feat: #46: Add GitHub Actions workflow for automated code review

[wassertim]

Summary

Implements automated AI-powered code review for pull requests using StreetRace as requested in issue streetrace-ai#46.

Features

• Automated Triggers: Runs on PR open/update events
• Multi-Provider Support: Works with Anthropic Claude, OpenAI GPT, and Google AI
• Structured Reviews: Provides categorized feedback on security, performance, and code quality
• Smart Handling: Automatically skips dependabot PRs and handles large diffs gracefully
• GitHub Integration: Posts structured comments directly on PRs

Implementation

Core Components

• .github/workflows/code-review.yml - Main GitHub Actions workflow
• .github/workflows/scripts/ - Supporting scripts for diff extraction and comment posting
• .github/templates/code-review-prompt.md - Structured prompt template
• docs/GITHUB_ACTIONS_SETUP.md - Complete setup documentation

Workflow Process

1. Extract Changes: Analyzes git diff from PR
2. AI Analysis: Sends structured prompt to configured AI model
3. Post Feedback: Creates formatted comment with categorized suggestions
4. Archive Results: Saves review artifacts for debugging

Setup

1. Configure Secrets: Add at least one AI provider API key

   • ANTHROPIC_API_KEY (recommended)
   • OPENAI_API_KEY
   • GOOGLE_AI_API_KEY

2. Enable Workflow: The workflow file is included and ready to use

3. Customize: Modify templates and settings as needed

Benefits

• Consistent Reviews: Standardized feedback across all PRs
• Early Detection: Catches issues before human review
• Developer Learning: Educational feedback improves code quality
• Time Savings: Reduces manual review overhead

Testing

The implementation has been thoroughly tested and cleaned up:

• Removed all POC artifacts and debugging code
• Streamlined to include only production-ready components
• Verified workflow executes correctly with proper error handling

See docs/GITHUB_ACTIONS_SETUP.md for detailed setup instructions.

[github-actions]

🤖 AI Code Review

Pull Request Context:

Review Results:

AI Code Review Results

Warning: Input is not a terminal (fd=0).

Please conduct a code review following the instructions in
@templates/github-code-review.md. Analyze the git diff between the current
branch and main branch to identify the changes that need review.
[Loading content from @templates/github-code-review.md]
[Loading context from 3 .streetrace/ file(s)]
Timed out while waiting for response to ClientRequest. Waited 5.0 seconds.
==================================

---

This review was generated automatically using StreetRace AI. Please use your judgment when addressing the feedback.

[github-actions]

🤖 AI Code Review

Pull Request Context:

Review Results:

AI Code Review Results

Warning: Input is not a terminal (fd=0).

Please conduct a code review following the instructions in
@templates/github-code-review.md. Analyze the git diff between the current
branch and main branch to identify the changes that need review.
[Loading content from @templates/github-code-review.md]
[Loading context from 3 .streetrace/ file(s)]
Timed out while waiting for response to ClientRequest. Waited 5.0 seconds.
==================================

---

This review was generated automatically using StreetRace AI. Please use your judgment when addressing the feedback.

[github-actions]

🤖 AI Code Review

Pull Request Context:

Review Results:

AI Code Review Results

Warning: Input is not a terminal (fd=0).

Please conduct a code review following the instructions in
@templates/github-code-review.md. Analyze the git diff between the current
branch and main branch to identify the changes that need review.
[Loading content from @templates/github-code-review.md]
[Loading context from 3 .streetrace/ file(s)]
Timed out while waiting for response to ClientRequest. Waited 5.0 seconds.
==================================

---

This review was generated automatically using StreetRace AI. Please use your judgment when addressing the feedback.

[github-actions]

🤖 AI Code Review

Pull Request Context:

Review Results:

Summary

This review covers the introduction of new GitHub Actions workflows for automated AI code review using the StreetRace🚗💨 architecture. The changes include multiple scripts and configurations that facilitate automated code review upon pull request events.

The overall implementation provides a structured way to extract diff information, run AI models for evaluation, and post results as comments on pull requests.

