name: CodeAnt AI Review - Stage 1 on: pull_request: branches: ["main"] push: branches: ["main"] workflow_dispatch: jobs: codeant-review: runs-on: ubuntu-latest steps: - name: Checkout Code uses: actions/checkout@v3 with: fetch-depth: 0 - name: Setup Node.js uses: actions/setup-node@v3 with: node-version: "22" - name: Install CodeAnt CLI run: npm install -g codeant-cli - name: Configure CodeAnt Auth env: CODEANT_API_TOKEN: ${{ secrets.CODEANT_API_TOKEN }} run: | if [ -z "${CODEANT_API_TOKEN}" ]; then echo "ERROR: CODEANT_API_TOKEN secret is not set in repository settings." echo "Go to: Settings → Secrets → Add Secret → Name: CODEANT_API_TOKEN" exit 1 fi mkdir -p $HOME/.codeant printf '{"apiKey":"%s","baseUrl":"https://service.codeant.ai"}\n' "$CODEANT_API_TOKEN" > $HOME/.codeant/config.json echo "Config written (key length: ${#CODEANT_API_TOKEN})" - name: Verify CodeAnt connectivity run: | echo "Base URL: $(codeant get-base-url)" echo "CLI version: $(codeant --version)" echo "=== API connectivity test ===" HTTP_CODE=$(curl -sS -D /tmp/api_headers.txt -o /tmp/api_response.txt -w "%{http_code}" \ -H "Authorization: Bearer ${CODEANT_API_KEY:-}" \ -H "Content-Type: application/json" \ https://service.codeant.ai/health 2>/dev/null || echo "CURL_FAILED") echo "HTTP status: $HTTP_CODE" echo "--- Response headers (first 20 lines) ---" sed -n '1,20p' /tmp/api_headers.txt || true echo "--- Response body (first 200 chars) ---" head -c 200 /tmp/api_response.txt || true echo if [ "$HTTP_CODE" = "200" ]; then echo "Connectivity OK and endpoint accepted request." elif [ "$HTTP_CODE" = "401" ]; then echo "Connectivity OK (service reachable), but endpoint returned 401 Unauthorized." echo "This usually means token/auth format for this endpoint is not accepted." elif [ "$HTTP_CODE" = "CURL_FAILED" ]; then echo "Connectivity FAILED (curl could not reach service.codeant.ai)." exit 1 else echo "Connectivity reached service but got unexpected status: $HTTP_CODE" fi env: CODEANT_API_KEY: ${{ secrets.CODEANT_API_TOKEN }} - name: Debug Commit Info run: | echo "==== EVENT CONTEXT ====" echo "event_name=${GITHUB_EVENT_NAME}" echo "base_ref=${GITHUB_BASE_REF}" echo "ref_name=${GITHUB_REF_NAME}" echo "==== LAST 3 COMMITS ====" git log --oneline -n 3 echo "==== FILES IN LAST COMMIT ====" git show --name-only --pretty="" HEAD echo "==== IS MERGE COMMIT ====" PARENTS=$(git log -1 --format="%P" HEAD | wc -w) echo "Parent count: $PARENTS" if [ "$PARENTS" -gt 1 ]; then echo "HEAD is a merge commit" git log --oneline HEAD~1..HEAD --first-parent || true fi - name: Run CodeAnt Review run: | if [ "${GITHUB_EVENT_NAME}" = "pull_request" ] && [ -n "${GITHUB_BASE_REF}" ]; then echo "Running PR review against base branch: ${GITHUB_BASE_REF}" for attempt in 1 2 3; do echo "PR review attempt $attempt/3" codeant review --base "${GITHUB_BASE_REF}" 2>&1 | tee review.txt || true if ! grep -q "Unexpected token '<'" review.txt; then break fi sleep $((attempt * 15)) done else # For push to main: check if HEAD is a merge commit PARENTS=$(git log -1 --format="%P" HEAD | wc -w) if [ "$PARENTS" -gt 1 ]; then # Merge commits often include very large diffs and are already reviewed on pull_request. echo "Merge commit detected on push; skipping review here." echo "PR workflow run is the source of truth for full review." | tee review.txt else echo "Regular push - reviewing last commit" for attempt in 1 2 3; do echo "Push review attempt $attempt/3" codeant review --last-commit 2>&1 | tee review.txt || true if ! grep -q "Unexpected token '<'" review.txt; then break fi sleep $((attempt * 15)) done fi fi