From bc1e3edecb3985db87ce9fa0859d350026493e02 Mon Sep 17 00:00:00 2001 From: Peter Gammelgaard Date: Mon, 15 Jun 2026 13:48:06 +0200 Subject: [PATCH 1/3] Add a review action that reviews one PR with the Banzai harness A thin composite over `banzai-harness review` (sibling of the harness action): on a PR event it boots Codex on the PR head, reads the diff, and posts a concise static review (inline comments + one summary, never APPROVE). Runs on the same self-hosted pool; secrets come from the env. Co-Authored-By: Claude Opus 4.8 --- README.md | 4 ++++ review/README.md | 56 +++++++++++++++++++++++++++++++++++++++++++++++ review/action.yml | 51 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 111 insertions(+) create mode 100644 review/README.md create mode 100644 review/action.yml diff --git a/README.md b/README.md index 201e93be..08c9884d 100644 --- a/README.md +++ b/README.md @@ -129,6 +129,10 @@ Click on any action name below to view detailed documentation, usage examples, a render-ios-app-icon-badge Adds a badge to an iOS app icon to indicate that the app is meant for testing purposes. + + review + Reviews one pull request with the Codex agent and posts inline + summary comments. + swiftlint Runs SwiftLint on a codebase. diff --git a/review/README.md b/review/README.md new file mode 100644 index 00000000..a3951f6a --- /dev/null +++ b/review/README.md @@ -0,0 +1,56 @@ +# Banzai review + +Reviews one pull request with the Codex agent. A thin composite over the +`banzai-harness review` CLI (see +[framna-dk/banzai-codes-harness](https://github.com/framna-dk/banzai-codes-harness)): +it boots Codex on the PR head, reads the diff, and posts a concise review — +inline comments plus one summary (`COMMENT`/`REQUEST_CHANGES`, never `APPROVE`). +The review is **static** (no file edits, no commits), so it never re-triggers +itself. + +This is the sibling of the `harness` action and shares the same self-hosted +runner pool: `banzai-harness`, `codex`, `gh`, and `git` must be on `PATH`. + +## Inputs + +| Input | Required | Default | Notes | +|-------|----------|---------|-------| +| `pr_number` | yes | — | PR to review, e.g. `42`. | +| `repo_url` | no | current repo | `owner/repo`. | +| `base_branch` | no | `main` | Branch the PR targets. | +| `prompt_path` | no | embedded template | Override review template; validated against the `banzai-review` version marker. | +| `workspace_root` | no | `$HOME/banzai-workspaces` | Per-PR review workspaces. | +| `log_level` | no | `info` | `info` \| `warn` \| `error`. | + +Secrets are read from the environment, never passed on the command line: export +`GH_TOKEN` (required) and `OPENAI_API_KEY` in the calling job. + +## Usage + +```yaml +name: PR review +on: + pull_request: + types: [opened, synchronize, reopened] + +# One review per PR; a new push cancels the in-flight one. +concurrency: + group: banzai-review-${{ github.event.pull_request.number }} + cancel-in-progress: true + +jobs: + review: + runs-on: [self-hosted] + steps: + - uses: framna-dk/actions/review@main + with: + pr_number: ${{ github.event.pull_request.number }} + base_branch: ${{ github.event.pull_request.base.ref }} + env: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} +``` + +The agent reacts 👀 on the PR when it starts, then posts the review. It writes a +`review-outcome.json` to `${{ runner.temp }}` (`outcome`, `reason`, `pr_number`, +`head_sha`, `turn_count`, `tokens`, `ended_at_ms`). diff --git a/review/action.yml b/review/action.yml new file mode 100644 index 00000000..451b34ba --- /dev/null +++ b/review/action.yml @@ -0,0 +1,51 @@ +name: "Banzai review" +description: "Reviews one pull request with the Codex agent inside a GitHub Actions job." + +inputs: + pr_number: + description: "Pull request number to review (e.g. 42)." + required: true + repo_url: + description: "Repository slug owner/repo the PR belongs to. Defaults to the current repo." + required: false + default: ${{ github.repository }} + base_branch: + description: "Branch the PR targets (used to scope the diff)." + required: false + default: "main" + prompt_path: + description: "Optional override for the review prompt template (relative to the workspace repo, or absolute). When omitted, the harness uses its embedded canonical review template. An override is validated against the banzai-review version marker and fails fast if stale." + required: false + default: "" + workspace_root: + description: "Directory under which per-PR review workspaces are created." + required: false + default: "$HOME/banzai-workspaces" + log_level: + description: "info | warn | error" + required: false + default: "info" + +runs: + using: composite + steps: + - name: review-preflight + shell: bash + run: | + banzai-harness