github-actions[bot] commented on code in PR #62369:
URL: https://github.com/apache/doris/pull/62369#discussion_r3065889855
##########
.asf.yaml:
##########
@@ -62,7 +62,7 @@ github:
- Build Third Party Libraries (macOS)
- Build Third Party Libraries (macOS-arm64)
- COMPILE (DORIS_COMPILE)
- - Need_2_Approval
+ - code-review
Review Comment:
This replacement removes the old `Need_2_Approval` gate entirely. Branch
protection here still keeps `required_approving_review_count: 1`, so after this
change a single human approval plus a passing `code-review` status is enough to
merge. Previously `pr-approve-status.yml` called
`tools/maintainers/check_review.py`, which enforced two approvals, so this is a
real policy regression rather than a pure workflow refactor. Please keep an
equivalent second-approval gate (or raise branch protection to 2) before
deleting the old required check.
##########
.github/workflows/opencode-review-runner.yml:
##########
@@ -0,0 +1,199 @@
+name: Code Review Runner
+
+on:
+ workflow_call:
+ inputs:
+ pr_number:
+ required: true
+ type: string
+ head_sha:
+ required: true
+ type: string
+ base_sha:
+ required: true
+ type: string
+
+permissions:
+ pull-requests: write
+ contents: read
+ issues: write
+
+jobs:
+ code-review:
+ runs-on: ubuntu-latest
+ timeout-minutes: 60
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ inputs.head_sha }}
+
+ - name: Install ripgrep
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y ripgrep
+
+ - name: Install OpenCode
+ run: |
+ for attempt in 1 2 3; do
+ if curl -fsSL https://opencode.ai/install | bash; then
+ echo "$HOME/.opencode/bin" >> $GITHUB_PATH
+ exit 0
+ fi
+ echo "Install attempt $attempt failed, retrying in 10s..."
+ sleep 10
+ done
+ echo "All install attempts failed"
+ exit 1
+
+ - name: Configure OpenCode auth
+ run: |
+ mkdir -p ~/.local/share/opencode
+ cat > ~/.local/share/opencode/auth.json <<EOF
+ {
+ "github-copilot": {
+ "type": "oauth",
+ "refresh": "${CODE_REVIEW_ZCLLL_COPILOT_OPENCODE_KEY}",
+ "access": "${CODE_REVIEW_ZCLLL_COPILOT_OPENCODE_KEY}",
+ "expires": 0
+ }
+ }
+ EOF
+ env:
+ CODE_REVIEW_ZCLLL_COPILOT_OPENCODE_KEY: ${{
secrets.CODE_REVIEW_ZCLLL_COPILOT_OPENCODE_KEY }}
+
+ - name: Configure OpenCode permission
+ run: |
+ echo '{"permission":"allow"}' > opencode.json
+
+ - name: Prepare review prompt
+ run: |
+ cat > /tmp/review_prompt.txt <<'PROMPT'
+ You are performing an automated code review inside a GitHub Actions
runner. The gh CLI is available and authenticated via GH_TOKEN. You can comment
on the pull request.
+
+ Context:
+ - Repository: PLACEHOLDER_REPO
+ - PR number: PLACEHOLDER_PR_NUMBER
+ - PR Head SHA: PLACEHOLDER_HEAD_SHA
+ - PR Base SHA: PLACEHOLDER_BASE_SHA
+
+ Before reviewing any code, you MUST read and follow the code review
skill in this repository. During review, you must strictly follow those
instructions.
+ In addition, you can perform any desired review operations to
observe suspicious code and details in order to identify issues as much as
possible.
+
+ ## Final response format
+ - After completing the review, you MUST provide a final summary
opinion based on the rules defined in AGENTS.md and the code-review skill. The
summary must include conclusions for each applicable critical checkpoint.
+ - If the overall quality of PR is good and there are no critical
blocking issues (even if there are some tolerable minor issues), submit an
opinion on approval using: gh pr review PLACEHOLDER_PR_NUMBER --approve --body
"<summary>"
Review Comment:
`code-review` can only turn green when the repo sees an
`APPROVED`/`CHANGES_REQUESTED` review from `github-actions[bot]`, and this
runner explicitly tells the agent to call `gh pr review --approve` /
`--request-changes`. The problem is that the repo does not currently allow
Actions to create/approve PR reviews yet; the PR description even says that
setting still needs to be enabled. In that state, `/review` runs cannot create
the review object that `opencode-review.yml` and `refresh-required-check` are
searching for, so the required `code-review` status never has a successful path
and will block merges. This needs an in-repo success path for the required
status, or the old flow must stay in place until the repo setting is enabled.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
