name: Codex PR Review

on:
  pull_request_target:
    types: [opened, reopened, synchronize]

jobs:
  codex:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      final_message: ${{ steps.run_codex.outputs['final-message'] }}
    environment: CODEX
    name: Codex PR Review
    steps:
      - name: Checkout base revision
        uses: actions/checkout@v5
        with:
          ref: ${{ github.event.pull_request.base.sha }}
          fetch-depth: 0
          persist-credentials: false

      - name: Pre-fetch base and head refs for the PR
        env:
          GITHUB_TOKEN: ${{ github.token }}
        run: |
          git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }}
          git fetch --no-tags origin \
            ${{ github.event.pull_request.base.ref }} \
            +refs/pull/${{ github.event.pull_request.number }}/head:refs/pr/${{ github.event.pull_request.number }}/head \
            +refs/pull/${{ github.event.pull_request.number }}/merge:refs/pr/${{ github.event.pull_request.number }}/merge

      - name: 准备PR工作区
        run: |
          rm -rf ../pr-worktree
          git worktree prune
          git worktree add ../pr-worktree refs/pr/${{ github.event.pull_request.number }}/merge

      - name: 校验CRS密钥
        env:
          CRS_API_KEY: ${{ secrets.CRS_API_KEY }}
          CRS_API_BASE_URL: ${{ secrets.CRS_API_BASE_URL }}
        run: |
          missing=0
          if [ -z "$CRS_API_KEY" ]; then
            echo "::error::CRS_API_KEY 缺失，终止流程"
            missing=1
          fi
          if [ -z "$CRS_API_BASE_URL" ]; then
            echo "::error::CRS_API_BASE_URL 缺失，终止流程"
            missing=1
          fi
          exit $missing

      - name: Run Codex
        id: run_codex
        uses: Wei-Shaw/codex-action@crs
        with:
          crs-api-key: ${{ secrets.CRS_API_KEY }}
          crs-base-url: ${{ secrets.CRS_API_BASE_URL }}
          crs-model: "gpt-5-codex"
          crs-reasoning-effort: "high"
          working-directory: ../pr-worktree
          prompt: |
            This is PR #${{ github.event.pull_request.number }} for ${{ github.repository }}.
            Base SHA: ${{ github.event.pull_request.base.sha }}
            Head SHA: ${{ github.event.pull_request.head.sha }}

            Review ONLY the changes introduced by the PR.
            Suggest any improvements, potential bugs, or issues.
            Be concise and specific in your feedback.

            Pull request title and body:
            ----
            ${{ github.event.pull_request.title }}
            ${{ github.event.pull_request.body }}

  post_feedback:
    runs-on: ubuntu-latest
    needs: codex
    if: needs.codex.outputs.final_message != ''
    permissions:
      issues: write
      pull-requests: write
    steps:
      - name: Report Codex feedback
        uses: actions/github-script@v7
        env:
          CODEX_FINAL_MESSAGE: ${{ needs.codex.outputs.final_message }}
        with:
          github-token: ${{ github.token }}
          script: |
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.payload.pull_request.number,
              body: process.env.CODEX_FINAL_MESSAGE,
            });