feat(actions): add GitHub App authentication support for review actions

.github/workflows/test-continue-agent.yml

@@ -0,0 +1,27 @@
+name: AI Code Review
+on:
+  pull_request:
+    types: [opened, synchronize, ready_for_review]
+  issue_comment:
+    types: [created]
+
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+  actions: read
+  checks: write
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      # This will use GitHub App token if available, otherwise falls back to github.token
+      - uses: continuedev/continue/actions/base-review@bdougie/continue-agent
+        with:
+          continue-api-key: ${{ secrets.CONTINUE_API_KEY }}
+          # Optional: Provide these if you have a GitHub App installed
+          # app-id: ${{ secrets.CONTINUE_APP_ID }}
+          # app-private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }}

actions/README.md

@@ -119,15 +119,16 @@ jobs:
 
 Both actions accept the same inputs:
 
-| Input              | Description                            | Required |
-| ------------------ | -------------------------------------- | -------- |
-| `continue-api-key` | API key for Continue service           | Yes      |
-| `continue-org`     | Organization for Continue config       | Yes      |
-| `continue-config`  | Config path (e.g., "myorg/review-bot") | Yes      |
+| Input              | Description                                    | Required | Default |
+| ------------------ | ---------------------------------------------- | -------- | ------- |
+| `continue-api-key` | API key for Continue service                   | Yes      | -       |
+| `continue-org`     | Organization for Continue config               | Yes      | -       |
+| `continue-config`  | Config path (e.g., "myorg/review-bot")         | Yes      | -       |
+| `use_github_app`   | Use Continue Agent GitHub App for bot identity | No       | `true`  |
 
 ## Setup Requirements
 
-### 1. Continue API Key
+### 1. Continue API Key (Required)
 
 Add your Continue API key as a secret named `CONTINUE_API_KEY` in your repository:
 
@@ -137,15 +138,49 @@ Add your Continue API key as a secret named `CONTINUE_API_KEY` in your repositor
 4. Name: `CONTINUE_API_KEY`
 5. Value: Your Continue API key
 
-### 2. Continue Configuration
+### 2. Continue Agent GitHub App (Recommended)
+
+To enable reviews with the `continue-agent[bot]` identity instead of `github-actions[bot]`:
+
+#### Option A: Install the Continue Agent App
+
+1. **Install the app**: Visit https://github.com/apps/continue-agent
+2. **Grant repository access**: Select the repositories where you want to use Continue reviews
+3. **Configure secrets and variables**:
+   - Add a **repository secret**: `CONTINUE_APP_PRIVATE_KEY`
+     - This should contain your GitHub App's private key (the entire .pem file content)
+   - Add a **repository variable**: `CONTINUE_APP_ID`
+     - This should contain your GitHub App's ID
+
+#### Option B: Use without GitHub App
+
+If you prefer to use the standard `github-actions[bot]` identity, add this to your workflow:
+
+```yaml
+- uses: continuedev/continue/actions/general-review@main
+  with:
+    continue-api-key: ${{ secrets.CONTINUE_API_KEY }}
+    continue-org: "your-org-name"
+    continue-config: "your-org-name/review-bot"
+    use_github_app: false # Disable GitHub App integration
+```
+
+#### Benefits of Using the GitHub App
+
+- ✅ **Branded Identity**: Reviews appear as `continue-agent[bot]` with custom avatar
+- ✅ **Better Rate Limits**: App rate limits scale with repository count
+- ✅ **Professional Appearance**: Distinctive bot identity for your reviews
+- ✅ **Enhanced Security**: Short-lived tokens (1 hour expiry) with automatic revocation
+
+### 3. Continue Configuration
 
 Set up your review bot configuration in Continue:
 
 1. Create a configuration for your organization
 2. Configure the review bot settings
 3. Note your organization name and config path
 
-### 3. Workflow Permissions
+### 4. Workflow Permissions
 
 The workflow requires these permissions:
 
@@ -224,6 +259,26 @@ uses: continuedev/continue/actions/general-review@64bda6b2b3dac1037e9895dbee4ce1
 
 ## Troubleshooting
 
+### GitHub App Installation Issues
+
+#### Error: "Continue Agent GitHub App is not installed or configured properly"
+
+This error means the GitHub App token could not be generated. Common causes:
+
+1. **App not installed**: Visit https://github.com/apps/continue-agent and install it
+2. **Missing secrets/variables**: Ensure you've added:
+   - Secret: `CONTINUE_APP_PRIVATE_KEY` (the entire .pem file content)
+   - Variable: `CONTINUE_APP_ID` (your app's ID number)
+3. **No repository access**: Check that the app has access to your repository
+4. **Incorrect private key format**: Make sure you include the full private key with headers:
+   ```
+   -----BEGIN RSA PRIVATE KEY-----
+   [key content]
+   -----END RSA PRIVATE KEY-----
+   ```
+
+**Quick fix**: Set `use_github_app: false` in your workflow to bypass app authentication
+
 ### Review not triggering
 
