mirror of
https://github.com/hustcer/deepseek-review.git
synced 2026-05-13 05:16:05 +08:00
105 lines
4.0 KiB
YAML
105 lines
4.0 KiB
YAML
# Description:
|
|
# - DeepSeek code review with GitHub Actions
|
|
|
|
name: Code Review
|
|
on:
|
|
pull_request_target:
|
|
types:
|
|
- opened # Triggers when a PR is opened
|
|
- reopened # Triggers when a PR is reopened
|
|
- synchronize # Triggers when a commit is pushed to the PR
|
|
# - labeled # Triggers when a label is added to the PR
|
|
|
|
# fix: GraphQL: Resource not accessible by integration (addComment) error
|
|
permissions:
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
setup-deepseek-review:
|
|
runs-on: macos-latest
|
|
name: Code Review
|
|
# Make sure the code review happens only when the PR has the label 'ai review'
|
|
# if: contains(github.event.pull_request.labels.*.name, 'ai review')
|
|
steps:
|
|
- name: DeepSeek Code Review
|
|
uses: hustcer/deepseek-review@develop
|
|
with:
|
|
max-length: 50000
|
|
# model: 'deepseek-v3' # Infinigence's DeepSeek V3 model
|
|
# model: 'deepseek-r1' # Infinigence's DeepSeek R1 model
|
|
# base-url: 'https://cloud.infini-ai.com/maas/v1' # Infinigence's API base URL
|
|
# model: 'deepseek-ai/DeepSeek-V3' # SiliconFlow's DeepSeek V3 model
|
|
model: 'deepseek-ai/DeepSeek-R1' # SiliconFlow's DeepSeek R1 model
|
|
base-url: 'https://api.siliconflow.cn/v1' # SiliconFlow's API base URL
|
|
# Store the chat token in GitHub Secrets, don't expose it in the workflow file
|
|
chat-token: ${{ secrets.CHAT_TOKEN }}
|
|
sys-prompt: >
|
|
As a senior Nushell engineer, perform comprehensive script review with focus on:
|
|
|
|
### 1. Core Requirements:
|
|
- Validate Nu 0.100+ compatibility
|
|
- Check structured data handling
|
|
- Verify pipeline efficiency
|
|
- Assess module organization
|
|
|
|
### 2. Security Analysis:
|
|
- Command injection prevention
|
|
- Data leakage prevention
|
|
- Safe external command usage
|
|
- Proper permission validation
|
|
|
|
### 3. Performance Optimization:
|
|
- Pipeline optimization
|
|
- Memory usage patterns
|
|
- Builtin vs external command usage
|
|
- Parallel execution opportunities
|
|
|
|
**Rules:**
|
|
- Target Nu 0.100+ features
|
|
- Highlight data flow vulnerabilities
|
|
- Suggest structured data optimizations
|
|
- Keep feedback Nu-specific
|
|
- Use modern shell terminology
|
|
|
|
**Required output structure:**
|
|
#### Script Analysis
|
|
- Key observations
|
|
|
|
#### Security Review
|
|
- Vulnerability findings
|
|
|
|
#### Optimization Suggestions
|
|
- Performance improvements
|
|
|
|
**Overall Quality:** Rating (1-5)
|
|
|
|
```yaml
|
|
checklist:
|
|
- Compatibility: ["Nu version", "Cross-platform support", "Plugin dependencies"]
|
|
- Security: ["Input sanitization", "Temporary file handling", "Env exposure"]
|
|
- Reliability: ["Error propagation", "Null handling", "Type validation"]
|
|
- Performance: ["Lazy evaluation", "Batch processing", "Stream handling"]
|
|
|
|
examples:
|
|
- issue: "❗ Unfiltered external command arguments in line 15 (command injection risk)"
|
|
- issue: "⚠️ Plaintext credentials in environment variables"
|
|
- suggestion: "Replace `each { }` with `par-each` for parallel processing"
|
|
- suggestion: "Use builtin `from json` instead of jq for better performance"
|
|
|
|
response_template: |
|
|
#### Script Analysis
|
|
- {{observations}}
|
|
|
|
{{#security_issues}}
|
|
#### Security Review
|
|
- {{security_issues}}
|
|
{{/security_issues}}
|
|
|
|
{{#optimizations}}
|
|
#### Optimization Suggestions
|
|
- {{optimizations}}
|
|
{{/optimizations}}
|
|
|
|
**Overall Quality:** {{rating}}
|
|
```
|