-
Notifications
You must be signed in to change notification settings - Fork 285
Testpr.py #499
Testpr.py #499
Changes from all commits
39d0dca
ae3cd7d
daedd19
bfae83a
bda1587
c348516
96e642e
10effe2
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
name: OpenAI Reviewer | ||
|
||
permissions: | ||
contents: read | ||
pull-requests: write | ||
|
||
on: | ||
pull_request_target: | ||
types: [opened, synchronize, reopened] | ||
pull_request_review_comment: | ||
types: [created] | ||
|
||
concurrency: | ||
group: | ||
${{ github.repository }}-${{ github.event.number || github.head_ref || | ||
github.sha }}-${{ github.workflow }}-${{ github.event_name == | ||
'pull_request_review_comment' && 'pr_comment' || 'pr' }} | ||
cancel-in-progress: ${{ github.event_name != 'pull_request_review_comment' }} | ||
|
||
jobs: | ||
review: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
repository: ${{github.event.pull_request.head.repo.full_name}} | ||
ref: ${{github.event.pull_request.head.ref}} | ||
submodules: false | ||
- uses: ./ | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | ||
with: | ||
debug: true | ||
review_comment_lgtm: false | ||
openai_heavy_model: gpt-4 | ||
path_filters: | | ||
!dist/** | ||
!**/*.lock | ||
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
name: OpenAI Reviewer | ||
|
||
permissions: | ||
contents: read | ||
pull-requests: write | ||
|
||
on: [push] | ||
|
||
|
||
concurrency: | ||
group: | ||
${{ github.repository }}-${{ github.event.number || github.head_ref || | ||
github.sha }}-${{ github.workflow }}-${{ github.event_name == | ||
'pull_request_review_comment' && 'pr_comment' || 'pr' }} | ||
cancel-in-progress: ${{ github.event_name != 'pull_request_review_comment' }} | ||
|
||
jobs: | ||
review: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
repository: ${{github.event.pull_request.head.repo.full_name}} | ||
ref: ${{github.event.pull_request.head.ref}} | ||
submodules: false | ||
- uses: ./ | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GGITHUB_TOKEN }} | ||
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | ||
with: | ||
debug: true | ||
review_comment_lgtm: false | ||
openai_heavy_model: gpt-4 | ||
path_filters: | | ||
!dist/** | ||
!**/*.lock | ||
Comment on lines
+1
to
+36
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The workflow file seems to be well structured and follows the standard conventions for GitHub Actions. However, there's a typo in line 28 where - GITHUB_TOKEN: ${{ secrets.GGITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} Also, it's important to note that storing sensitive keys like Lastly, please ensure that the custom action (referenced by |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
|
||
def add(x, y): | ||
z = x + y | ||
k = 3 | ||
l = 'ff' | ||
return z | ||
Comment on lines
+2
to
+6
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
if __name__ == "__main__": | ||
r = add(10, 7) | ||
print(r) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CodeRabbit
The workflow file seems to be well structured and follows the standard conventions for GitHub Actions. It correctly sets up the job to run on
ubuntu-latest
, checks out the repository, and runs a custom action with environment variables and parameters.However, I noticed that you are using
pull_request_target
as an event trigger. This event runs in the context of the base repository of the pull request, not in the forked repository. This means it has access to secrets from the base repository. If your workflow allows for arbitrary code execution (for example, by accepting a script as an input parameter), this could potentially expose your secrets to a malicious actor.If your workflow does not need to access secrets or write access to the repository, consider changing the event to
pull_request
instead ofpull_request_target
. If you do need these permissions, make sure your workflow does not execute untrusted code and carefully review additions to this workflow.Also, please ensure that the secret
OPENAI_API_KEY
is properly secured and has the minimum necessary permissions, as it's being used here in the workflow.Lastly, the
path_filters
section is excluding changes indist/**
and**/*.lock
files from triggering the workflow. Make sure this aligns with your project requirements.