From de75e57c5e74f0fb2e0d477756f77a7cbc1f9ffb Mon Sep 17 00:00:00 2001 From: OliverGiertz Date: Wed, 11 Mar 2026 08:47:24 +0000 Subject: [PATCH 1/2] =?UTF-8?q?refactor(ai-review):=20remove=20Claude=20AP?= =?UTF-8?q?I=20step=20=E2=80=93=20review=20now=20done=20locally=20by=20Cla?= =?UTF-8?q?ude=20Code?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Claude review is performed locally by Claude Code agent before PR merge. ChatGPT review remains automated via GitHub Actions + OPENAI_API_KEY. See CLAUDE.md in caller repos for the process. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/repo-pipeline.yml | 94 +---------------------------- 1 file changed, 2 insertions(+), 92 deletions(-) diff --git a/.github/workflows/repo-pipeline.yml b/.github/workflows/repo-pipeline.yml index c3a5170..3cf8408 100644 --- a/.github/workflows/repo-pipeline.yml +++ b/.github/workflows/repo-pipeline.yml @@ -184,98 +184,8 @@ jobs: pull-requests: write issues: write steps: - - name: Generate Claude review - env: - ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} - GITHUB_TOKEN: ${{ github.token }} - PR_NUMBER: ${{ github.event.pull_request.number }} - REPO: ${{ github.repository }} - PR_TITLE: ${{ github.event.pull_request.title }} - run: | - set -euo pipefail - if [ -z "${ANTHROPIC_API_KEY:-}" ]; then - echo "::notice::ANTHROPIC_API_KEY not set – Claude review skipped" - exit 0 - fi - python3 << 'PYEOF' - import os, json, urllib.request - - token = os.environ["GITHUB_TOKEN"] - repo = os.environ["REPO"] - pr_num = os.environ["PR_NUMBER"] - headers_gh = {"Authorization": f"Bearer {token}", "User-Agent": "vanity-dev-engine", - "Accept": "application/vnd.github.v3+json"} - - # Skip if Claude review already exists - req = urllib.request.Request( - f"https://api.github.com/repos/{repo}/issues/{pr_num}/comments?per_page=100", - headers=headers_gh) - with urllib.request.urlopen(req) as r: - comments = json.loads(r.read()) - if any("### Claude" in (c.get("body") or "") for c in comments): - print("Claude review already present – skipping generation.") - raise SystemExit(0) - - # Fetch PR diff (truncated to 12 000 chars to stay within token limit) - req_diff = urllib.request.Request( - f"https://api.github.com/repos/{repo}/pulls/{pr_num}", - headers={**headers_gh, "Accept": "application/vnd.github.v3.diff"}) - with urllib.request.urlopen(req_diff) as r: - diff = r.read().decode("utf-8", errors="replace")[:12000] - - # Fetch PR body - req_pr = urllib.request.Request( - f"https://api.github.com/repos/{repo}/pulls/{pr_num}", headers=headers_gh) - with urllib.request.urlopen(req_pr) as r: - pr_data = json.loads(r.read()) - pr_body = (pr_data.get("body") or "")[:800] - - prompt = f"""You are a senior iOS Swift developer reviewing a pull request. - Analyse the changes carefully and write a concise code review. - - PR title: {os.environ["PR_TITLE"]} - PR description: {pr_body} - - Git diff (may be truncated): - {diff} - - Reply with EXACTLY this structure – no deviations: - - ### Claude - - DoD status: PASS - Blocker: 0 - Major: 0 - - - - Only set DoD status to FAIL or raise Blocker/Major above 0 when you find - real defects that must be fixed before merging.""" - - payload = json.dumps({ - "model": "claude-opus-4-6", - "max_tokens": 1500, - "messages": [{"role": "user", "content": prompt}] - }).encode() - req_ai = urllib.request.Request( - "https://api.anthropic.com/v1/messages", data=payload, - headers={"x-api-key": os.environ["ANTHROPIC_API_KEY"], - "anthropic-version": "2023-06-01", - "content-type": "application/json"}) - with urllib.request.urlopen(req_ai) as r: - review = json.loads(r.read())["content"][0]["text"] - - # Post comment - body_payload = json.dumps({"body": review}).encode() - req_post = urllib.request.Request( - f"https://api.github.com/repos/{repo}/issues/{pr_num}/comments", - data=body_payload, - headers={**headers_gh, "Content-Type": "application/json"}) - with urllib.request.urlopen(req_post) as r: - result = json.loads(r.read()) - print(f"Claude review posted: {result['html_url']}") - PYEOF + # Claude review is performed locally by Claude Code before the PR is merged. + # See CLAUDE.md in the repository for the process. - name: Generate ChatGPT review env: From aa2b6b7b4ae196bea1563bdc0f86a9e86ea85041 Mon Sep 17 00:00:00 2001 From: OliverGiertz Date: Wed, 11 Mar 2026 09:10:29 +0000 Subject: [PATCH 2/2] fix(security-scan): set continue-on-error on Dependency Review step Dependency Review requires GitHub Dependency Graph, which is not available for iOS/SPM repos where packages are embedded in .xcodeproj. Marking as non-blocking so CI does not fail on unsupported repo types. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/repo-pipeline.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/repo-pipeline.yml b/.github/workflows/repo-pipeline.yml index 3cf8408..3f13834 100644 --- a/.github/workflows/repo-pipeline.yml +++ b/.github/workflows/repo-pipeline.yml @@ -173,6 +173,7 @@ jobs: - name: Dependency Review if: ${{ github.event_name == 'pull_request' }} + continue-on-error: true uses: actions/dependency-review-action@v4 ai-review: