Skip to content

feat: add GitHub Action for automated PR review via AgentCore Harness#934

Merged
jesseturner21 merged 11 commits intoaws:mainfrom
jesseturner21:feat/pr-ai-review-upstream
Apr 24, 2026
Merged

feat: add GitHub Action for automated PR review via AgentCore Harness#934
jesseturner21 merged 11 commits intoaws:mainfrom
jesseturner21:feat/pr-ai-review-upstream

Conversation

@jesseturner21
Copy link
Copy Markdown
Contributor

@jesseturner21 jesseturner21 commented Apr 23, 2026

Summary

  • Adds a GitHub Action workflow that automatically reviews PRs using Bedrock AgentCore Harness
  • The harness runs an AI agent in an isolated microVM with gh, git, and pre-cloned repos that fetches PR diffs, reads code context, and posts review comments directly on GitHub
  • Triggers on PR open/reopen for agentcore-cli-devs team members, with manual workflow_dispatch for any PR
  • Adds/removes ai-reviewing label during review
  • Authenticates via GitHub OIDC to assume an AWS role for harness invocation
  • Uses raw HTTP with SigV4 signing to invoke the harness — no custom boto3 service model needed
  • Pretty log output with collapsible tool call groups, ANSI colors, and per-tool timing
  • Reads existing PR comments before reviewing to avoid duplicate feedback

Files added

File Purpose
.github/workflows/pr-ai-review.yml Main workflow (triggers, auth, setup, invoke)
.github/scripts/python/harness_review.py Harness invocation via raw HTTP + SigV4, stream display
.github/scripts/prompts/system.md System prompt (workspace context for the agent)
.github/scripts/prompts/review.md Review prompt template (instructions for the agent)

Required secrets

  • HARNESS_AWS_ROLE_ARN — IAM role ARN for GitHub OIDC
  • HARNESS_ARN — Full ARN of the Bedrock AgentCore harness

Test plan

  • Tested end-to-end on jesseturner21/agentcore-cli fork
  • Verified OIDC authentication works
  • Verified harness invocation and PR comment posting
  • Verified team membership check (skips for non-members)
  • Verified ai-reviewing label add/remove
  • Verified duplicate comment prevention
  • Verified workflow_dispatch with custom PR URL
  • Verified raw HTTP + SigV4 invocation (no service model)

Adds a workflow that reviews PRs using Bedrock AgentCore Harness.
The harness runs an AI agent in an isolated microVM with gh, git,
and pre-cloned repos that fetches PR diffs and posts review comments.

Workflow:
- Triggers on PR open/reopen for agentcore-cli-devs team members
- Supports manual workflow_dispatch for any PR URL
- Adds/removes ai-reviewing label during review
- Authenticates via GitHub OIDC to assume AWS role

Files:
- .github/workflows/pr-ai-review.yml — main workflow
- .github/scripts/python/harness_review.py — harness invocation script
- .github/scripts/python/harness_config.py — config from env vars
- .github/scripts/models/ — local boto3 service model (InvokeHarness
  not yet in standard boto3)

Required secrets:
- HARNESS_AWS_ROLE_ARN — IAM role ARN for OIDC
- HARNESS_ACCOUNT_ID — AWS account ID
- HARNESS_ID — Harness ID
@jesseturner21 jesseturner21 requested a review from a team April 23, 2026 16:25
@github-actions github-actions Bot added the size/xl PR size: XL label Apr 23, 2026
Eliminates the 220KB bundled service model by using direct HTTP requests
with SigV4 authentication to invoke the harness endpoint. No extra
dependencies needed — urllib3, SigV4Auth, and EventStreamBuffer are all
part of botocore/boto3.

Rejected: invoke_agent_runtime API | server rejects harness ARNs with ResourceNotFoundException
Confidence: high
Scope-risk: moderate
@jesseturner21 jesseturner21 reopened this Apr 23, 2026
@github-actions github-actions Bot added size/m PR size: M and removed size/xl PR size: XL size/m PR size: M labels Apr 23, 2026
@github-actions github-actions Bot added the size/m PR size: M label Apr 23, 2026
Remove separate harness_config.py — env vars are read directly in
harness_review.py. One less file to maintain, config is still
driven entirely by environment variables set in the GitHub workflow.
@github-actions github-actions Bot added size/m PR size: M and removed size/m PR size: M labels Apr 23, 2026
@github-actions github-actions Bot added size/m PR size: M and removed size/m PR size: M labels Apr 23, 2026
- Replace HARNESS_ACCOUNT_ID + HARNESS_ID with single HARNESS_ARN env var
- Extract prompts into separate .md files in .github/scripts/prompts/
- Extract stream parsing into print_stream() function
- Add close_group() helper to deduplicate ::group:: bookkeeping
@github-actions github-actions Bot added size/m PR size: M and removed size/m PR size: M labels Apr 23, 2026
Extract parse_events() generator to handle binary stream decoding,
keeping print_stream() focused on formatting and log groups.
@github-actions github-actions Bot added size/m PR size: M and removed size/m PR size: M labels Apr 23, 2026
Eliminates HARNESS_REGION env var — the region is extracted from the
ARN directly, so there's no risk of a mismatch causing confusing
SigV4 auth errors.
@github-actions github-actions Bot added size/m PR size: M and removed size/m PR size: M labels Apr 23, 2026
Split into authorize + ai-review jobs. The ai-review job only runs
if the PR author is authorized (team member or write access) or if
triggered via workflow_dispatch. Removes repeated if conditions from
every step.
@github-actions github-actions Bot added size/m PR size: M and removed size/m PR size: M labels Apr 23, 2026
Copy link
Copy Markdown
Contributor

@Hweinstock Hweinstock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very excited for this! I like how you extracted out the prompts because I think we can iterate on this over time.

Comment thread .github/scripts/prompts/review.md
Comment thread .github/scripts/python/harness_review.py
Comment thread .github/workflows/pr-ai-review.yml
@Hweinstock
Copy link
Copy Markdown
Contributor

Hweinstock commented Apr 23, 2026

it looks like formatting doesn't like how you wrote the markdown. Maybe we can skip link checks on these?

Checking formatting...
[warn] .github/scripts/prompts/review.md
[warn] .github/scripts/prompts/system.md
[warn] Code style issues found in 2 files. Run Prettier with --write to fix.

Prompt markdown files use intentional formatting that prettier
would reflow, breaking the prompt structure.
@github-actions github-actions Bot added size/m PR size: M and removed size/m PR size: M labels Apr 23, 2026
Copy link
Copy Markdown
Contributor

@Hweinstock Hweinstock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excited to try this!

@jesseturner21 jesseturner21 merged commit a365bf5 into aws:main Apr 24, 2026
20 of 21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/m PR size: M

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants