chore: 添加 Codex PR 审计工作流

2026-01-22 16:43:35 +00:00 · 2025-10-16 14:32:27 +08:00
parent 2f0839c7da
commit 4b011fe8b1
1 changed files with 70 additions and 0 deletions
--- a/.github/workflows/codex-pr-review.yml
+++ b/.github/workflows/codex-pr-review.yml
@@ -0,0 +1,70 @@
 name: Codex PR Review
 on:
  pull_request:
    types: [opened]
 jobs:
  codex:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      final_message: ${{ steps.run_codex.outputs['final-message'] }}
    environment: CODEX
    name: Codex PR Review
    steps:
      - name: Checkout
        uses: actions/checkout@v5
        with:
          ref: refs/pull/${{ github.event.pull_request.number }}/merge
      - name: Pre-fetch base and head refs for the PR
        run: |
          git fetch --no-tags origin \
            ${{ github.event.pull_request.base.ref }} \
            +refs/pull/${{ github.event.pull_request.number }}/head
      - name: Run Codex
        id: run_codex
        uses: hewenyu/codex-action@crs
        with:
          crs-api-key: ${{ secrets.CRS_API_KEY }}
          crs-base-url: ${{ secrets.CRS_API_BASE_URL }}
          crs-model: "gpt-5-codex"
          crs-reasoning-effort: "high"
          prompt: |
            This is PR #${{ github.event.pull_request.number }} for ${{ github.repository }}.
            Base SHA: ${{ github.event.pull_request.base.sha }}
            Head SHA: ${{ github.event.pull_request.head.sha }}
            Review ONLY the changes introduced by the PR.
            Suggest any improvements, potential bugs, or issues.
            Be concise and specific in your feedback.
            Pull request title and body:
            ----
            ${{ github.event.pull_request.title }}
            ${{ github.event.pull_request.body }}
  post_feedback:
    runs-on: ubuntu-latest
    needs: codex
    if: needs.codex.outputs.final_message != ''
    permissions:
      issues: write
      pull-requests: write
    steps:
      - name: Report Codex feedback
        uses: actions/github-script@v7
        env:
          CODEX_FINAL_MESSAGE: ${{ needs.codex.outputs.final_message }}
        with:
          github-token: ${{ github.token }}
          script: |
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.payload.pull_request.number,
              body: process.env.CODEX_FINAL_MESSAGE,
            });