feat(ci): add cora AI review job to CI pipeline#44
Conversation
- Runs after check/fmt/clippy/test pass - Uses Infisical OIDC for LLM API key (CORA_API_KEY, CORA_PROVIDER, CORA_BASE_URL, CORA_MODEL) - Reviews diff against origin/develop with --severity major --quiet - Uploads SARIF to GitHub Code Scanning (block-capable) - Posts PR comment with grouped issues (update existing comment on re-run) - Checks for blocking issues (error-level) to fail the check - Only runs on pull_request events (not push to main) - Added permissions: security-events, pull-requests, id-token
|
Warning Review limit reached
More reviews will be available in 20 minutes and 28 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
🔍 Cora AI Code Review❌ Blocked — critical issues found. 🔴 Error (4)
Review powered by cora-cli · BYOK · MIT |
- Remove 'invocation' from runs root (not allowed by GitHub validator) - Remove 'helpUri: null' from rules (must be string or omitted) - Add 'artifactChanges' to fixes (SARIF 2.1.0 required property) - Deduplicate rules by id - Remove unused chrono::Utc import - Upgrade CodeQL upload action v3 → v4
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
| - uses: Swatinem/rust-cache@v2 | ||
|
|
||
| - name: Fetch LLM secrets from Infisical | ||
| uses: Infisical/secrets-action@v1.0.9 |
| - name: Run cora review | ||
| run: | | ||
| cargo build --release | ||
| echo "=== CORA REVIEW (SARIF) ===" >> $GITHUB_STEP_SUMMARY |
| - name: Run cora review | ||
| run: | | ||
| cargo build --release | ||
| echo "=== CORA REVIEW (SARIF) ===" >> $GITHUB_STEP_SUMMARY |
| - name: Run cora review | ||
| run: | | ||
| cargo build --release | ||
| echo "=== CORA REVIEW (SARIF) ===" >> $GITHUB_STEP_SUMMARY |
Summary
Add
cora-reviewjob to CI that runs on every PR todevelop.What it does
CORA_API_KEY,CORA_PROVIDER,CORA_BASE_URL,CORA_MODELcora review --base origin/develop --severity major --quiet— reviews diff against develop, filters to major+ severityDesign decisions
needs: [check, fmt, clippy, test]— cora only runs after Rust checks pass (save API calls)if: github.event_name == 'pull_request'— doesn't run on push to mainCora ReviewcheckSetup required after merge
In GitHub repo settings → Branch protection rules (develop & main):
Cora ReviewInfisical secrets needed
Already configured:
CORA_API_KEY— LLM API keyCORA_PROVIDER—openaiCORA_BASE_URL—https://llm.azfirazka.com/v1CORA_MODEL—glm-5.1