Skip to content
This repository has been archived by the owner on Mar 6, 2024. It is now read-only.

Testpr.py #499

Closed
wants to merge 8 commits into from
+103 −9
Closed

Testpr.py #499

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
39d0dca
Create deno.yml
cllouud Nov 24, 2023
ae3cd7d
Update deno.yml
cllouud Nov 24, 2023
daedd19
Create alibabacloud.yml
cllouud Nov 24, 2023
bfae83a
www
cllouud Nov 24, 2023
bda1587
Update deno.yml
cllouud Nov 24, 2023
c348516
ff
cllouud Nov 24, 2023
96e642e
t:wq
cllouud Nov 24, 2023
10effe2
ff
cllouud Nov 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions .github/workflows/alibabacloud.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: OpenAI Reviewer

permissions:
contents: read
pull-requests: write

on:
pull_request_target:
types: [opened, synchronize, reopened]
pull_request_review_comment:
types: [created]

concurrency:
group:
${{ github.repository }}-${{ github.event.number || github.head_ref ||
github.sha }}-${{ github.workflow }}-${{ github.event_name ==
'pull_request_review_comment' && 'pr_comment' || 'pr' }}
cancel-in-progress: ${{ github.event_name != 'pull_request_review_comment' }}

jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
repository: ${{github.event.pull_request.head.repo.full_name}}
ref: ${{github.event.pull_request.head.ref}}
submodules: false
- uses: ./
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
with:
debug: true
review_comment_lgtm: false
openai_heavy_model: gpt-4
path_filters: |
!dist/**
!**/*.lock
Comment on lines +1 to +39
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

The workflow file seems to be well structured and follows the standard conventions for GitHub Actions. It correctly sets up the job to run on ubuntu-latest, checks out the repository, and runs a custom action with environment variables and parameters.

However, I noticed that you are using pull_request_target as an event trigger. This event runs in the context of the base repository of the pull request, not in the forked repository. This means it has access to secrets from the base repository. If your workflow allows for arbitrary code execution (for example, by accepting a script as an input parameter), this could potentially expose your secrets to a malicious actor.

If your workflow does not need to access secrets or write access to the repository, consider changing the event to pull_request instead of pull_request_target. If you do need these permissions, make sure your workflow does not execute untrusted code and carefully review additions to this workflow.

-  pull_request_target:
+  pull_request:

Also, please ensure that the secret OPENAI_API_KEY is properly secured and has the minimum necessary permissions, as it's being used here in the workflow.

Lastly, the path_filters section is excluding changes in dist/** and **/*.lock files from triggering the workflow. Make sure this aligns with your project requirements.

36 changes: 36 additions & 0 deletions .github/workflows/deno.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: OpenAI Reviewer

permissions:
contents: read
pull-requests: write

on: [push]


concurrency:
group:
${{ github.repository }}-${{ github.event.number || github.head_ref ||
github.sha }}-${{ github.workflow }}-${{ github.event_name ==
'pull_request_review_comment' && 'pr_comment' || 'pr' }}
cancel-in-progress: ${{ github.event_name != 'pull_request_review_comment' }}

jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
repository: ${{github.event.pull_request.head.repo.full_name}}
ref: ${{github.event.pull_request.head.ref}}
submodules: false
- uses: ./
env:
GITHUB_TOKEN: ${{ secrets.GGITHUB_TOKEN }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
with:
debug: true
review_comment_lgtm: false
openai_heavy_model: gpt-4
path_filters: |
!dist/**
!**/*.lock
Comment on lines +1 to +36
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

The workflow file seems to be well structured and follows the standard conventions for GitHub Actions. However, there's a typo in line 28 where GGITHUB_TOKEN should be GITHUB_TOKEN. This could lead to an error as the incorrect environment variable name is used.

-           GITHUB_TOKEN: ${{ secrets.GGITHUB_TOKEN }}
+           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Also, it's important to note that storing sensitive keys like OPENAI_API_KEY directly in the workflow file can pose a security risk. It's recommended to use GitHub Secrets to store such sensitive information securely. But since you're already using secrets.OPENAI_API_KEY, it seems you're following best practices here.

Lastly, please ensure that the custom action (referenced by - uses: ./) exists in your repository and works as expected. If not, this could cause the workflow to fail.

28 changes: 19 additions & 9 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# AI-based PR reviewer and summarizer

11111
22222
[![Discord](https://img.shields.io/badge/Join%20us%20on-Discord-blue?logo=discord&style=flat-square)](https://discord.gg/GsXnASn26c)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![GitHub](https://img.shields.io/github/last-commit/coderabbitai/ai-pr-reviewer/main?style=flat-square)](https://github.com/coderabbitai/ai-pr-reviewer/commits/main)
Expand Down Expand Up @@ -43,14 +44,23 @@ configure the required environment variables, such as `GITHUB_TOKEN` and
`OPENAI_API_KEY`. For more information on usage, examples, contributing, and
FAQs, you can refer to the sections below.

- [Overview](#overview)
- [Professional Version of CodeRabbit](#professional-version-of-coderabbit)
- [Reviewer Features](#reviewer-features)
- [Install instructions](#install-instructions)
- [Conversation with CodeRabbit](#conversation-with-coderabbit)
- [Examples](#examples)
- [Contribute](#contribute)
- [FAQs](#faqs)
- [AI-based PR reviewer and summarizer](#ai-based-pr-reviewer-and-summarizer)
- [Overview](#overview)
- [Reviewer Features:](#reviewer-features)
- [CodeRabbit Pro](#coderabbit-pro)
- [Install instructions](#install-instructions)
- [Environment variables](#environment-variables)
- [Models: `gpt-4` and `gpt-3.5-turbo`](#models-gpt-4-and-gpt-35-turbo)
- [Prompts \& Configuration](#prompts--configuration)
- [Conversation with CodeRabbit](#conversation-with-coderabbit)
- [Ignoring PRs](#ignoring-prs)
- [Examples](#examples)
- [Contribute](#contribute)
- [Developing](#developing)
- [FAQs](#faqs)
- [Review pull requests from forks](#review-pull-requests-from-forks)
- [Inspect the messages between OpenAI server](#inspect-the-messages-between-openai-server)
- [Disclaimer](#disclaimer)

## CodeRabbit Pro

Expand Down
9 changes: 9 additions & 0 deletions testpr.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@

def add(x, y):
z = x + y
k = 3
l = 'ff'
return z
Comment on lines +2 to +6
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

The variables k and l are defined but not used in the function add. This is unnecessary and can lead to confusion. If these variables are not needed, consider removing them.

-    k = 3
-    l = 'ff'

if __name__ == "__main__":
r = add(10, 7)
print(r)
Loading