Skip to content

chore(ci): add Qoder AI workflows#1397

Open
kongche-jbw wants to merge 1 commit into
mainfrom
chore/ci
Open

chore(ci): add Qoder AI workflows#1397
kongche-jbw wants to merge 1 commit into
mainfrom
chore/ci

Conversation

@kongche-jbw

@kongche-jbw kongche-jbw commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Add a member-gated Qoder AI review workflow.
  • Add a separate member-gated Qoder assistant workflow for comment-triggered help.
  • Run Qoder jobs on legacy self-hosted runners labeled anolisa-agent-review.
  • Support automatic PR review via pull_request_target and manual review via workflow_dispatch.
  • Support assistant invocation from comments whose first line starts with @qoder or /qoder.
  • Require repository write|maintain|admin permission before running Qoder.
  • Use job-level event filters before self-hosted gate scheduling, then keep API permission checks as the second gate.
  • Load trusted review context from the base branch root AGENTS.md and any AGENTS.md files found in changed-file ancestor directories.
  • Run Qoder with a per-run temporary HOME to avoid sharing $HOME/.qoder.json or $HOME/.local/bin across concurrent self-hosted jobs.
  • Clean Qoder runtime state after each Qoder job by resetting the checkout remote URL, deleting only the current Qoder action output logs, and removing the per-run Qoder home.

no-issue: CI workflow setup for member-gated AI review.

Safety Notes

  • Review workflow does not checkout PR head code under pull_request_target.
  • Trusted context is read from the base branch checkout, not from PR head changes.
  • Qoder Action is pinned to SHA 0881d27d15a7a93778ebc5c942d11da313ee8b7e.
  • Fork PRs from repository members are supported after author/actor permission checks.
  • Assistant comments are ignored before runner scheduling unless the first line starts with @qoder or /qoder and the commenter has OWNER, MEMBER, or COLLABORATOR association.
  • Prompt outputs use per-run random delimiters to avoid user-controlled content truncating $GITHUB_OUTPUT.
  • Prompt and changed-file temporary files are removed with shell traps after prompt construction.
  • Qoder checkouts set persist-credentials: false; the Qoder action still receives its own scoped token through the pinned action flow.
  • id-token: write is required by Qoder Action to request a GitHub OIDC token with audience qoder-action, then exchange it with QODER_PERSONAL_ACCESS_TOKEN for a short-lived Qoder GitHub App installation token.
  • Cleanup removes per-job Qoder token state from the temporary HOME and deletes that temporary HOME after the job.

Validation

@github-actions github-actions Bot added scope:ci ./.github/ scope:documentation ./docs/|./*.md|./NOTICE labels Jul 8, 2026
@kongche-jbw kongche-jbw force-pushed the chore/ci branch 3 times, most recently from 6b35591 to 533c184 Compare July 8, 2026 08:26
@kongche-jbw kongche-jbw changed the title chore(ci): add Qoder AI review workflow chore(ci): add Qoder AI workflows Jul 8, 2026
@kongche-jbw kongche-jbw marked this pull request as ready for review July 8, 2026 08:53
@kongche-jbw kongche-jbw requested a review from yangdao479 July 8, 2026 09:20
@kongche-jbw kongche-jbw marked this pull request as draft July 9, 2026 05:38
@kongche-jbw kongche-jbw marked this pull request as ready for review July 9, 2026 09:30
@kongche-jbw kongche-jbw requested a review from samchu-zsl July 9, 2026 09:32
samchu-zsl
samchu-zsl previously approved these changes Jul 9, 2026

@samchu-zsl samchu-zsl left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thx!

@ikunkun-sys

Copy link
Copy Markdown
Collaborator

重新看了最新 head(cdf0b00d2ff30941cded558d279a9d56861772bf)。旧的几个问题里,固定 $GITHUB_OUTPUT delimiter、actions/checkout 凭据持久化、全局 /tmp/qoder-*.log 删除已经修掉了。现在还剩两个点:

  1. [P2] 仍在直接修改 self-hosted runner 的共享 $HOME 状态

.github/workflows/qoder-assistant.yml.github/workflows/qoder-review.yml.github/workflows/qoder-smoke.yml 都会在 prepare 阶段删除 $HOME/.local/bin/qoder-github-mcp-server,并在 cleanup 阶段改写 $HOME/.qoder.json。这些 workflow 的 concurrency group 不同,assistant / review / smoke 仍可能并发落到同一批 legacy self-hosted runner 上;如果多个 runner 进程共享同一个 HOME,一个 job 的 prepare/cleanup 可能删除另一个正在运行的 Qoder job 的 MCP binary 或 token-bearing MCP 配置。

建议给 Qoder steps 使用 per-run HOME,例如 $RUNNER_TEMP/qoder-home,或者把所有 Qoder workflow 串到同一个全局 concurrency group。

  1. [P3] 新增的 prompt 临时文件没有清理

qoder-assistant.yml 会把完整评论正文和 trusted context 写入 prompt_file="$(mktemp)"qoder-review.yml 也会创建 files_file / prompt_file。这些文件写入 $GITHUB_OUTPUT 后没有删除。self-hosted runner 通常是持久环境,这些 prompt 会残留在 /tmp,后续同用户 job 可以读到。

建议创建后加类似:

trap 'rm -f "${prompt_file:-}" "${files_file:-}"' EXIT

assistant workflow 至少需要清理 prompt_file

验证:已重新 fetch 最新 PR head,git diff --check origin/main...origin/pr/1397 通过;最新 smoke check 也通过。

@kongche-jbw

kongche-jbw commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator Author

@ikunkun-sys fresh

ikunkun-sys
ikunkun-sys previously approved these changes Jul 9, 2026

@yangdao479 yangdao479 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. qoder-assistant 的触发条件是 comment body 包含 @qoder 或以 /qoder 开头。这个逻辑可用,但 contains(..., '@qoder') 可能导致成员在普通讨论或引用文本中误触发。建议后续收敛成首行命令匹配,例如只接受首行 /qoder ...@qoder ...

  2. id-token: write 仍然存在于 Qoder workflows 中。当前 Qoder Action 已通过 QODER_PERSONAL_ACCESS_TOKEN 认证,如果不需要 OIDC,建议删除该权限;如果确实需要,请补充说明 OIDC 的用途、audience 和外部 trust policy 限制。AI agent 场景下应尽量最小化 token 能力。

  3. qoder-smoke.yml 在 PR 描述中被称为 temporary smoke workflow,但它会随 PR 合入 main,并保留 workflow_dispatch。如果它只是临时验证用,建议合入前删除;如果要长期保留,建议把 PR 描述改成正式 smoke workflow,并明确其触发策略和维护目的。

@kongche-jbw

Copy link
Copy Markdown
Collaborator Author

@yangdao479 thx,13已修复,第二点这里:这个权限我保留了,因为当前 pinned Qoder Action 会依赖 GitHub OIDC:先请求 audience 为 qoder-action 的 OIDC token,再结合 QODER_PERSONAL_ACCESS_TOKEN 去 Qoder 服务端换短期 GitHub App installation token。

我已经在两个实际执行 Qoder 的 job 上补了注释说明这个流程,并且只在 Qoder 执行 job 上授予 id-token: write;gate job 没有这个权限。

外部 trust policy 的约束需要由 Qoder 的 token exchange 服务端校验,例如 audience、repository、workflow/ref 等 claims。workflow 侧能做的是把权限收敛到实际需要 OIDC 的 job,并明确记录用途。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

scope:ci ./.github/ scope:documentation ./docs/|./*.md|./NOTICE

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants