diff --git a/.github/.pr-bot.json b/.github/.pr-bot.json new file mode 100644 index 000000000..8938340f4 --- /dev/null +++ b/.github/.pr-bot.json @@ -0,0 +1,45 @@ +{ + "model": "gpt-4", + "commentMode": "multi", + "language": "en", + "filesToIgnore": [ + "**/*.md", + "**/*.yml", + "**/*.json", + "**/__pycache__/**", + "**/*.lock" + ], + "rules": [ + { + "name": "No TODOs in code", + "description": "Prevent merging PRs with TODO comments left in code.", + "pattern": "TODO", + "failOnMatch": true + }, + { + "name": "Avoid console/debug prints", + "description": "Remove print/debug/log statements before committing.", + "pattern": "console\\.log|print\\(|debugger;", + "failOnMatch": true + }, + { + "name": "Require tests for Python changes", + "description": "Changes to backend Python code should include tests.", + "pathPattern": "backend/**/*.py", + "requireMatchingTest": true + }, + { + "name": "Require tests for React components", + "description": "Ensure that React component changes include test coverage.", + "pathPattern": "frontend/src/components/**/*.tsx?", + "requireMatchingTest": true + }, + { + "name": "Avoid hardcoded secrets or keys", + "description": "Scan for obvious secret patterns in code.", + "pattern": "(api[_-]?key|secret|password)\\s*[:=]\\s*[\"'].*[\"']", + "failOnMatch": true + } + ] + } + \ No newline at end of file diff --git a/.github/workflows/auto-pr-review.yml b/.github/workflows/auto-pr-review.yml new file mode 100644 index 000000000..50756f9db --- /dev/null +++ b/.github/workflows/auto-pr-review.yml @@ -0,0 +1,35 @@ +name: Auto PR Review + +on: [pull_request] + +jobs: + test: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + - uses: omio-labs/pr-reviewer-bot@v1 + with: + GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }} + + + +# on: +# pull_request: +# types: [opened, edited, synchronize] + +# jobs: +# review: +# runs-on: ubuntu-latest + +# steps: +# - name: Checkout PR code +# uses: actions/checkout@v3 + +# - name: Run Auto PR Review +# uses: tianhaoz95/auto-pr-review@v0.0.9 +# with: +# github-token: ${{ secrets.GIT_TOKEN }} + # I need to create new token for this repo and add it to secrets, cannot use the default GITHUB_TOKEN. + # because this token does not have permission to post reviews for PRs diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index 5dcd094e3..6a4d6d8a1 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -76,8 +76,8 @@ jobs: file: ./src/WebApp.Dockerfile push: ${{ github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo' || github.ref_name == 'dependabotchanges' }} tags: | - ${{ steps.registry.outputs.int_registry }}/webapp:${{ steps.determine_tag.outputs.tagname }} - ${{ steps.registry.outputs.int_registry }}/webapp:${{ steps.determine_tag.outputs.tagname }}_${{ steps.date.outputs.date }}_${{ github.run_number }} + ${{ steps.registry.outputs.int_registry }} webapp:${{ steps.determine_tag.outputs.tagname }} + ${{ steps.registry.outputs.int_registry }} webapp:${{ steps.determine_tag.outputs.tagname }}_${{ steps.date.outputs.date }}_${{ github.run_number }} - name: Build Docker Image and optionally push - External Registry if: ${{ github.ref_name == 'main' }} @@ -87,6 +87,6 @@ jobs: file: ./src/WebApp.Dockerfile push: ${{github.ref_name == 'main' }} tags: | - ${{ steps.registry.outputs.ext_registry }}/webapp:${{ steps.determine_tag.outputs.tagname }} - ${{ steps.registry.outputs.ext_registry }}/webapp:${{ steps.determine_tag.outputs.tagname }}_${{ steps.date.outputs.date }}_${{ github.run_number }} + ${{ steps.registry.outputs.ext_registry }} webapp:${{ steps.determine_tag.outputs.tagname }} + ${{ steps.registry.outputs.ext_registry }} webapp:${{ steps.determine_tag.outputs.tagname }}_${{ steps.date.outputs.date }}_${{ github.run_number }}