 - Ensure the PR author or commenter has appropriate permissions (OWNER, MEMBER, or COLLABORATOR)

actions/base-review/action.yml

@@ -0,0 +1,73 @@
+name: "Continue Base Review"
+description: "Zero-config AI code review - just add this action and optionally an API key"
+author: "Continue Dev, Inc."
+
+inputs:
+  continue-api-key:
+    description: "API key for Continue service (required)"
+    required: true
+  app-id:
+    description: "GitHub App ID (optional)"
+    required: false
+  app-private-key:
+    description: "GitHub App Private Key (optional)"
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+    - name: Check trigger
+      id: check
+      shell: bash
+      run: |
+        # Determine if we should run based on event type
+        SHOULD_RUN="false"
+        REVIEW_TYPE="general"
+
+        if [ "${{ github.event_name }}" = "pull_request" ]; then
+          if [ "${{ github.event.pull_request.draft }}" != "true" ]; then
+            SHOULD_RUN="true"
+          fi
+        elif [ "${{ github.event_name }}" = "issue_comment" ]; then
+          if [ "${{ github.event.issue.pull_request }}" != "" ]; then
+            COMMENT="${{ github.event.comment.body }}"
+            # Check for @continue-agent mention
+            if echo "$COMMENT" | grep -qi "@continue-agent"; then
+              SHOULD_RUN="true"
+              # Check for review type keywords
+              if echo "$COMMENT" | grep -qi "detailed"; then
+                REVIEW_TYPE="detailed"
+              fi
+            fi
+          fi
+        fi
+
+        echo "should_run=$SHOULD_RUN" >> $GITHUB_OUTPUT
+        echo "review_type=$REVIEW_TYPE" >> $GITHUB_OUTPUT
+
+        # Debug output
+        echo "Event: ${{ github.event_name }}"
+        echo "Should run: $SHOULD_RUN"
+        echo "Review type: $REVIEW_TYPE"
+
+    - name: Generate GitHub App Token
+      if: steps.check.outputs.should_run == 'true' && inputs.app-private-key != ''
+      id: app-token
+      uses: actions/create-github-app-token@v2
+      with:
+        app-id: ${{ inputs.app-id }}
+        private-key: ${{ inputs.app-private-key }}
+      continue-on-error: true
+
+    - name: Run Continue Review
+      if: steps.check.outputs.should_run == 'true'
+      uses: continuedev/continue/actions/general-review@bdougie/continue-agent
+      with:
+        continue-api-key: ${{ inputs.continue-api-key }}
+        continue-org: "continue"
+        continue-config: "continue/default"
+        github-token: ${{ steps.app-token.outputs.token || github.token }}
+
+branding:
+  icon: "code"
+  color: "blue"

actions/detailed-review/action.yml

@@ -1,23 +1,88 @@
-name: 'Continue Detailed PR Review'
-description: 'Automated inline code review for pull requests using Continue CLI'
-author: 'Continue Dev, Inc.'
+name: "Continue Detailed PR Review"
+description: "Automated inline code review for pull requests using Continue CLI"
+author: "Continue Dev, Inc."
 
 inputs:
   continue-api-key:
-    description: 'API key for Continue service'
+    description: "API key for Continue service"
     required: true
   continue-org:
-    description: 'Organization for Continue config'
+    description: "Organization for Continue config"
     required: true
   continue-config:
     description: 'Config path to use (e.g., "myorg/review-bot")'
     required: true
+  use_github_app:
+    description: "Use Continue Agent GitHub App for bot identity (requires app installation)"
+    default: "true"
+    required: false
+  app_id:
+    description: "GitHub App ID (required if use_github_app is true)"
+    required: false
+  app_private_key:
+    description: "GitHub App Private Key (required if use_github_app is true)"
+    required: false
 
