feat: #46: Add GitHub Actions workflow for automated code review

.github/templates/code-review-prompt.md

@@ -0,0 +1,85 @@
+# Code Review Prompt Template
+
+You are an expert code reviewer conducting a thorough analysis of code changes. Please review the provided git diff and provide constructive feedback focusing on the areas specified below.
+
+## Review Focus Areas
+
+Please analyze the code changes for:
+
+### 🔒 Security
+- Look for potential security vulnerabilities
+- Check for exposed secrets, API keys, or sensitive data
+- Identify injection vulnerabilities (SQL, XSS, etc.)
+- Review authentication and authorization logic
+- Assess input validation and sanitization
+
+### 🚀 Performance
+- Identify potential performance bottlenecks
+- Review algorithmic complexity
+- Check for memory leaks or excessive resource usage
+- Evaluate database query efficiency
+- Assess caching strategies
+
+### 🏗️ Code Quality & Best Practices
+- Code readability and maintainability
+- Adherence to coding standards and conventions
+- Proper error handling and logging
+- Code organization and modularity
+- Documentation and comments quality
+
+### 🧪 Testing
+- Test coverage for new functionality
+- Edge cases consideration
+- Integration test requirements
+- Mock and stub usage appropriateness
+
+### 🔧 Technical Debt
+- Potential refactoring opportunities
+- Deprecated patterns or libraries
+- Code duplication
+- Unused or dead code
+
+## Review Guidelines
+
+1. **Be Constructive**: Provide specific, actionable feedback with suggestions for improvement
+2. **Prioritize Issues**: Clearly indicate severity levels (Critical, High, Medium, Low)
+3. **Provide Context**: Explain the reasoning behind your recommendations
+4. **Suggest Solutions**: When pointing out problems, offer concrete solutions
+5. **Acknowledge Good Practices**: Highlight well-written code and good practices
+
+## Output Format
+
+Please structure your review as follows:
+
+### Summary
+Brief overview of the changes and overall assessment.
+
+### Critical Issues 🚨
+Issues that must be addressed before merging (security vulnerabilities, breaking changes).
+
+### High Priority Issues ⚠️
+Important issues that should be addressed (performance problems, significant code quality issues).
+
+### Medium Priority Issues ℹ️
+Suggestions for improvement (minor refactoring, code style improvements).
+
+### Low Priority Issues 💡
+Nice-to-have improvements (documentation, minor optimizations).
+
+### Positive Feedback ✅
+Highlight good practices and well-implemented features.
+
+### Recommendations
+- Overall recommendations for the pull request
+- Suggestions for follow-up work
+- Additional testing recommendations
+
+---
+
+## Code Changes to Review
+
+{DIFF_CONTENT}
+
+---
+
+Please provide your detailed code review based on the above guidelines and focus areas.

.github/workflows/code-review.yml

@@ -0,0 +1,105 @@
+name: AI Code Review
+
+on:
+  pull_request:
+    types: [review_requested]
+
+jobs:
+  ai-code-review:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+
+    # Skip review for dependabot PRs
+    if: github.actor != 'dependabot[bot]'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Fetch all branches
+        run: |
+          git fetch origin main:main || true
+          git fetch fork main:main || true
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Install Poetry
+        uses: abatilo/actions-poetry@v3
+        with:
+          poetry-version: "latest"
+
+      - name: Configure Poetry
+        run: |
+          poetry config virtualenvs.create true --local
+          poetry config virtualenvs.in-project true --local
+
+      - name: Install MCP Tools
+        run: |
+          npm install -g @modelcontextprotocol/server-filesystem
+
+      - name: Install StreetRace
+        run: |
+          poetry install
+
+      - name: Run Code Review
+        env:
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          GOOGLE_AI_API_KEY: ${{ secrets.GOOGLE_AI_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          PR_TITLE: ${{ github.event.pull_request.title }}
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+          BASE_BRANCH: ${{ github.event.pull_request.base.ref }}
+          HEAD_BRANCH: ${{ github.event.pull_request.head.ref }}
+        run: |
+          # Run the code review script
+          ./.github/workflows/scripts/code-review.sh
+
+          # Find the most recent review report
+          LATEST_REPORT=$(ls -t code-reviews/*.md 2>/dev/null | head -n1)
+
+          if [ -n "$LATEST_REPORT" ] && [ -f "$LATEST_REPORT" ]; then
+            echo "Found review report: $LATEST_REPORT"
+            cp "$LATEST_REPORT" /tmp/ai-review-result.txt
+          else
+            echo "ERROR: No review report found in code-reviews/"
+            exit 1
+          fi
+
+      - name: Post Review Comment
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+        run: |
+          # Check if review was generated
+          if [ -f "/tmp/ai-review-result.txt" ] && [ -s "/tmp/ai-review-result.txt" ]; then
+            ./.github/workflows/scripts/post-review-comment.sh /tmp/ai-review-result.txt
+          else
+            echo "ERROR: No review generated. This indicates a configuration issue (likely missing API key)."
+            echo "Please configure one of the following secrets: ANTHROPIC_API_KEY, OPENAI_API_KEY, or GOOGLE_AI_API_KEY"
+            exit 1
+          fi
+
+      - name: Archive review results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: code-review-results
+          path: |
+            /tmp/*review*.txt
+            code-reviews/*.md
+          retention-days: 30