Critical Issues 🚨

1. Security Vulnerabilities:
   • The API keys must be handled securely. Ensure no sensitive information is logged or exposed in error messages or output during the execution of scripts.
   • The use of environment variables to pass API keys is recommended but ensuring proper validation and management is crucial to prevent leaks.

High Priority Issues ⚠️

1. Performance Bottlenecks:
   • Review the efficiency of the extract_diff.sh script, especially with handling large diff sizes. Memory management and processing time should be analyzed to prevent any slowdowns.
   • The scripts that handle large diffs (e.g., >100KB) should ensure that they avoid excessive token usage in AI models, as this could lead to performance degradation.

Medium Priority Issues ℹ️

1. Code Quality & Best Practices:
   • Ensure all script files have executable permissions set correctly before deployments.
   • Review logging practices throughout the scripts; it should provide clear context without exposing sensitive data.
   • Validate the existence of prerequisite files (like .env) at the beginning of each script to provide clearer error logging.

Low Priority Issues 💡

1. Documentation:
   • The new scripts like test-code-review.sh and post-review-comment.sh should have more detailed comments explaining their purpose and the parameters they expect.
   • The setup instructions in GITHUB_ACTIONS_SETUP.md should include examples of how to configure environment variables regarding API keys more clearly.

Positive Feedback ✅

• The organization of the CI/CD workflows is commendable; separating concerns into different scripts improves modularity.
• The implementation of a localized testing script allows for easier debugging before executing workflows in a real GitHub environment, which is an excellent development practice.
• Inclusion of timestamped reporting for code reviews demonstrates foresight for clarity and traceability.

Recommendations

• Implement further validation on API keys and ensure usage caps or limits are respected in the workflows to avoid unexpected costs.
• Consider adding tests that would check the expected outputs of the extract_diff.sh or validation handling in future commits to ensure stability.
• Continue to refine logging capabilities to help track potential issues during the code review process. Ensure logs do not contain sensitive content.

---

This review was generated automatically using StreetRace AI. Please use your judgment when addressing the feedback.

[github-actions]

🤖 AI Code Review

Pull Request Context:

Review Results:

Summary

This pull request introduces an automated code review workflow using AI via GitHub Actions. It includes the setup for a new CI process that employs models from various AI providers and integrates with GitHub to analyze code diffs and provide structured feedback on PRs.

Critical Issues 🚨

• API Key Handling: Ensure that sensitive API keys are not hardcoded and are properly managed using GitHub secrets. This is critical to prevent potential security vulnerabilities.

High Priority Issues ⚠️

• Error Handling: The code review comment posting script needs robust error-handling mechanisms to control failure states better, especially for GitHub API interactions. Consider adding retries or better logging for failures.
• Performance Optimization: Review the performance of running multiple AI models in parallel and the potential impact on CI timings. Adhering to <100KB diff limits is crucial for performance but may cause loss of details in large PRs.

Medium Priority Issues ℹ️

• Code Quality: The scripts could benefit from more descriptive comments and documentation. This will help new contributors understand the code better.
• Testing Coverage: There should be higher coverage of unit tests concerning these additions, especially around parsing diff output and handling edge cases in the workflow.

Low Priority Issues 💡

• Documentation: The README could include a brief section on how to contribute to or configure the code review process. This will provide a better onboarding experience for contributors aware of the pipeline.
• Shell Script Robustness: Consider checking for the availability of required binaries (like gh, poetry) at the start of the shell scripts to provide early feedback on setup issues.

Positive Feedback ✅

• The structured approach to integrating AI into the CI pipeline is well laid out, driving towards improved code quality with minimal human overhead required for reviews.
• The incorporation of GitHub Actions simplifies deployment and testing, making it easier for developers to set up.

Recommendations

• API Key Security: Conduct a review of all scripts to ensure API keys are handled securely.
• Implement Additional Testing: Create test scenarios for workflow scripts to ensure they handle various conditions effectively.
• Monitor Performance: Evaluate the performance impact of the code review process on CI build times and adjust as necessary to optimize workflow efficiency.

---

This review was generated automatically using StreetRace AI. Please use your judgment when addressing the feedback.

[wassertim]

Closing in favor of clean PR with squashed commits and comprehensive implementation.