refactor(ci): simplify ai-review to vanilla claude-code-action

- Use anthropics/claude-code-action@v1 directly
- Remove ccs-reviewer wrapper dependency
- Match pr-review-comprehensive.yml pattern
- Keep CLIProxy env vars for model routing
- Restore comprehensive allowedTools for posting
This commit is contained in:
kaitranntt
2026-01-18 15:18:17 -05:00
parent 5e22547f3f
commit bdfc40966a
+31 -112
View File
@@ -1,20 +1,11 @@
# AI Code Review Workflow
# Uses anthropics/claude-code-action with CLIProxy (localhost:8317)
# Posts as ccs-agy-reviewer[bot] via GitHub App
#
# Triggers:
# - Automatically when PR is opened, receives new commits, or is reopened
# - Manually via /review comment on PR
# - Manually via workflow_dispatch
#
# Note: Concurrency group cancels in-progress reviews when new commits arrive.
# This prevents wasting resources on outdated code reviews.
name: AI Code Review
on:
pull_request_target:
types: [opened, synchronize, reopened]
pull_request:
types: [opened, synchronize, ready_for_review, reopened]
issue_comment:
types: [created]
workflow_dispatch:
@@ -24,15 +15,6 @@ on:
required: true
type: string
# Smart concurrency: Prevents self-cancellation when bot posts review comment
#
# Problem: When the bot posts a review comment, GitHub fires an issue_comment event.
# This new workflow run joins the same concurrency group and cancels the in-progress
# run BEFORE job `if` conditions are evaluated - causing "operation was canceled" error.
#
# Solution: Non-actionable triggers (bot comments, comments without /review) get a
# unique per-run group, while legitimate triggers share the PR-based group for proper
# cancellation of outdated reviews.
concurrency:
group: >-
ai-review-${{
@@ -48,7 +30,6 @@ concurrency:
jobs:
review:
name: Claude Code Review
runs-on: [self-hosted, cliproxy]
permissions:
contents: read
@@ -56,36 +37,24 @@ jobs:
issues: write
id-token: write
# Conditions:
# - PR event: on opened, synchronize (new commits), or reopened
# - Comment event: only if it's a PR, contains /review, and NOT from a bot
if: >
github.event_name == 'pull_request_target' ||
github.event_name == 'pull_request' ||
github.event_name == 'workflow_dispatch' ||
(github.event_name == 'issue_comment' &&
github.event.issue.pull_request &&
contains(github.event.comment.body, '/review') &&
github.event.comment.user.type != 'Bot')
# CLIProxy environment for model routing
env:
ANTHROPIC_BASE_URL: http://localhost:8317
REVIEW_MODEL: gemini-claude-opus-4-5-thinking
ANTHROPIC_AUTH_TOKEN: ccs-internal-managed
ANTHROPIC_MODEL: gemini-claude-opus-4-5-thinking
ANTHROPIC_DEFAULT_OPUS_MODEL: gemini-claude-opus-4-5-thinking
ANTHROPIC_DEFAULT_SONNET_MODEL: gemini-claude-sonnet-4-5-thinking
ANTHROPIC_DEFAULT_HAIKU_MODEL: gemini-claude-sonnet-4-5
DISABLE_BUG_COMMAND: "1"
DISABLE_ERROR_REPORTING: "1"
DISABLE_TELEMETRY: "1"
CLAUDE_CODE_MAX_OUTPUT_TOKENS: "64000"
MAX_THINKING_TOKENS: "32000"
steps:
- name: Clear Claude install locks
run: rm -rf ~/.local/state/claude/locks/* 2>/dev/null || true
- name: Generate App Token
id: app-token
uses: actions/create-github-app-token@v1
@@ -94,99 +63,49 @@ jobs:
private-key: ${{ secrets.CCS_REVIEWER_PRIVATE_KEY }}
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
fetch-depth: 0
fetch-depth: 1
- name: Checkout PR code
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PR_NUM="${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }}"
if [ -n "$PR_NUM" ]; then
gh pr checkout $PR_NUM || git checkout ${{ github.event.pull_request.head.sha }} 2>/dev/null || true
fi
- name: Add reaction to comment
if: github.event_name == 'issue_comment'
run: |
gh api repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions \
--method POST -f content=eyes
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
- name: Run Claude Code Review
id: claude-review
- name: PR Review
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.CLIPROXY_API_KEY }}
anthropic_api_key: ""
github_token: ${{ steps.app-token.outputs.token }}
path_to_claude_code_executable: /home/github-runner/.local/bin/claude
track_progress: false # Disabled - no progress comments, just final review
track_progress: true
prompt: |
ultrathink
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }}
Perform a comprehensive code review. Follow the repository's CLAUDE.md for project-specific guidelines.
