Merge remote-tracking branch 'origin/main' into feature/cloud-agnostic
This commit is contained in:
@@ -819,6 +819,8 @@ postgresql:
|
||||
|
||||
**Email Notifications**: Enabled (`ENABLE_NOTIFY_MAIL: true`). SMTP credentials injected via `gitea-smtp-secret` using `additionalConfigFromEnvs` with `GITEA__mailer__USER` / `GITEA__mailer__PASSWD` environment variables.
|
||||
|
||||
**Auto-Watch**: Disabled (`AUTO_WATCH_ON_CHANGES: false`, `AUTO_WATCH_NEW_REPOS: false`). Prevents contributors from being auto-subscribed to repo notifications on push, reducing email noise from CI bots (e.g., ai-review PR comments). Users who were already watching before this change need to manually unwatch or switch to "Only participating".
|
||||
|
||||
**Endpoints**:
|
||||
- Web UI: `https://git.forteapps.net`
|
||||
- SSH: port 22 (ClusterIP)
|
||||
@@ -876,6 +878,84 @@ dind:
|
||||
- Gitea admin panel (`/admin/runners`) — runners show as Online
|
||||
- Create test workflow in `.gitea/workflows/test.yml` — job executes
|
||||
|
||||
### AI Code Review (ai-review)
|
||||
|
||||
**Type**: Gitea Actions workflow (`.gitea/workflows/ai-review.yaml`)
|
||||
**Trigger**: `pull_request` events (`opened`, `synchronize`)
|
||||
**Runner**: `ubuntu-latest` (container: `nikitafilonov/ai-review:latest`)
|
||||
|
||||
**Purpose**: Automated AI-powered code review on pull requests using Claude (Anthropic). Posts inline comments on changed lines and a PR summary comment highlighting infrastructure impact.
|
||||
|
||||
**Architecture**:
|
||||
- Uses [xai-review](https://github.com/nicktechnologies/xai-review) Docker image
|
||||
- Shared configuration and prompts live in the `shared-prompts` Git submodule (→ `Forte/ai-review-prompts`)
|
||||
- Review mode: `ONLY_ADDED_WITH_CONTEXT` — reviews only new/changed lines plus surrounding context (token-efficient)
|
||||
- Agent mode: disabled (one-shot review, no multi-turn reasoning)
|
||||
- LLM: Claude Sonnet (`claude-sonnet-4-20250514`)
|
||||
|
||||
**Shared Prompts Structure** (submodule: `Forte/ai-review-prompts`):
|
||||
```
|
||||
shared-prompts/
|
||||
base/
|
||||
security.md # org-wide security rules (all profiles)
|
||||
iac/
|
||||
.ai-review.yaml # IaC/GitOps profile config
|
||||
inline.md # inline review prompt
|
||||
summary.md # PR summary prompt
|
||||
# future profiles: backend/, frontend/, etc.
|
||||
```
|
||||
|
||||
**Configuration** (`shared-prompts/iac/.ai-review.yaml`):
|
||||
```yaml
|
||||
llm:
|
||||
provider: CLAUDE
|
||||
model: claude-sonnet-4-20250514
|
||||
vcs:
|
||||
provider: GITEA
|
||||
review:
|
||||
mode: ONLY_ADDED_WITH_CONTEXT
|
||||
agent:
|
||||
enabled: false
|
||||
prompt:
|
||||
inline_prompt_files: # concatenated in order
|
||||
- ./shared-prompts/base/security.md
|
||||
- ./shared-prompts/iac/inline.md
|
||||
summary_prompt_files:
|
||||
- ./shared-prompts/iac/summary.md
|
||||
ignore:
|
||||
- "*.sealed.yaml"
|
||||
- "*.lock"
|
||||
- "docs/**"
|
||||
```
|
||||
|
||||
**Custom Prompts** (IaC profile):
|
||||
- `shared-prompts/base/security.md` — org-wide security rules, concatenated before every inline review prompt
|
||||
- `shared-prompts/iac/inline.md` — IaC-specific inline review (YAML, Helm, K8s manifests, shell scripts), max 7 comments
|
||||
- `shared-prompts/iac/summary.md` — PR summary: affected services/namespaces, infrastructure impact, security flags
|
||||
|
||||
**Prompt composition**: ai-review does not support Jinja includes. Instead, list multiple files under `inline_prompt_files` / `summary_prompt_files` — they are concatenated in order with double newlines.
|
||||
|
||||
**Adding a new profile**: Create a new directory (e.g., `backend/`) with its own `.ai-review.yaml`, `inline.md`, and `summary.md`. The `inline_prompt_files` list should include `base/security.md` first, then the profile-specific prompt. Reference it in the consuming repo's workflow: `AI_REVIEW_CONFIG_FILE_YAML=./shared-prompts/backend/.ai-review.yaml`
|
||||
|
||||
**Required Secrets** (configure in Gitea repo or org settings):
|
||||
|
||||
| Secret | Purpose |
|
||||
|--------|---------|
|
||||
| `ANTHROPIC_API_KEY` | Claude API key (from Anthropic console) |
|
||||
| `AI_REVIEW_TOKEN` | Gitea API token with `write:repository` + `read:repository` scopes (use a bot/service account) |
|
||||
|
||||
**Setup Steps**:
|
||||
1. Create a Gitea bot/service account and generate an API token with `write:repository` + `read:repository` scopes
|
||||
2. Add `AI_REVIEW_TOKEN` secret in Gitea repo settings → Actions → Secrets
|
||||
3. Add `ANTHROPIC_API_KEY` secret with your Anthropic API key
|
||||
4. Ensure the `shared-prompts` submodule is initialized (`git submodule update --init`)
|
||||
5. Push the workflow file — it triggers automatically on PR creation/update
|
||||
|
||||
**Verification**:
|
||||
- Open a PR with infrastructure changes → workflow runs → inline comments + summary appear
|
||||
- Check Gitea Actions tab for workflow run status and logs
|
||||
- Monitor Anthropic usage dashboard for token consumption
|
||||
|
||||
### Keycloak Client Registrar
|
||||
|
||||
**Type**: CronJob (deployed via Keycloak Helm chart `extraDeploy`)
|
||||
|
||||
Reference in New Issue
Block a user