|
| 1 | +name: Cursor Code Review |
| 2 | + |
| 3 | +on: |
| 4 | + pull_request: |
| 5 | + types: [opened, synchronize, reopened, ready_for_review] |
| 6 | + |
| 7 | +permissions: |
| 8 | + pull-requests: write |
| 9 | + contents: read |
| 10 | + issues: write |
| 11 | + |
| 12 | +jobs: |
| 13 | + code-review: |
| 14 | + runs-on: ubuntu-latest |
| 15 | + # Skip automated code review for draft PRs |
| 16 | + if: github.event.pull_request.draft == false |
| 17 | + steps: |
| 18 | + - name: Checkout repository |
| 19 | + uses: actions/checkout@v4 |
| 20 | + with: |
| 21 | + fetch-depth: 0 |
| 22 | + ref: ${{ github.event.pull_request.head.sha }} |
| 23 | + |
| 24 | + - name: Install Cursor CLI |
| 25 | + run: | |
| 26 | + curl https://cursor.com/install -fsS | bash |
| 27 | + echo "$HOME/.cursor/bin" >> $GITHUB_PATH |
| 28 | +
|
| 29 | + - name: Configure git identity |
| 30 | + run: | |
| 31 | + git config user.name "Cursor Agent" |
| 32 | + git config user.email "cursoragent@cursor.com" |
| 33 | +
|
| 34 | + - name: Perform automated code review |
| 35 | + env: |
| 36 | + CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }} |
| 37 | + MODEL: gpt-5-codex |
| 38 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 39 | + BLOCKING_REVIEW: ${{ vars.BLOCKING_REVIEW || 'false' }} |
| 40 | + run: | |
| 41 | + cursor-agent --force --model "$MODEL" --output-format=text --print 'You are operating in a GitHub Actions runner performing automated code review. The gh CLI is available and authenticated via GH_TOKEN. You may comment on pull requests. |
| 42 | +
|
| 43 | + Context: |
| 44 | + - Repo: ${{ github.repository }} |
| 45 | + - PR Number: ${{ github.event.pull_request.number }} |
| 46 | + - PR Head SHA: ${{ github.event.pull_request.head.sha }} |
| 47 | + - PR Base SHA: ${{ github.event.pull_request.base.sha }} |
| 48 | + - Blocking Review: ${{ env.BLOCKING_REVIEW }} |
| 49 | +
|
| 50 | + Objectives: |
| 51 | + 1) Re-check existing review comments and reply resolved when addressed. |
| 52 | + 2) Review the current PR diff and flag only clear, high-severity issues. |
| 53 | + 3) Leave very short inline comments (1-2 sentences) on changed lines only and a brief summary at the end. |
| 54 | +
|
| 55 | + Procedure: |
| 56 | + - Get existing comments: gh pr view --json comments |
| 57 | + - Get diff: gh pr diff |
| 58 | + - Get changed files with patches to compute inline positions: gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files --paginate --jq '.[] | {filename,patch}' |
| 59 | + - Compute exact inline anchors for each issue (file path + diff position). Comments MUST be placed inline on the changed line in the diff, not as top-level comments. |
| 60 | + - Detect prior top-level "no issues" style comments authored by this bot (match bodies like: "✅ no issues", "No issues found", "LGTM"). |
| 61 | + - If CURRENT run finds issues and any prior "no issues" comments exist: |
| 62 | + - Prefer to remove them to avoid confusion: |
| 63 | + - Try deleting top-level issue comments via: gh api -X DELETE repos/${{ github.repository }}/issues/comments/<comment_id> |
| 64 | + - If deletion isn't possible, minimize them via GraphQL (minimizeComment) or edit to prefix "[Superseded by new findings]". |
| 65 | + - If neither delete nor minimize is possible, reply to that comment: "⚠️ Superseded: issues were found in newer commits". |
| 66 | + - If a previously reported issue appears fixed by nearby changes, reply: ✅ This issue appears to be resolved by the recent changes |
| 67 | + - Analyze ONLY for: |
| 68 | + - Null/undefined dereferences |
| 69 | + - Resource leaks (unclosed files or connections) |
| 70 | + - Injection (SQL/XSS) |
| 71 | + - Concurrency/race conditions |
| 72 | + - Missing error handling for critical operations |
| 73 | + - Obvious logic errors with incorrect behavior |
| 74 | + - Clear performance anti-patterns with measurable impact |
| 75 | + - Definitive security vulnerabilities |
| 76 | + - Avoid duplicates: skip if similar feedback already exists on or near the same lines. |
| 77 | +
|
| 78 | + Commenting rules: |
| 79 | + - Max 10 inline comments total; prioritize the most critical issues |
| 80 | + - One issue per comment; place on the exact changed line |
| 81 | + - All issue comments MUST be inline (anchored to a file and line/position in the PR diff) |
| 82 | + - Natural tone, specific and actionable; do not mention automated or high-confidence |
| 83 | + - Use emojis: 🚨 Critical 🔒 Security ⚡ Performance ⚠️ Logic ✅ Resolved ✨ Improvement |
| 84 | +
|
| 85 | + Submission: |
| 86 | + - If there are NO issues to report and an existing top-level comment indicating "no issues" already exists (e.g., "✅ no issues", "No issues found", "LGTM"), do NOT submit another comment. Skip submission to avoid redundancy. |
| 87 | + - If there are NO issues to report and NO prior "no issues" comment exists, submit one brief summary comment noting no issues. |
| 88 | + - If there ARE issues to report and a prior "no issues" comment exists, ensure that prior comment is deleted/minimized/marked as superseded before submitting the new review. |
| 89 | + - If there ARE issues to report, submit ONE review containing ONLY inline comments plus an optional concise summary body. Use the GitHub Reviews API to ensure comments are inline: |
| 90 | + - Build a JSON array of comments like: [{ "path": "<file>", "position": <diff_position>, "body": "..." }] |
| 91 | + - Submit via: gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews -f event=COMMENT -f body="$SUMMARY" -f comments='[$COMMENTS_JSON]' |
| 92 | + - Do NOT use: gh pr review --approve or --request-changes |
| 93 | +
|
| 94 | + Blocking behavior: |
| 95 | + - If BLOCKING_REVIEW is true and any 🚨 or 🔒 issues were posted: echo "CRITICAL_ISSUES_FOUND=true" >> $GITHUB_ENV |
| 96 | + - Otherwise: echo "CRITICAL_ISSUES_FOUND=false" >> $GITHUB_ENV |
| 97 | + - Always set CRITICAL_ISSUES_FOUND at the end |
| 98 | + ' |
| 99 | +
|
| 100 | + - name: Check blocking review results |
| 101 | + if: env.BLOCKING_REVIEW == 'true' |
| 102 | + run: | |
| 103 | + echo "Checking for critical issues..." |
| 104 | + echo "CRITICAL_ISSUES_FOUND: ${CRITICAL_ISSUES_FOUND:-unset}" |
| 105 | +
|
| 106 | + if [ "${CRITICAL_ISSUES_FOUND:-false}" = "true" ]; then |
| 107 | + echo "❌ Critical issues found and blocking review is enabled. Failing the workflow." |
| 108 | + exit 1 |
| 109 | + else |
| 110 | + echo "✅ No blocking issues found." |
| 111 | + fi |
0 commit comments