name: CodeAnt AI Review - Stage 1 on: pull_request: branches: ["main"] push: branches: ["main"] workflow_dispatch: jobs: codeant-review: runs-on: ubuntu-latest steps: - name: Checkout Code uses: actions/checkout@v3 with: fetch-depth: 0 - name: Setup Node.js uses: actions/setup-node@v3 with: node-version: "22" - name: Install CodeAnt CLI run: npm install -g codeant-cli - name: Configure CodeAnt Auth env: CODEANT_API_TOKEN: ${{ secrets.CODEANT_API_TOKEN }} run: | if [ -z "${CODEANT_API_TOKEN}" ]; then echo "ERROR: CODEANT_API_TOKEN secret is not set in repository settings." echo "Go to: Settings → Secrets → Add Secret → Name: CODEANT_API_TOKEN" exit 1 fi mkdir -p $HOME/.codeant printf '{"apiKey":"%s","baseUrl":"https://service.codeant.ai"}\n' "$CODEANT_API_TOKEN" > $HOME/.codeant/config.json echo "Config written (key length: ${#CODEANT_API_TOKEN})" - name: Verify CodeAnt connectivity run: | echo "Base URL: $(codeant get-base-url)" echo "CLI version: $(codeant --version)" echo "=== API connectivity test ===" HTTP_CODE=$(curl -sS -D /tmp/api_headers.txt -o /tmp/api_response.txt -w "%{http_code}" \ -H "Authorization: Bearer ${CODEANT_API_KEY:-}" \ -H "Content-Type: application/json" \ https://service.codeant.ai/health 2>/dev/null || echo "CURL_FAILED") echo "HTTP status: $HTTP_CODE" echo "--- Response headers (first 20 lines) ---" sed -n '1,20p' /tmp/api_headers.txt || true echo "--- Response body (first 200 chars) ---" head -c 200 /tmp/api_response.txt || true echo if [ "$HTTP_CODE" = "200" ]; then echo "Connectivity OK and endpoint accepted request." elif [ "$HTTP_CODE" = "401" ]; then echo "Connectivity OK (service reachable), but endpoint returned 401 Unauthorized." echo "This usually means token/auth format for this endpoint is not accepted." elif [ "$HTTP_CODE" = "CURL_FAILED" ]; then echo "Connectivity FAILED (curl could not reach service.codeant.ai)." exit 1 else echo "Connectivity reached service but got unexpected status: $HTTP_CODE" fi env: CODEANT_API_KEY: ${{ secrets.CODEANT_API_TOKEN }} - name: Debug Commit Info run: | echo "==== EVENT CONTEXT ====" echo "event_name=${GITHUB_EVENT_NAME}" echo "base_ref=${GITHUB_BASE_REF}" echo "ref_name=${GITHUB_REF_NAME}" echo "==== LAST 3 COMMITS ====" git log --oneline -n 3 echo "==== FILES IN LAST COMMIT ====" git show --name-only --pretty="" HEAD echo "==== IS MERGE COMMIT ====" PARENTS=$(git log -1 --format="%P" HEAD | wc -w) echo "Parent count: $PARENTS" if [ "$PARENTS" -gt 1 ]; then echo "HEAD is a merge commit" git log --oneline HEAD~1..HEAD --first-parent || true fi - name: Run CodeAnt Review run: | REVIEW_EXCLUDES=".gitea/workflows/codeant.yml" if [ "${GITHUB_EVENT_NAME}" = "pull_request" ] && [ -n "${GITHUB_BASE_REF}" ]; then echo "Running PR review against base branch: ${GITHUB_BASE_REF}" git fetch origin "${GITHUB_BASE_REF}" --depth=1 || true CHANGED_FILES=$(git diff --name-only "origin/${GITHUB_BASE_REF}...HEAD" | grep '^.gitea/workflows/src/' | grep -v '^.gitea/workflows/codeant.yml' || true) if [ -z "${CHANGED_FILES}" ]; then echo "No source files changed in PR scope." | tee review.txt exit 0 fi echo "Files to review:" echo "${CHANGED_FILES}" FAILED=0 : > review.txt while IFS= read -r file; do [ -z "$file" ] && continue echo "--- Reviewing: $file ---" | tee -a review.txt codeant review --base "${GITHUB_BASE_REF}" --include "$file" --exclude "${REVIEW_EXCLUDES}" 2>&1 | tee -a review.txt || true if grep -q "Unexpected token '<'\|HTTP error 403" review.txt; then FAILED=1 echo "Transient API failure detected for $file; continuing to next file." | tee -a review.txt fi # Pace requests to avoid backend throttling on CI runners. sleep 12 done <<< "${CHANGED_FILES}" if [ "$FAILED" -eq 1 ]; then echo "Completed with API instability; some files may be partially reviewed." | tee -a review.txt fi else # For push to main: check if HEAD is a merge commit PARENTS=$(git log -1 --format="%P" HEAD | wc -w) if [ "$PARENTS" -gt 1 ]; then echo "Merge commit detected on push; reviewing files introduced by merge (vs HEAD~1)." CHANGED_FILES=$(git diff --name-only HEAD~1...HEAD | grep '^.gitea/workflows/src/' | grep -v '^.gitea/workflows/codeant.yml' || true) if [ -z "${CHANGED_FILES}" ]; then echo "No source files changed in merge commit scope." | tee review.txt exit 0 fi FAILED=0 : > review.txt while IFS= read -r file; do [ -z "$file" ] && continue echo "--- Reviewing merged file: $file ---" | tee -a review.txt codeant review --base-commit HEAD~1 --include "$file" --exclude "${REVIEW_EXCLUDES}" 2>&1 | tee -a review.txt || true if grep -q "Unexpected token '<'\|HTTP error 403" review.txt; then FAILED=1 echo "Transient API failure detected for $file; continuing to next file." | tee -a review.txt fi sleep 12 done <<< "${CHANGED_FILES}" if [ "$FAILED" -eq 1 ]; then echo "Completed with API instability; some merged files may be partially reviewed." | tee -a review.txt fi else echo "Regular push - reviewing last commit" for attempt in 1 2 3; do echo "Push review attempt $attempt/3" codeant review --last-commit --exclude "${REVIEW_EXCLUDES}" 2>&1 | tee review.txt || true if ! grep -q "Unexpected token '<'" review.txt; then break fi sleep $((attempt * 15)) done fi fi