-
Notifications
You must be signed in to change notification settings - Fork 1
Refactor Devin PR Code Review workflow #52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -1,34 +1,43 @@ | ||||||||||||||
| name: Devin PR Code Review | ||||||||||||||
|
|
||||||||||||||
| on: | ||||||||||||||
| pull_request: | ||||||||||||||
| types: [opened, synchronize, reopened] | ||||||||||||||
|
|
||||||||||||||
| jobs: | ||||||||||||||
| devin-review: | ||||||||||||||
| name: Run Devin Code Review | ||||||||||||||
| runs-on: ubuntu-latest | ||||||||||||||
| permissions: | ||||||||||||||
| contents: read | ||||||||||||||
| pull-requests: write | ||||||||||||||
|
|
||||||||||||||
| steps: | ||||||||||||||
| - name: Checkout Code | ||||||||||||||
| uses: actions/checkout@v4 | ||||||||||||||
| with: | ||||||||||||||
| fetch-depth: 0 | ||||||||||||||
|
|
||||||||||||||
| - name: Request Devin Review Agent | ||||||||||||||
| - name: Request Devin Review | ||||||||||||||
| env: | ||||||||||||||
| DEVIN_API_KEY: ${{ secrets.DEVIN_API_KEY }} | ||||||||||||||
| run: | | ||||||||||||||
| curl -X POST "https://devin.ai" \ | ||||||||||||||
| -H "Authorization: Bearer ${{ secrets.DEVIN_API_KEY }}" \ | ||||||||||||||
| RESPONSE=$(curl -s -w "\n%{http_code}" -X POST "https://api.devin.ai/v1/sessions" \ | ||||||||||||||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Edge case: No If the Devin API is slow or unresponsive, this
Suggested change
|
||||||||||||||
| -H "Authorization: Bearer $DEVIN_API_KEY" \ | ||||||||||||||
| -H "Content-Type: application/json" \ | ||||||||||||||
| -d '{ | ||||||||||||||
| "prompt": "View the diffs for PR #${{ github.event.pull_request.number }} in the repository ${{ github.repository }}. Identify logical bugs, code convention violations, or potential edge-case failures. Post your feedback as inline comments or a summarized review on this GitHub Pull Request.", | ||||||||||||||
| "scan_repository": true, | ||||||||||||||
| "env": { | ||||||||||||||
| "GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}", | ||||||||||||||
| "PR_NUMBER": "${{ github.event.pull_request.number }}", | ||||||||||||||
| "REPO": "${{ github.repository }}" | ||||||||||||||
| } | ||||||||||||||
| }' | ||||||||||||||
| "prompt": "Review PR #${{ github.event.pull_request.number }} in ${{ github.repository }}. Look at the diffs, identify logical bugs, code convention violations, and potential edge-case failures. Post your feedback as inline review comments on the PR.", | ||||||||||||||
| "idempotent": true | ||||||||||||||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Edge case: This workflow triggers on If the intent is to prevent duplicate reviews, you need to provide a deterministic idempotency key, e.g.:
Suggested change
|
||||||||||||||
| }') | ||||||||||||||
|
|
||||||||||||||
| HTTP_CODE=$(echo "$RESPONSE" | tail -1) | ||||||||||||||
| BODY=$(echo "$RESPONSE" | sed '$d') | ||||||||||||||
|
|
||||||||||||||
| echo "Status: $HTTP_CODE" | ||||||||||||||
| echo "Status: $HTTP_CODE" | ||||||||||||||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Bug: Duplicate This line is a duplicate of line 33. The second commit (
Suggested change
|
||||||||||||||
|
|
||||||||||||||
|
|
||||||||||||||
| if [ "$HTTP_CODE" -ne 200 ] && [ "$HTTP_CODE" -ne 201 ]; then | ||||||||||||||
| echo "::error::Devin API returned $HTTP_CODE" | ||||||||||||||
| exit 1 | ||||||||||||||
| fi | ||||||||||||||
|
|
||||||||||||||
| SESSION_ID=$(echo "$BODY" | jq -r '.session_id // .id // empty') | ||||||||||||||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Bug: No validation that If the API returns a JSON structure without
Suggested change
|
||||||||||||||
| echo "Session ID: $SESSION_ID" | ||||||||||||||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Security: Session ID leaked to CI logs The original If you need the session ID for a downstream step, use
Suggested change
|
||||||||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Waste:
checkoutstep is unnecessaryThe only action in this workflow is a
curlcall to the Devin API. The checked-out code is never read, built, or tested. Moreover,fetch-depth: 0fetches the entire git history, which is the most expensive checkout option. This adds unnecessary latency to every PR event.Remove this step entirely, or if you anticipate needing the repo content in a future step, at minimum change
fetch-depth: 0tofetch-depth: 1.