Skip to content

ci: add PR-Agent review + Qodo merge + upstream issues watch#46

Closed
bong-water-water-bong wants to merge 2 commits into
lemonade-sdk:mainfrom
bong-water-water-bong:ci-workflows
Closed

ci: add PR-Agent review + Qodo merge + upstream issues watch#46
bong-water-water-bong wants to merge 2 commits into
lemonade-sdk:mainfrom
bong-water-water-bong:ci-workflows

Conversation

@bong-water-water-bong

Copy link
Copy Markdown
Contributor

Summary

Three CI workflow files — clean, no other changes:

File Purpose
`.github/workflows/pr-agent-review.yml` Automated PR review via the-pr-agent/pr-agent (DeepSeek)
`.github/workflows/qodo-merge.yml` Automated PR review via qodo-ai/qodo-merge (free tier)
`.github/workflows/upstream-issues-watch.yml` Daily check for new upstream issues tagged `help wanted`

Two independent PR review passes on every PR.

Secrets required (set in repo):

  • `DEEPSEEK_API_KEY` — for PR-Agent
  • `QODO_API_KEY` — for Qodo merge

cc: @bitgamma @Geramy @jeremyfowers @kenvandine @sofiageo @superm1

@bong-water-water-bong

Copy link
Copy Markdown
Contributor Author

cc: @bitgamma @Geramy @jeremyfowers @kenvandine @sofiageo @superm1 — clean PR with just the 3 workflow files. Once merged, every PR gets automated reviews from both PR-Agent (DeepSeek) and Qodo. Secrets `DEEPSEEK_API_KEY` and `QODO_API_KEY` need to be set in the repo settings.

@bong-water-water-bong

Copy link
Copy Markdown
Contributor Author

Closing — not proceeding with this repo.

@bong-water-water-bong bong-water-water-bong deleted the ci-workflows branch June 27, 2026 13:47

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 27ef67b9e5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

pr_agent_job:
name: PR-Agent (DeepSeek)
runs-on: ubuntu-latest
if: ${{ github.event.sender.type != 'Bot' && secrets.DEEPSEEK_API_KEY != '' }}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Move the secret check out of the job condition

GitHub Actions does not make the secrets context available in jobs.<job_id>.if conditions, so when a PR or comment triggers this workflow GitHub cannot evaluate this expression and the PR-Agent review job never reaches the action step. Gate the step using an environment value or handle the missing secret inside the job instead.

Useful? React with 👍 / 👎.


jobs:
qodo-merge:
if: ${{ secrets.QODO_API_KEY != "" }}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Move the secret check out of the job condition

GitHub Actions does not allow referencing the secrets context directly from a job-level if, so this workflow cannot evaluate the condition before starting the Qodo review job. As written, the new Qodo review pass will not run successfully on PR events even when the secret is configured.

Useful? React with 👍 / 👎.


- name: Commit updated issue list
run: |
if git diff --quiet UPSTREAM_ISSUES.md; then

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Include the untracked cache in the change check

UPSTREAM_ISSUES.md is not tracked in the current tree, and git diff --quiet UPSTREAM_ISSUES.md ignores a newly created untracked file. On the first scheduled or manual run the fetch step creates the cache, this condition exits 0, and the job exits before git add, so the cache is never committed and later runs keep starting from scratch.

Useful? React with 👍 / 👎.

contents: read
steps:
- name: Qodo Merge Review
uses: qodo-ai/qodo-merge@main

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Point Qodo review at a published action

When this job reaches the review step, GitHub resolves uses: qodo-ai/qodo-merge@main as an action repository, but Qodo does not publish a GitHub Action at that path. The runner will fail while downloading action metadata before any review can run, so this needs to use the supported Qodo GitHub integration or the correct action repository.

Useful? React with 👍 / 👎.

if: ${{ github.event.sender.type != 'Bot' && secrets.DEEPSEEK_API_KEY != '' }}
steps:
- name: PR Agent review
uses: the-pr-agent/pr-agent@main

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Pin PR-Agent to a reviewed release

This workflow runs a third-party action from the moving main branch while handing it DEEPSEEK_API_KEY and a write-capable GitHub token. Any upstream branch update will execute in this repository without review and can either break all PR reviews or expose those credentials, so pin it to a trusted release or commit instead of main.

Useful? React with 👍 / 👎.

echo "Last checked: ${NOW}" >> "${CACHE}.new"
echo "" >> "${CACHE}.new"

curl -s "https://api.github.com/repos/${UPSTREAM}/issues?state=open&per_page=50&sort=created&direction=desc" \

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Filter the upstream query to help wanted issues

The PR describes this watcher as tracking upstream issues tagged help wanted, but this request fetches every open upstream issue because it never passes a labels=help%20wanted filter to the GitHub Issues API. On repositories with unrelated open issues, the generated cache and new-issue log will be dominated by issues this workflow was not meant to watch.

Useful? React with 👍 / 👎.

env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DEEPSEEK_API_KEY: ${{ secrets.DEEPSEEK_API_KEY }}
config.model: "deepseek/deepseek-chat"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Choose a supported DeepSeek model before the alias retires

DeepSeek currently marks deepseek-chat for deprecation on July 24, 2026, so this newly added review workflow is set up with a model name that is scheduled to stop being supported shortly after merge. When that alias is retired, PR-Agent review runs using this configuration will start failing even though the API key and action setup are otherwise valid.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant