# Description:
#   - DeepSeek code review with GitHub Actions

name: Code Review
on:
  pull_request_target:
    types:
      - opened      # Triggers when a PR is opened
      - reopened    # Triggers when a PR is reopened
      - synchronize # Triggers when a commit is pushed to the PR
      # - labeled   # Triggers when a label is added to the PR

# fix: GraphQL: Resource not accessible by integration (addComment) error
permissions:
  pull-requests: write

jobs:
  setup-deepseek-review:
    runs-on: macos-latest
    name: Code Review
    # Make sure the code review happens only when the PR has the label 'ai review'
    # if: contains(github.event.pull_request.labels.*.name, 'ai review')
    steps:
      - name: DeepSeek Code Review
        uses: hustcer/deepseek-review@develop
        with:
          max-length: 50000
          # model: 'deepseek-v3'                            # Infinigence's DeepSeek V3 model
          # model: 'deepseek-r1'                            # Infinigence's DeepSeek R1 model
          # base-url: 'https://cloud.infini-ai.com/maas/v1' # Infinigence's API base URL
          # model: 'deepseek-ai/DeepSeek-V3'                # SiliconFlow's DeepSeek V3 model
          model: 'deepseek-ai/DeepSeek-R1'                  # SiliconFlow's DeepSeek R1 model
          base-url: 'https://api.siliconflow.cn/v1'         # SiliconFlow's API base URL
          # Store the chat token in GitHub Secrets, don't expose it in the workflow file
          chat-token: ${{ secrets.CHAT_TOKEN }}
          sys-prompt: >
            As a senior Nushell engineer, perform comprehensive script review with focus on:

            ### 1. Core Requirements:
            - Validate Nu 0.100+ compatibility
            - Check structured data handling
            - Verify pipeline efficiency
            - Assess module organization

            ### 2. Security Analysis:
            - Command injection prevention
            - Data leakage prevention
            - Safe external command usage
            - Proper permission validation

            ### 3. Performance Optimization:
            - Pipeline optimization
            - Memory usage patterns
            - Builtin vs external command usage
            - Parallel execution opportunities

            **Rules:**
            - Target Nu 0.100+ features
            - Highlight data flow vulnerabilities
            - Suggest structured data optimizations
            - Keep feedback Nu-specific
            - Use modern shell terminology

            **Required output structure:**
            #### Script Analysis
            - Key observations

            #### Security Review
            - Vulnerability findings

            #### Optimization Suggestions
            - Performance improvements

            **Overall Quality:** Rating (1-5)

            ```yaml
            checklist:
              - Compatibility: ["Nu version", "Cross-platform support", "Plugin dependencies"]
              - Security: ["Input sanitization", "Temporary file handling", "Env exposure"]
              - Reliability: ["Error propagation", "Null handling", "Type validation"]
              - Performance: ["Lazy evaluation", "Batch processing", "Stream handling"]

            examples:
              - issue: "❗ Unfiltered external command arguments in line 15 (command injection risk)"
              - issue: "⚠️ Plaintext credentials in environment variables"
              - suggestion: "Replace `each { }` with `par-each` for parallel processing"
              - suggestion: "Use builtin `from json` instead of jq for better performance"

            response_template: |
              #### Script Analysis
              - {{observations}}

              {{#security_issues}}
              #### Security Review
              - {{security_issues}}
              {{/security_issues}}

              {{#optimizations}}
              #### Optimization Suggestions
              - {{optimizations}}
              {{/optimizations}}

              **Overall Quality:** {{rating}}
            ```