diffscope/.github/workflows/diffscope.yml at main · evalops/diffscope · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: DiffScope Review
on:
  pull_request:
    types: [opened, synchronize, reopened]

permissions:
  contents: read
  pull-requests: write

concurrency:
  group: diffscope-${{ github.event.pull_request.number }}
  cancel-in-progress: true

jobs:
  review:
    runs-on: ubuntu-latest
    if: github.event.pull_request.head.repo.full_name == github.repository && !github.event.pull_request.draft
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Get PR diff
        id: diff
        run: |
          git fetch origin ${{ github.base_ref }} --depth=1
          git diff origin/${{ github.base_ref }}...HEAD > pr.diff

      - name: Check API key
        id: check_key
        run: |
          if [ -z "${{ secrets.OPENAI_API_KEY }}" ]; then
            echo "skip=true" >> "$GITHUB_OUTPUT"
            echo "::notice::DiffScope review skipped — OPENAI_API_KEY secret not configured"
          else
            echo "skip=false" >> "$GITHUB_OUTPUT"
          fi

      - name: Check image available
        id: check_image
        run: |
          docker pull ghcr.io/evalops/diffscope:latest 2>/dev/null && echo "available=true" >> "$GITHUB_OUTPUT" || echo "available=false" >> "$GITHUB_OUTPUT"

      - name: Notice image unavailable
        if: steps.check_image.outputs.available == 'false'
        run: echo "::notice::DiffScope review skipped — image ghcr.io/evalops/diffscope:latest not available (merge to main publishes it)"

      - name: Run DiffScope
        if: steps.check_key.outputs.skip != 'true' && steps.check_image.outputs.available == 'true'
        run: |
          docker run --rm \
            -e OPENAI_API_KEY="${{ secrets.OPENAI_API_KEY }}" \
            -v "$PWD":/workspace -w /workspace \
            ghcr.io/evalops/diffscope:latest \
            review --diff pr.diff --output-format json --output comments.json

      - name: Post comments
        if: steps.check_key.outputs.skip != 'true' && steps.check_image.outputs.available == 'true'
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const comments = JSON.parse(fs.readFileSync('comments.json', 'utf8'));
            const headSha = context.payload.pull_request.head.sha;
            const fallback = [];

            for (const comment of comments) {
              if (!comment.file_path || !comment.line_number || comment.line_number < 1) {
                continue;
              }
              try {
                await github.rest.pulls.createReviewComment({
                  owner: context.repo.owner,
                  repo: context.repo.repo,
                  pull_number: context.issue.number,
                  body: `**${comment.severity}**: ${comment.content}`,
                  commit_id: headSha,
                  path: comment.file_path,
                  line: comment.line_number,
                  side: "RIGHT"
                });
              } catch (error) {
                fallback.push(`- **${comment.severity}** ${comment.file_path}:${comment.line_number} ${comment.content}`);
              }
            }

            if (fallback.length > 0) {
              const body = [
                "Some review comments could not be placed inline and are listed below:",
                "",
                ...fallback.slice(0, 100)
              ].join("\\n");
              await github.rest.issues.createComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                issue_number: context.issue.number,
                body
              });
            }