 runs:
-  using: 'composite'
+  using: "composite"
   steps:
+    - name: Generate Continue Agent App Token
+      if: inputs.use_github_app == 'true' && inputs.app_id != '' && inputs.app_private_key != ''
+      id: app-token
+      uses: actions/create-github-app-token@v2
+      with:
+        app-id: ${{ inputs.app_id }}
+        private-key: ${{ inputs.app_private_key }}
+      continue-on-error: true
+
+    - name: Verify App Installation
+      if: inputs.use_github_app == 'true' && steps.app-token.outcome == 'failure'
+      shell: bash
+      run: |
+        echo "::error::Continue Agent GitHub App is not installed or configured properly"
+        echo ""
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo "🤖 Continue Agent App Setup Required"
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo ""
+        echo "To enable Continue reviews with proper bot identity:"
+        echo ""
+        echo "1. 📱 Install the Continue Agent app:"
+        echo "   https://github.com/apps/continue-agent"
+        echo ""
+        echo "2. 🔑 Configure repository secrets and variables:"
+        echo "   • Secret: CONTINUE_APP_PRIVATE_KEY (your app's private key)"
+        echo "   • Variable: CONTINUE_APP_ID (your app's ID)"
+        echo ""
+        echo "3. ✅ Ensure the app has access to this repository"
+        echo ""
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo "💡 Quick Fix Options:"
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo ""
+        echo "• For immediate use without the app, add to your workflow:"
+        echo "  use_github_app: false"
+        echo ""
+        echo "• For help, see: https://github.com/continuedev/continue/actions"
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        exit 1
+
+    - name: Set GitHub Token
+      shell: bash
+      run: |
+        # Use app token if available, otherwise use standard token
+        if [ "${{ inputs.use_github_app }}" = "true" ] && [ "${{ steps.app-token.outcome }}" = "success" ]; then
+          echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> $GITHUB_ENV
+          echo "Using Continue Agent app token for GitHub operations"
+        else
+          echo "GH_TOKEN=${{ github.token }}" >> $GITHUB_ENV
+          echo "Using standard GitHub Actions token"
+        fi
+
     - name: Checkout Repository
       uses: actions/checkout@v4
+      with:
+        token: ${{ env.GH_TOKEN }}
 
     - name: Check Authorization
       shell: bash
@@ -26,8 +91,13 @@ runs:
         HAS_TRIGGER_PHRASE: ${{ contains(github.event.comment.body, '@continue-detailed-review') }}
       run: |
         # Check if this action should run based on event type and user permissions
+        # TODO: Future improvement - consolidate into a single action that responds to 
+        # @continue-agent mentions with smart heuristics to determine review type:
+        # - "@continue-agent" or "@continue-agent review" -> general review
+        # - "@continue-agent detailed" or similar keywords -> detailed review
+        # This would provide a more natural bot interaction similar to Claude or GitHub Copilot
         SHOULD_RUN="false"
-        
+
         if [ "${{ github.event_name }}" = "pull_request" ]; then
           # Check if PR is a draft
           if [ "${{ github.event.pull_request.draft }}" = "true" ]; then
@@ -56,12 +126,12 @@ runs:
         else
           echo "::notice::Skipping review - Event type ${{ github.event_name }} is not supported"
         fi
-        
+
         if [ "$SHOULD_RUN" != "true" ]; then
           echo "SKIP_REVIEW=true" >> $GITHUB_ENV
           exit 0
         fi
-        
+
         echo "SKIP_REVIEW=false" >> $GITHUB_ENV
 
     - name: Setup Node.js
@@ -78,8 +148,6 @@ runs:
     - name: Build Inline Review Prompt
       if: env.SKIP_REVIEW != 'true'
       shell: bash
-      env:
-        GH_TOKEN: ${{ github.token }}
       run: |
         # Get PR number based on event type
         if [ "${{ github.event_name }}" = "pull_request" ]; then
@@ -97,7 +165,7 @@ runs:
 
         # Annotate diff with GitHub API positions
         node ${{ github.action_path }}/annotate-diff.js pr_diff.txt > pr_diff_annotated.txt
-        
+
         # Debug: Show sample of annotated diff
         echo "=== SAMPLE OF ANNOTATED DIFF ==="
         head -100 pr_diff_annotated.txt | grep -E "^\[POS:|^@@|^diff --git" || head -50 pr_diff_annotated.txt
@@ -188,7 +256,7 @@ runs:
           echo "Error: continue-org input is required"
           exit 1
         fi
-        
+
         if [ -z "${{ inputs.continue-config }}" ]; then
           echo "Error: continue-config input is required"
           exit 1
@@ -213,7 +281,7 @@ runs:
           echo "Error: Invalid JSON output from Continue CLI"
           exit 1
         fi
-        
+
         # Use the JSON output directly
         cp inline_review_raw.json inline_review.json
         echo "Review output:"
@@ -223,6 +291,7 @@ runs:
       if: env.SKIP_REVIEW != 'true'
       uses: actions/github-script@v7
       with:
+        github-token: ${{ env.GH_TOKEN }}
         script: |
           const fs = require('fs');
 
@@ -358,8 +427,6 @@ runs:
             console.log('Failed to post review:', error.message);
             console.log('Error details:', error);
           }
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
 
     - name: Upload Review Artifacts
       if: env.SKIP_REVIEW != 'true' && always()
@@ -372,4 +439,4 @@ runs:
           inline_review_prompt.txt
           pr_diff.txt
           pr_diff_annotated.txt
-        retention-days: 7
+        retention-days: 7