Perform a comprehensive code review with the following focus areas:
## Review Focus Areas
1. **Code Quality**
- Clean code principles and best practices
- Proper error handling and edge cases
- Code readability and maintainability
1. 🔒 **Security** - OWASP Top 10, injection, auth bypass, secrets exposure
2. ✅ **Correctness** - Logic errors, edge cases, error handling
3. 🏗️ **Architecture** - Coupling, cohesion, API contracts, backward compatibility
4. 🧪 **Testing** - Coverage, edge cases, test quality
5. ⚡ **Performance** - Algorithm complexity, memory leaks, query efficiency
6. 📖 **Maintainability** - Naming, complexity, consistency with codebase
2. **Security**
- Check for potential security vulnerabilities
- Validate input sanitization
- Review authentication/authorization logic
## Output Structure
3. **Performance**
- Identify potential performance bottlenecks
- Review database queries for efficiency
- Check for memory leaks or resource issues
Use visual hierarchy with emojis and `---` separators between major sections:
- 📋 **Summary** (2-3 sentences)
- ✅ **Strengths** (numbered, with file:line references, use ⭐ for exceptional items)
- 🔍 **Observations & Suggestions** (with code examples, priority tags)
- 🔒 **Security Considerations** (✅/❌ checklist table)
- 📊 **Code Quality Checklist** (✅/❌ table format)
- 💡 **Recommendations** (🔴 High / 🟡 Medium / 🟢 Low priority)
- 🎯 **Overall Assessment** (✅ APPROVED / ⚠️ APPROVED WITH NOTES / ❌ CHANGES REQUESTED)
4. **Testing**
- Verify adequate test coverage
- Review test quality and edge cases
- Check for missing test scenarios
Be thorough but concise. Skip empty sections. Include code examples for non-trivial suggestions.
Use tables for checklists. Bold important terms. Make the review visually scannable.
5. **Documentation**
- Ensure code is properly documented
- Verify README updates for new features
- Check API documentation accuracy
End your review with:
> 🤖 Reviewed by `${{ env.REVIEW_MODEL }}`
## IMPORTANT: Posting the Review
After completing your analysis, post the review as a PR comment.
STEP 1: First, use the Read tool to check if pr_review.md exists (it may not exist yet, that's OK)
STEP 2: Use the Write tool to write your review to pr_review.md in the current working directory
STEP 3: Post with: gh pr comment ${{ github.event.pull_request.number || github.event.issue.number || github.event.inputs.pr_number }} --body-file pr_review.md
IMPORTANT RULES:
- Write to pr_review.md (in working directory), NOT /tmp/pr_review.md
- Do NOT use shell operators like || or && in bash commands
- Do NOT use heredoc (<<) syntax in bash commands
- Use simple, single-purpose bash commands only
Provide detailed feedback using inline comments for specific issues.
Use top-level comments for general observations or praise.
claude_args: |
--model ${{ env.REVIEW_MODEL }}
--allowedTools "Edit,Glob,Grep,LS,Read,Write,Bash(gh pr comment *),Bash(gh pr diff *),Bash(gh pr view *),Bash(gh issue view *),Bash(gh api *),Bash(git diff *),Bash(git log *),Bash(git status *),Bash(cat *),Bash(ls *),Bash(rm pr_review.md)"
continue-on-error: true
- name: Add success reaction
if: success() && github.event_name == 'issue_comment'
run: |
gh api repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions \
--method POST -f content=rocket
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
- name: Add failure reaction
if: failure() && github.event_name == 'issue_comment'
run: |
gh api repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions \
--method POST -f content=confused
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}