Skip to content

fix(ci): push the chart with the Actions token, not the app token #785

fix(ci): push the chart with the Actions token, not the app token

fix(ci): push the chart with the Actions token, not the app token #785

Workflow file for this run

name: AI PR Review
on:
pull_request:
branches: ["main"]
# `labeled` enables the one-click re-review: add the `ai-review` label to
# force a fresh review (only write/triage can label — self-authorizing).
types: [opened, reopened, synchronize, ready_for_review, labeled]
workflow_dispatch:
concurrency:
# `labeled` events get their own group so an auto-applied label (Renovate
# adds several at PR creation) can't cancel the in-flight opened review.
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}${{ github.event.action == 'labeled' && format('-label-{0}', github.run_id) || '' }}
cancel-in-progress: true
permissions:
contents: read
pull-requests: write
jobs:
review:
if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Generate bot token
id: app-token
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
with:
client-id: ${{ secrets.BOT_CLIENT_ID }}
private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
- name: Review PR with reusable AI reviewer
if: github.event_name == 'pull_request'
id: review
uses: misospace/pr-reviewer-action@b36ea146c6563a3f49a5b9a232d411f6cf970474 # v2.0.5
with:
github_token: ${{ steps.app-token.outputs.token }}
ai_primary_retries: "3"
ai_primary_retry_delay_sec: "15"
ai_base_url: ${{ vars.LITELLM_URL }}
ai_api_format: ${{ vars.PRIMARY_FORMAT }}
ai_model: ${{ vars.PRIMARY_MODEL }}
ai_api_key: ${{ secrets.LITELLM_API_KEY }}
ai_response_format: json_object
ai_max_tokens: ${{ vars.AI_MAX_TOKENS || '16000' }}
ai_fallback_base_url: ${{ vars.LITELLM_URL }}
ai_fallback_api_format: ${{ vars.FALLBACK_FORMAT }}
ai_fallback_model: ${{ vars.FALLBACK_MODEL }}
ai_fallback_api_key: ${{ secrets.LITELLM_API_KEY }}
review_routing_mode: auto
ai_smart_base_url: ${{ vars.LITELLM_URL }}
ai_smart_api_format: ${{ vars.SMART_FORMAT }}
ai_smart_model: ${{ vars.SMART_MODEL }}
ai_smart_api_key: ${{ secrets.LITELLM_API_KEY }}
context_limit_mode: normal
ci_status_check: "true"
ci_timeout_sec: "600"
tool_mode: native_loop
tool_max_rounds: "2"
tool_max_requests: "4"
tool_loop_wall_clock_sec: "300"
tool_planning_timeout_sec: "300"
tool_planning_max_context_bytes: "15000"
tool_planning_max_tokens: "16000"
tool_max_response_bytes: "12000"
tool_allowed_gh_api_repos: "*"
tool_request_timeout_sec: "15"
tool_enable_for_forks: "false"
on_model_failure: notice
inline_findings: "true"
verdict_policy: findings_severity_gated
publish_mode: review_verdict
allow_approve: "true"