feat: ACNA-4515 add pr-reviewer workflow#38
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
🤖 PR Reviewer
The workflow is well-structured with clear separation between gate-checking and the actual review job. The permission model and comment-triggering logic are sound, but there are a few security and reliability concerns worth addressing.
📝 4 suggestion(s) - Please review inline comments below.
💡 How to re-trigger
Comment /review or /pr-reviewer on this PR
| # Intentionally require admin or maintain; write collaborators are excluded to | ||
| # limit who can trigger potentially expensive/sensitive review automation. | ||
| if [ "$PERM" = "admin" ] || [ "$PERM" = "maintain" ]; then | ||
| DATA=$(gh api repos/$GITHUB_REPOSITORY/pulls/$ISSUE_NUMBER) |
There was a problem hiding this comment.
ISSUE_NUMBER comes from an environment variable sourced from github.event.issue.number. While GitHub typically provides an integer here, it's safer to validate or quote it explicitly to avoid path traversal or injection in the API call.
| DATA=$(gh api repos/$GITHUB_REPOSITORY/pulls/$ISSUE_NUMBER) | |
| DATA=$(gh api "repos/$GITHUB_REPOSITORY/pulls/$ISSUE_NUMBER") |
chsrimanaswi
dismissed
github-actions[bot]’s stale review
Proposed changes not required
shazron
left a comment
shazron
left a comment
There was a problem hiding this comment.
Update the required checks in Settings -> Branches. Remove the node 18 checks, add the 22, 24 checks.
2 participants
Description
Adds an AI-powered PR reviewer workflow that automatically reviews pull requests using Claude via AWS Bedrock. Triggers on PR open/reopen/synchronize and on
/reviewor/pr-reviewercomments by admins or maintainers.Related Issue
ACNA-4515
Motivation and Context
Reduces code review toil by providing automated first-pass reviews with inline suggestions. Part of a broader rollout across App Builder repos.
How Has This Been Tested?
Tested end-to-end in
adobe/generator-aio-app— workflow triggers correctly on PR events and/reviewcomments, posts inline suggestions and summary reviews viagithub-actions[bot].Screenshots (if appropriate):
N/A
Types of changes
Checklist: