diff --git a/.gitea/workflows/pr-review.yml b/.gitea/workflows/pr-review.yml index 39544c94..e72f3c4c 100644 --- a/.gitea/workflows/pr-review.yml +++ b/.gitea/workflows/pr-review.yml @@ -58,9 +58,10 @@ jobs: echo "WARNING: Binary file changes detected — they will be excluded from analysis" fi DIFF_CONTENT=$(head -n 500 /tmp/pr_diff.txt \ - | sed -E 's/(password|token|secret|api_key|private_key)[[:space:]]*[=:][[:space:]]+([^$[:space:]][^[:space:]]*)/\1=[REDACTED]/gi') + | grep -v -E '^[+-].*(password[[:space:]]*[=:"'"'"']|token[[:space:]]*[=:"'"'"']|secret[[:space:]]*[=:"'"'"']|api_key[[:space:]]*[=:"'"'"']|private_key[[:space:]]*[=:"'"'"']|Authorization:[[:space:]]|AKIA[A-Z0-9]{16}|xox[baprs]-[0-9]{10,13}-[0-9]{10,13}-[a-zA-Z0-9]{24}|gh[opsu]_[A-Za-z0-9_]{36,}|https?://[^@[:space:]]+:[^@[:space:]]+@)' \ + | grep -v -E '^[+-].*[A-Za-z0-9+/]{40,}={0,2}([^A-Za-z0-9+/=]|$)') PROMPT="Analyze the following code changes for correctness, security issues, and best practices. PR Title: ${PR_TITLE}\n\nDiff:\n${DIFF_CONTENT}\n\nProvide a review with: 1) Summary, 2) Bugs/errors, 3) Security issues, 4) Best practices. Give specific comments with suggested fixes." - BODY=$(jq -n \ + BODY=$(jq -cn \ --arg model "qwen3-coder-next:latest" \ --arg content "$PROMPT" \ '{model: $model, messages: [{role: "user", content: $content}], stream: false}') @@ -84,7 +85,6 @@ jobs: cat /tmp/ollama_response.json exit 1 fi - jq . /tmp/ollama_response.json REVIEW=$(jq -r '.choices[0].message.content // empty' /tmp/ollama_response.json) if [ -z "$REVIEW" ]; then echo "ERROR: No content in Ollama response" @@ -118,7 +118,7 @@ jobs: HTTP_CODE=$(curl -s --max-time 30 --connect-timeout 10 \ -o /tmp/review_post_response.json -w "%{http_code}" \ -X POST "https://gogs.tftsr.com/api/v1/repos/${REPOSITORY}/pulls/${PR_NUMBER}/reviews" \ - -H "Authorization: token $TF_TOKEN" \ + -H "Authorization: Bearer $TF_TOKEN" \ -H "Content-Type: application/json" \ -d "$BODY") echo "[$(date -u +%Y-%m-%dT%H:%M:%SZ)] Post review HTTP status: $HTTP_CODE"