[PM-24468] Introduce CipherRiskClient #60
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Review code | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| permissions: {} | |
| jobs: | |
| review: | |
| name: Review | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: write | |
| steps: | |
| - name: Check out repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Check for Vault team changes | |
| id: check_changes | |
| run: | | |
| # Ensure we have the base branch | |
| git fetch origin ${{ github.base_ref }} | |
| echo "Comparing changes between origin/${{ github.base_ref }} and HEAD" | |
| CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD) | |
| if [ -z "$CHANGED_FILES" ]; then | |
| echo "Zero files changed" | |
| echo "vault_team_changes=false" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| # Handle variations in spacing and multiple teams | |
| VAULT_PATTERNS=$(grep -E "@bitwarden/team-vault-dev(\s|$)" .github/CODEOWNERS 2>/dev/null | awk '{print $1}') | |
| if [ -z "$VAULT_PATTERNS" ]; then | |
| echo "⚠️ No patterns found for @bitwarden/team-vault-dev in CODEOWNERS" | |
| echo "vault_team_changes=false" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| vault_team_changes=false | |
| for pattern in $VAULT_PATTERNS; do | |
| echo "Checking pattern: $pattern" | |
| # Handle **/directory patterns | |
| if [[ "$pattern" == "**/"* ]]; then | |
| # Remove the **/ prefix | |
| dir_pattern="${pattern#\*\*/}" | |
| # Check if any file contains this directory in its path | |
| if echo "$CHANGED_FILES" | grep -qE "(^|/)${dir_pattern}(/|$)"; then | |
| vault_team_changes=true | |
| echo "✅ Found files matching pattern: $pattern" | |
| echo "$CHANGED_FILES" | grep -E "(^|/)${dir_pattern}(/|$)" | sed 's/^/ - /' | |
| break | |
| fi | |
| else | |
| # Handle other patterns (shouldn't happen based on your CODEOWNERS) | |
| if echo "$CHANGED_FILES" | grep -q "$pattern"; then | |
| vault_team_changes=true | |
| echo "✅ Found files matching pattern: $pattern" | |
| echo "$CHANGED_FILES" | grep "$pattern" | sed 's/^/ - /' | |
| break | |
| fi | |
| fi | |
| done | |
| echo "vault_team_changes=$vault_team_changes" >> $GITHUB_OUTPUT | |
| if [ "$vault_team_changes" = "true" ]; then | |
| echo "" | |
| echo "✅ Vault team changes detected - proceeding with review" | |
| else | |
| echo "" | |
| echo "❌ No Vault team changes detected - skipping review" | |
| fi | |
| - name: Review with Claude Code | |
| if: steps.check_changes.outputs.vault_team_changes == 'true' | |
| uses: anthropics/claude-code-action@a5528eec7426a4f0c9c1ac96018daa53ebd05bc4 # v1.0.7 | |
| with: | |
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | |
| track_progress: true | |
| prompt: | | |
| REPO: ${{ github.repository }} | |
| PR NUMBER: ${{ github.event.pull_request.number }} | |
| TITLE: ${{ github.event.pull_request.title }} | |
| BODY: ${{ github.event.pull_request.body }} | |
| AUTHOR: ${{ github.event.pull_request.user.login }} | |
| Please review this pull request with a focus on: | |
| - Code quality and best practices | |
| - Potential bugs or issues | |
| - Security implications | |
| - Performance considerations | |
| Note: The PR branch is already checked out in the current working directory. | |
| Provide detailed feedback using inline comments for specific issues. | |
| claude_args: | | |
| --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)" |