preflight \ + --pr-number "${{ inputs.pr_number }}" \ + --log-level "${{ inputs.log_level }}" + - name: review-run + shell: bash + env: + PROMPT_PATH: ${{ inputs.prompt_path }} + run: | + args=(review + --repo-url "${{ inputs.repo_url }}" + --pr-number "${{ inputs.pr_number }}" + --base-branch "${{ inputs.base_branch }}" + --workspace-root "${{ inputs.workspace_root }}" + --log-level "${{ inputs.log_level }}" + --runner-temp "${{ runner.temp }}") + [ -n "$PROMPT_PATH" ] && args+=(--prompt-path "$PROMPT_PATH") + banzai-harness "${args[@]}" From 04d32b6d9c883e38b8772f55d691c7f0b594a553 Mon Sep 17 00:00:00 2001 From: Peter Gammelgaard Date: Mon, 15 Jun 2026 15:31:32 +0200 Subject: [PATCH 2/3] Genericize review action: drop agent name and API token MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Don't name the underlying coding agent (so it can change later) and stop documenting an agent API token in the action — the runner provides the review agent's credentials. Only GH_TOKEN is supplied by the caller. Co-Authored-By: Claude Opus 4.8 --- README.md | 2 +- review/README.md | 19 ++++++++++--------- review/action.yml | 2 +- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 08c9884d..77b5976e 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,7 @@ Click on any action name below to view detailed documentation, usage examples, a review - Reviews one pull request with the Codex agent and posts inline + summary comments. + Reviews one pull request with the Banzai harness and posts inline + summary comments. swiftlint diff --git a/review/README.md b/review/README.md index a3951f6a..03a2eb3f 100644 --- a/review/README.md +++ b/review/README.md @@ -1,15 +1,16 @@ # Banzai review -Reviews one pull request with the Codex agent. A thin composite over the +Reviews one pull request. A thin composite over the `banzai-harness review` CLI (see [framna-dk/banzai-codes-harness](https://github.com/framna-dk/banzai-codes-harness)): -it boots Codex on the PR head, reads the diff, and posts a concise review — -inline comments plus one summary (`COMMENT`/`REQUEST_CHANGES`, never `APPROVE`). -The review is **static** (no file edits, no commits), so it never re-triggers -itself. +it boots the review agent on the PR head, reads the diff, and posts a concise +review — inline comments plus one summary (`COMMENT`/`REQUEST_CHANGES`, never +`APPROVE`). The review is **static** (no file edits, no commits), so it never +re-triggers itself. This is the sibling of the `harness` action and shares the same self-hosted -runner pool: `banzai-harness`, `codex`, `gh`, and `git` must be on `PATH`. +runner pool: `banzai-harness`, `gh`, and `git` (plus the runner's configured +review agent) must be on `PATH`. ## Inputs @@ -22,8 +23,9 @@ runner pool: `banzai-harness`, `codex`, `gh`, and `git` must be on `PATH`. | `workspace_root` | no | `$HOME/banzai-workspaces` | Per-PR review workspaces. | | `log_level` | no | `info` | `info` \| `warn` \| `error`. | -Secrets are read from the environment, never passed on the command line: export -`GH_TOKEN` (required) and `OPENAI_API_KEY` in the calling job. +`GH_TOKEN` is read from the environment, never passed on the command line: +export it in the calling job. The review agent's own credentials are configured +on the runner, not supplied through this action. ## Usage @@ -48,7 +50,6 @@ jobs: base_branch: ${{ github.event.pull_request.base.ref }} env: GH_TOKEN: ${{ secrets.GH_TOKEN }} - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} ``` The agent reacts 👀 on the PR when it starts, then posts the review. It writes a diff --git a/review/action.yml b/review/action.yml index 451b34ba..25ca4707 100644 --- a/review/action.yml +++ b/review/action.yml @@ -1,5 +1,5 @@ name: "Banzai review" -description: "Reviews one pull request with the Codex agent inside a GitHub Actions job." +description: "Reviews one pull request with the Banzai harness inside a GitHub Actions job." inputs: pr_number: From 5c6cf214936a735c10994a708e90cf425c416000 Mon Sep 17 00:00:00 2001 From: Peter Gammelgaard Date: Mon, 15 Jun 2026 15:41:02 +0200 Subject: [PATCH 3/3] review: pass repo_url to preflight for fail-fast validation The review command requires the repo slug; validating it at preflight (now that it's a preflight input) fails fast instead of failing in the run step. Co-Authored-By: Claude Opus 4.8 --- review/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/review/action.yml b/review/action.yml index 25ca4707..2f802037 100644 --- a/review/action.yml +++ b/review/action.yml @@ -34,6 +34,7 @@ runs: run: | banzai-harness preflight \ --pr-number "${{ inputs.pr_number }}" \ + --repo-url "${{ inputs.repo_url }}" \ --log-level "${{ inputs.log_level }}" - name: review-run shell: bash