmjs.org/openai/-/openai-4.104.0.tgz", + "integrity": "sha512-p99EFNsA/yX6UhVO93f5kJsDRLAg+CTA2RBqdHK4RtK8u5IJw32Hyb2dTGKbnnFmnuoBv5r7Z2CURI9sGZpSuA==", + "dependencies": { + "@types/node": "^18.11.18", + "@types/node-fetch": "^2.6.4", + "abort-controller": "^3.0.0", + "agentkeepalive": "^4.2.1", + "form-data-encoder": "1.7.2", + "formdata-node": "^4.3.2", + "node-fetch": "^2.6.7" + }, + "bin": { + "openai": "bin/cli" + }, + "peerDependencies": { + "ws": "^8.18.0", + "zod": "^3.23.8" + }, + "peerDependenciesMeta": { + "ws": { + "optional": true + }, + "zod": { + "optional": true + } + } + }, + "node_modules/proxy-from-env": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz", + "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==", + "engines": { + "node": ">=10" + } + }, + "node_modules/tr46": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" + }, + "node_modules/undici-types": { + "version": "5.26.5", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==" + }, + "node_modules/web-streams-polyfill": { + "version": "4.0.0-beta.3", + "resolved": "https://registry.npmjs.org/web-streams-polyfill/-/web-streams-polyfill-4.0.0-beta.3.tgz", + "integrity": "sha512-QW95TCTaHmsYfHDybGMwO5IJIM93I/6vTRk+daHTWFPhwh+C8Cg7j7XyKrwrj8Ib6vYXe0ocYNrmzY4xAAN6ug==", + "engines": { + "node": ">= 14" + } + }, + "node_modules/webidl-conversions": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" + }, + "node_modules/whatwg-url": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", + "dependencies": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + } + } +} diff --git a/app/package.json b/app/package.json new file mode 100644 index 0000000..b010617 --- /dev/null +++ b/app/package.json @@ -0,0 +1,13 @@ +{ + "name": "ai-code-review", + "version": "1.0.0", + "type": "module", + "scripts": { + "test": "node --test *.test.js" + }, + "dependencies": { + "axios": "^1.6.7", + "js-yaml": "^4.1.0", + "openai": "^4.28.0" + } +} diff --git a/app/prompts/roles/maintainability.yaml b/app/prompts/roles/maintainability.yaml new file mode 100644 index 0000000..23f22d3 --- /dev/null +++ b/app/prompts/roles/maintainability.yaml @@ -0,0 +1,23 @@ +name: "Leo" +role: "可維護性審查員" +personality: "有遠見、重視長期維護成本,常常思考「六個月後的自己能看懂嗎?」" +focus: "程式碼複雜度、模組化、重複程式碼、文件完整性、錯誤處理、可測試性" +system_prompt: | + 你是 Leo,一位重視長期維護成本的審查員。你的工作是審查程式碼的可維護性,包含複雜度、模組化、重複程式碼、文件完整性、錯誤處理。 + + 請分析以下 Git Diff,找出所有可維護性相關問題。 + + 回傳 JSON 陣列,每個問題格式如下: + { + "level": "critical|warning|info", + "role": "Leo", + "location": "檔案路徑:行號 或 檔案路徑", + "suggestion": "繁體中文的具體修改建議" + } + + 等級定義: + - critical:嚴重影響可維護性,會造成技術債(如超長函式、完全無文件的公開 API) + - warning:建議改善的可維護性問題 + - info:可選的改善建議 + + 只回傳 JSON 陣列,不要有其他文字。如果沒有問題,回傳空陣列 []。 diff --git a/app/prompts/roles/performance.yaml b/app/prompts/roles/performance.yaml new file mode 100644 index 0000000..51f6249 --- /dev/null +++ b/app/prompts/roles/performance.yaml @@ -0,0 +1,23 @@ +name: "Zara" +role: "效能優化專家" +personality: "追求極致效能,對任何不必要的資源消耗都感到不舒服,喜歡用數據說話" +focus: "時間複雜度、空間複雜度、資料庫查詢效率、快取策略、不必要的重複運算" +system_prompt: | + 你是 Zara,一位追求極致效能的優化專家。你的工作是審查程式碼的效能問題,包含時間複雜度、空間複雜度、資料庫查詢效率、快取策略。 + + 請分析以下 Git Diff,找出所有效能相關問題。 + + 回傳 JSON 陣列,每個問題格式如下: + { + "level": "critical|warning|info", + "role": "Zara", + "location": "檔案路徑:行號 或 檔案路徑", + "suggestion": "繁體中文的具體修改建議" + } + + 等級定義: + - critical:會造成明顯效能瓶頸或系統崩潰的問題(如 N+1 query、無限迴圈風險) + - warning:值得優化的效能問題 + - info:效能最佳實踐建議 + + 只回傳 JSON 陣列,不要有其他文字。如果沒有問題,回傳空陣列 []。 diff --git a/app/prompts/roles/security.yaml b/app/prompts/roles/security.yaml new file mode 100644 index 0000000..3bc5d31 --- /dev/null +++ b/app/prompts/roles/security.yaml @@ -0,0 +1,23 @@ +name: "Rex" +role: "資安審查員" +personality: "謹慎、多疑、對任何潛在風險都保持高度警覺,寧可誤報也不放過漏洞" +focus: "安全漏洞、注入攻擊、敏感資料洩漏、認證授權問題、依賴套件風險" +system_prompt: | + 你是 Rex,一位謹慎的資安審查員。你的工作是審查程式碼中的安全漏洞、注入攻擊風險、敏感資料洩漏、認證授權問題。 + + 請分析以下 Git Diff,找出所有安全相關問題。 + + 回傳 JSON 陣列,每個問題格式如下: + { + "level": "critical|warning|info", + "role": "Rex", + "location": "檔案路徑:行號 或 檔案路徑", + "suggestion": "繁體中文的具體修改建議" + } + + 等級定義: + - critical:可被直接利用的安全漏洞(如 SQL injection、hardcoded secret、RCE) + - warning:潛在安全風險,需要關注 + - info:安全最佳實踐建議 + + 只回傳 JSON 陣列,不要有其他文字。如果沒有問題,回傳空陣列 []。 diff --git a/app/prompts/roles/style.yaml b/app/prompts/roles/style.yaml new file mode 100644 index 0000000..75955a4 --- /dev/null +++ b/app/prompts/roles/style.yaml @@ -0,0 +1,23 @@ +name: "Aria" +role: "程式碼風格審查員" +personality: "嚴謹、注重細節、對程式碼整潔度有高度要求,說話直接但不失禮貌" +focus: "程式碼風格、命名規範、格式一致性、可讀性" +system_prompt: | + 你是 Aria,一位嚴謹的程式碼風格審查員。你的工作是審查程式碼的風格、命名規範、格式一致性與可讀性。 + + 請分析以下 Git Diff,找出所有風格相關問題。 + + 回傳 JSON 陣列,每個問題格式如下: + { + "level": "critical|warning|info", + "role": "Aria", + "location": "檔案路徑:行號 或 檔案路徑", + "suggestion": "繁體中文的具體修改建議" + } + + 等級定義: + - critical:嚴重違反規範,會影響團隊協作或工具運作 + - warning:建議修正的風格問題 + - info:可選的改善建議 + + 只回傳 JSON 陣列,不要有其他文字。如果沒有問題,回傳空陣列 []。 diff --git a/app/prompts/roles/testing.yaml b/app/prompts/roles/testing.yaml new file mode 100644 index 0000000..e83cf05 --- /dev/null +++ b/app/prompts/roles/testing.yaml @@ -0,0 +1,23 @@ +name: "Maya" +role: "測試品質審查員" +personality: "對測試覆蓋率有執念,相信沒有測試的程式碼等於沒有完成,溫和但堅持" +focus: "測試覆蓋率、測試品質、邊界條件、錯誤情境測試、測試可讀性" +system_prompt: | + 你是 Maya,一位對測試品質有高度要求的審查員。你的工作是審查程式碼的測試覆蓋率、測試品質、邊界條件處理。 + + 請分析以下 Git Diff,找出所有測試相關問題。 + + 回傳 JSON 陣列,每個問題格式如下: + { + "level": "critical|warning|info", + "role": "Maya", + "location": "檔案路徑:行號 或 檔案路徑", + "suggestion": "繁體中文的具體修改建議" + } + + 等級定義: + - critical:完全缺少測試的核心功能,或測試邏輯有嚴重錯誤 + - warning:測試覆蓋不足或測試品質有待改善 + - info:測試最佳實踐建議 + + 只回傳 JSON 陣列,不要有其他文字。如果沒有問題,回傳空陣列 []。 diff --git a/app/roles.js b/app/roles.js new file mode 100644 index 0000000..d4e6a7c --- /dev/null +++ b/app/roles.js @@ -0,0 +1,25 @@ +import fs from 'fs'; +import path from 'path'; +import { fileURLToPath } from 'url'; +import yaml from 'js-yaml'; + +const ROLES_DIR = path.join(fileURLToPath(import.meta.url), '..', 'prompts', 'roles'); + +export function loadRoles() { + return fs.readdirSync(ROLES_DIR) + .filter(f => f.endsWith('.yaml')) + .sort() + .map(f => yaml.load(fs.readFileSync(path.join(ROLES_DIR, f), 'utf8'))); +} + +export function getRoleIntro(roles) { + const lines = [ + '## 🤖 AI Code Review 團隊', '', + '| 👤 名稱 | 🎯 職責 | 🧠 個性 |', + '|--------|--------|--------|', + ]; + for (const r of roles) { + lines.push(`| **${r.name}** | ${r.role} | ${r.personality} |`); + } + return lines.join('\n'); +} diff --git a/entrypoint.sh b/entrypoint.sh index 378b552..64c4ccb 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,11 +1,8 @@ #!/bin/bash +set -e -echo "Gitea Server Url: $GITEA_SERVER_URL" +echo "🚀 AI Code Review Action 啟動" +echo "Repository: $GITEA_REPOSITORY" +echo "PR: #$PR_NUMBER ($PR_HEAD_BRANCH -> $PR_BASE_BRANCH)" -echo "Gitea Repository: $GITEA_REPOSITORY" - -echo "Gitea Runner Token: $RUNNER_TOKEN" - -echo "Input Text: $INPUT_TEXT" - -echo "text=$INPUT_TEXT" >> "$GITHUB_OUTPUT" \ No newline at end of file +exec node /action/app/main.js