Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,31 @@ jobs:
permissions:
contents: write
uses: dceoy/gh-actions-for-devops/.github/workflows/github-major-version-tag.yml@main # zizmor: ignore[unpinned-uses]
repo-qa:
if: >
github.event_name == 'push'
|| github.event_name == 'pull_request'
|| github.event_name == 'workflow_dispatch'
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Validate OpenCode agent frontmatter and review-pr references
run: ./.agents/skills/local-qa/scripts/validate-opencode.sh
- name: Shellcheck repository scripts
run: git ls-files -z -- '*.sh' '*.bash' '*.bats' | xargs -0 shellcheck
- name: Scan action.yml with zizmor
run: pipx run zizmor action.yml
dependabot-auto-merge:
if: >
github.event_name == 'pull_request' && github.event.pull_request.user.login == 'dependabot[bot]'
needs:
- github-actions-lint-and-scan
- repo-qa
permissions:
contents: write
pull-requests: write
Expand Down
16 changes: 7 additions & 9 deletions .github/workflows/opencode.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,6 @@ on:
pull_request_review_comment:
types:
- created
pull_request_review:
types:
- submitted
issues:
types:
- opened
Expand Down Expand Up @@ -48,18 +45,19 @@ jobs:
OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
GH_TOKEN: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }}
with:
model: opencode-go/kimi-k2.7-code
model: opencode-go/minimax-m3
prompt: /review-pr
opencode-bot:
if: >
(
(github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment')
&& contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)
&& (contains(github.event.comment.body, ' /oc') || contains(github.event.comment.body, ' /opencode'))
) || (
github.event_name == 'pull_request_review'
&& contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.review.author_association)
&& (contains(github.event.review.body, '/oc') || contains(github.event.review.body, '/opencode'))
&& (
startsWith(github.event.comment.body, '/oc')
|| contains(github.event.comment.body, ' /oc')
|| startsWith(github.event.comment.body, '/opencode')
|| contains(github.event.comment.body, ' /opencode')
)
) || (
github.event_name == 'issues'
&& contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.issue.author_association)
Expand Down
2 changes: 1 addition & 1 deletion AGENTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ There is no build step. Validate local changes with the repository QA script:
.agents/skills/local-qa/scripts/qa.sh
```

The script checks core action metadata and README examples, including the composite action declaration, `opencode github run`, and documented usage. For end-to-end testing, run the action from a temporary workflow or push a branch and reference it from a test repository workflow.
The script formats and lints the repository and mutates files in place: it runs `prettier --write` on markdown files, `yamllint` on tracked YAML, `shellcheck` on tracked shell scripts, `zizmor --fix=safe` and `actionlint` on `.github/workflows`, `checkov` across the repo, and `.agents/skills/local-qa/scripts/validate-opencode.sh` (which validates `.opencode/` agent frontmatter and the agent references in `.opencode/commands/review-pr.md` and `.opencode/skills/review-pr/SKILL.md`). Review the diff it produces before committing. For end-to-end testing, run the action from a temporary workflow or push a branch and reference it from a test repository workflow.

## Coding Style & Naming Conventions

Expand Down
6 changes: 4 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
fetch-depth: 1
persist-credentials: false
- name: Run OpenCode
uses: dceoy/opencode-action@main
uses: dceoy/opencode-action@v0
env:
OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -45,6 +45,8 @@ jobs:

Then comment `/opencode` or `/oc` on an issue, pull request, or pull request review comment.

`@v0` tracks the latest `v0.x.y` release. Pin to an exact release tag (e.g. `@v0.2.4`) or a full commit SHA for stricter supply-chain control.

## Inputs

| Input | Required | Default | Description |
Expand Down Expand Up @@ -89,7 +91,7 @@ Example OpenCode step:

```yaml
- name: Run OpenCode review
uses: dceoy/opencode-action@main
uses: dceoy/opencode-action@v0
env:
OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
GH_TOKEN: ${{ github.token }}
Expand Down
2 changes: 1 addition & 1 deletion action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ runs:
curl -fsSL https://opencode.ai/install | bash -s -- --version "${OPENCODE_VERSION}"
- name: Add OpenCode to PATH
shell: bash -euo pipefail {0}
run: >
run: > # zizmor: ignore[github-env] fixed path, not attacker-controlled
echo "${HOME}/.opencode/bin" | tee -a "${GITHUB_PATH}"
- name: Copy bundled OpenCode config
if: inputs.enable-toolkit == 'true'
Expand Down
Loading