Mockup: per-component file dropdowns in the sticky PR comment #42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodeBoarding review | |
| on: | |
| pull_request: | |
| # Generate once, when the PR becomes reviewable, not on every push, so we | |
| # don't spend an LLM job per commit. Add `synchronize` to re-run on each | |
| # push, or refresh anytime with /codeboarding. 'closed' only cancels an | |
| # in-flight review (see concurrency), it doesn't start one. | |
| types: [opened, reopened, ready_for_review, closed] | |
| issue_comment: | |
| types: [created] | |
| permissions: | |
| # write: the action commits the generated .codeboarding/analysis.json back to the | |
| # PR branch so the webview can open this PR's diff at the head SHA (same-repo PRs). | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| concurrency: | |
| group: codeboarding-${{ github.event.pull_request.number || github.event.issue.number }} | |
| # Cancel only when the PR closes — bot comments (issue_comment) and re-triggers | |
| # must not cancel a running review; they queue behind it instead. | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' && github.event.action == 'closed' }} | |
| jobs: | |
| review: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| if: > | |
| (github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.draft == false) || | |
| (github.event_name == 'issue_comment' && github.event.issue.pull_request != null && | |
| startsWith(github.event.comment.body, '/codeboarding') && | |
| contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) | |
| steps: | |
| # Dogfood: run the action from the checked-out repo (uses: ./) so each PR | |
| # exercises the action code under review, not the last published release. | |
| # The action reads its scripts via github.action_path and checks the engine | |
| # and target repo into subdirectories, so this local checkout is untouched. | |
| - uses: actions/checkout@v4 | |
| - name: Detect CodeBoarding GitHub App credentials | |
| id: codeboarding-app-config | |
| shell: bash | |
| env: | |
| CLIENT_ID: ${{ vars.CODEBOARDING_APP_CLIENT_ID }} | |
| APP_ID: ${{ vars.CODEBOARDING_APP_ID }} | |
| PRIVATE_KEY: ${{ secrets.CODEBOARDING_APP_PRIVATE_KEY }} | |
| run: | | |
| client_id="${CLIENT_ID:-}" | |
| app_id="${APP_ID:-}" | |
| # GitHub App client IDs start with "Iv". If that value was stored in | |
| # CODEBOARDING_APP_ID, use it as a client ID to avoid the deprecated | |
| # app-id input path. | |
| if [ -z "$client_id" ] && [ "${app_id#Iv}" != "$app_id" ]; then | |
| client_id="$app_id" | |
| app_id="" | |
| fi | |
| has_private_key=false | |
| private_key_valid=false | |
| if [ -n "$PRIVATE_KEY" ]; then | |
| has_private_key=true | |
| if printf '%s' "$PRIVATE_KEY" | openssl pkey -noout >/dev/null 2>&1; then | |
| private_key_valid=true | |
| else | |
| echo "::warning::CODEBOARDING_APP_PRIVATE_KEY is not a valid PEM private key, so CodeBoarding will fall back to github-actions[bot]." | |
| if printf '%b' "$PRIVATE_KEY" | openssl pkey -noout >/dev/null 2>&1; then | |
| printf '%s\n' "::warning::CODEBOARDING_APP_PRIVATE_KEY looks like it contains literal \\n escapes. Store the downloaded PEM as multi-line secret text instead." | |
| fi | |
| fi | |
| fi | |
| { | |
| [ -n "$client_id" ] && echo "has_client_id=true" || echo "has_client_id=false" | |
| [ -n "$app_id" ] && echo "has_app_id=true" || echo "has_app_id=false" | |
| echo "client_id=$client_id" | |
| echo "has_private_key=$has_private_key" | |
| echo "private_key_valid=$private_key_valid" | |
| } >> "$GITHUB_OUTPUT" | |
| - uses: actions/create-github-app-token@v3 | |
| id: codeboarding-app-token-client | |
| if: steps.codeboarding-app-config.outputs.has_client_id == 'true' && steps.codeboarding-app-config.outputs.private_key_valid == 'true' | |
| continue-on-error: true | |
| with: | |
| client-id: ${{ steps.codeboarding-app-config.outputs.client_id }} | |
| private-key: ${{ secrets.CODEBOARDING_APP_PRIVATE_KEY }} | |
| - uses: actions/create-github-app-token@v3 | |
| id: codeboarding-app-token-app | |
| if: steps.codeboarding-app-config.outputs.has_client_id != 'true' && steps.codeboarding-app-config.outputs.has_app_id == 'true' && steps.codeboarding-app-config.outputs.private_key_valid == 'true' | |
| continue-on-error: true | |
| with: | |
| app-id: ${{ vars.CODEBOARDING_APP_ID }} | |
| private-key: ${{ secrets.CODEBOARDING_APP_PRIVATE_KEY }} | |
| - name: Warn when CodeBoarding App token is unavailable | |
| if: steps.codeboarding-app-token-client.outputs.token == '' && steps.codeboarding-app-token-app.outputs.token == '' | |
| shell: bash | |
| run: | | |
| echo "::warning::CodeBoarding GitHub App token is unavailable; falling back to github-actions[bot]. Check CODEBOARDING_APP_PRIVATE_KEY formatting if app credentials are configured." | |
| - uses: ./ | |
| with: | |
| github_token: ${{ steps.codeboarding-app-token-client.outputs.token || steps.codeboarding-app-token-app.outputs.token || github.token }} | |
| llm_api_key: ${{ secrets.OPENROUTER_API_KEY }} |