From 260b45637e4f56a72b3332a626bb0c2c3cc1b147 Mon Sep 17 00:00:00 2001 From: Danijel Simeunovic Date: Mon, 20 Apr 2026 13:02:48 +0200 Subject: [PATCH] AI-review --- .gitea/workflows/ai-review.yaml | 37 ++++++++++++++++ .gitmodules | 3 ++ docs/REFERENCE.md | 78 +++++++++++++++++++++++++++++++++ 3 files changed, 118 insertions(+) create mode 100644 .gitea/workflows/ai-review.yaml create mode 100644 .gitmodules diff --git a/.gitea/workflows/ai-review.yaml b/.gitea/workflows/ai-review.yaml new file mode 100644 index 0000000..2f2b060 --- /dev/null +++ b/.gitea/workflows/ai-review.yaml @@ -0,0 +1,37 @@ +name: AI Code Review + +on: + pull_request: + types: [opened, synchronize] + +jobs: + ai-review: + runs-on: ubuntu-latest + container: + image: nikitafilonov/ai-review:latest + + env: + AI_REVIEW_CONFIG_FILE_YAML: ./shared-prompts/iac/.ai-review.yaml + # VCS configuration + VCS__PROVIDER: GITEA + VCS__PIPELINE__OWNER: ${{ github.repository_owner }} + VCS__PIPELINE__REPO: ${{ github.event.repository.name }} + VCS__PIPELINE__PULL_NUMBER: ${{ github.event.pull_request.number }} + VCS__HTTP_CLIENT__API_URL: https://git.forteapps.net/api/v1 + VCS__HTTP_CLIENT__API_TOKEN: ${{ secrets.AI_REVIEW_TOKEN }} + # LLM configuration + LLM__PROVIDER: CLAUDE + LLM__HTTP_CLIENT__API_TOKEN: ${{ secrets.ANTHROPIC_API_KEY }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + + - name: Run inline review + run: ai-review inline + + - name: Run summary review + run: ai-review summary diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..2e05419 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "shared-prompts"] + path = shared-prompts + url = https://git.forteapps.net/Forte/ai-review-prompts.git diff --git a/docs/REFERENCE.md b/docs/REFERENCE.md index 5ba17aa..598efd1 100644 --- a/docs/REFERENCE.md +++ b/docs/REFERENCE.md @@ -876,6 +876,84 @@ dind: - Gitea admin panel (`/admin/runners`) — runners show as Online - Create test workflow in `.gitea/workflows/test.yml` — job executes +### AI Code Review (ai-review) + +**Type**: Gitea Actions workflow (`.gitea/workflows/ai-review.yaml`) +**Trigger**: `pull_request` events (`opened`, `synchronize`) +**Runner**: `ubuntu-latest` (container: `nikitafilonov/ai-review:latest`) + +**Purpose**: Automated AI-powered code review on pull requests using Claude (Anthropic). Posts inline comments on changed lines and a PR summary comment highlighting infrastructure impact. + +**Architecture**: +- Uses [xai-review](https://github.com/nicktechnologies/xai-review) Docker image +- Shared configuration and prompts live in the `shared-prompts` Git submodule (→ `Forte/ai-review-prompts`) +- Review mode: `ONLY_ADDED_WITH_CONTEXT` — reviews only new/changed lines plus surrounding context (token-efficient) +- Agent mode: disabled (one-shot review, no multi-turn reasoning) +- LLM: Claude Sonnet (`claude-sonnet-4-20250514`) + +**Shared Prompts Structure** (submodule: `Forte/ai-review-prompts`): +``` +shared-prompts/ + base/ + security.md # org-wide security rules (all profiles) + iac/ + .ai-review.yaml # IaC/GitOps profile config + inline.md # inline review prompt + summary.md # PR summary prompt + # future profiles: backend/, frontend/, etc. +``` + +**Configuration** (`shared-prompts/iac/.ai-review.yaml`): +```yaml +llm: + provider: CLAUDE + model: claude-sonnet-4-20250514 +vcs: + provider: GITEA +review: + mode: ONLY_ADDED_WITH_CONTEXT +agent: + enabled: false +prompt: + inline_prompt_files: # concatenated in order + - ./shared-prompts/base/security.md + - ./shared-prompts/iac/inline.md + summary_prompt_files: + - ./shared-prompts/iac/summary.md +ignore: + - "*.sealed.yaml" + - "*.lock" + - "docs/**" +``` + +**Custom Prompts** (IaC profile): +- `shared-prompts/base/security.md` — org-wide security rules, concatenated before every inline review prompt +- `shared-prompts/iac/inline.md` — IaC-specific inline review (YAML, Helm, K8s manifests, shell scripts), max 7 comments +- `shared-prompts/iac/summary.md` — PR summary: affected services/namespaces, infrastructure impact, security flags + +**Prompt composition**: ai-review does not support Jinja includes. Instead, list multiple files under `inline_prompt_files` / `summary_prompt_files` — they are concatenated in order with double newlines. + +**Adding a new profile**: Create a new directory (e.g., `backend/`) with its own `.ai-review.yaml`, `inline.md`, and `summary.md`. The `inline_prompt_files` list should include `base/security.md` first, then the profile-specific prompt. Reference it in the consuming repo's workflow: `AI_REVIEW_CONFIG_FILE_YAML=./shared-prompts/backend/.ai-review.yaml` + +**Required Secrets** (configure in Gitea repo or org settings): + +| Secret | Purpose | +|--------|---------| +| `ANTHROPIC_API_KEY` | Claude API key (from Anthropic console) | +| `AI_REVIEW_TOKEN` | Gitea API token with `write:issue` + `read:repository` scopes (use a bot/service account) | + +**Setup Steps**: +1. Create a Gitea bot/service account and generate an API token with `write:issue` + `read:repository` scopes +2. Add `AI_REVIEW_TOKEN` secret in Gitea repo settings → Actions → Secrets +3. Add `ANTHROPIC_API_KEY` secret with your Anthropic API key +4. Ensure the `shared-prompts` submodule is initialized (`git submodule update --init`) +5. Push the workflow file — it triggers automatically on PR creation/update + +**Verification**: +- Open a PR with infrastructure changes → workflow runs → inline comments + summary appear +- Check Gitea Actions tab for workflow run status and logs +- Monitor Anthropic usage dashboard for token consumption + ### Keycloak Client Registrar **Type**: CronJob (deployed via Keycloak Helm chart `extraDeploy`)