goauth

Author: jonit-dev

README.md

@@ -2,6 +2,59 @@
 
 AI-powered PR reviews using OpenRouter's language models. Get automated code reviews, suggestions, and vulnerability scanning on your pull requests.
 
+## How It Works
+
+1. When a PR is opened or updated, the action automatically runs
+2. It analyzes the PR's diff using your chosen AI model
+3. Posts a detailed analysis as a PR comment, including:
+   - Potential bugs and vulnerabilities
+   - Code improvement suggestions
+   - Performance implications
+   - Security concerns
+   - Best practices violations
+   - Overall score and final comments
+
+Example PR comment:
+
+```markdown
+## OpenRouter AI Analysis
+
+### Potential Issues
+
+- The database query in `users.service.ts` isn't properly parameterized, creating a SQL injection risk
+- Async operation in `handleSubmit()` lacks error handling
+
+### Improvements Suggested
+
+- Consider using prepared statements for database queries
+- Add try/catch block around async operations
+- Extract form validation logic into a separate utility
+
+### Performance
+
+- The `heavyComputation()` function could benefit from memoization
+- Consider lazy loading for the imported analytics module
+
+### Security Concerns
+
+- API endpoint lacks input validation
+- Sensitive data exposure in error logs
+
+### Best Practices
+
+- Follow consistent naming convention for interface props
+- Add type annotations for function parameters
+- Consider breaking down large component into smaller ones
+
+### Overall score
+
+⭐⭐⭐⭐ (4/5) - Good PR with some minor improvements needed. The code is well-structured but could benefit from additional security measures and error handling.
+
+---
+
+_Analyzed using anthropic/claude-2_
+```
+
 ## ⚠️ Security First: Managing Secrets
 
 This action requires an OpenRouter API key. **NEVER** commit API keys or sensitive data directly in your workflow files.
@@ -18,9 +71,9 @@ This action requires an OpenRouter API key. **NEVER** commit API keys or sensiti
 
 The `GITHUB_TOKEN` is automatically provided by GitHub Actions - you don't need to set it up manually.
 
-## Quick Start
+## Complete Workflow Example
 
-Create `.github/workflows/pr-review.yml` in your project:
+Create `.github/workflows/pr-review.yml` in your project with all available options:
 
 ```yaml
 name: PR Review
@@ -37,43 +90,69 @@ jobs:
       - name: AI PR Review
         uses: jonit-dev/openrouter-github-action@main
         with:
+          # Required inputs
           github_token: ${{ secrets.GITHUB_TOKEN }} # Automatically provided
           open_router_key: ${{ secrets.OPEN_ROUTER_KEY }} # Must be set in repository secrets
-          model_id: 'anthropic/claude-2'
+
+          # Optional inputs with defaults
+          model_id: 'anthropic/claude-2' # Default model
+          max_tokens: '2048' # Default max tokens
+
+          # Optional custom prompt
+          custom_prompt: |
+            You are a security-focused reviewer. Analyze this PR with emphasis on:
+            1. Security vulnerabilities
+            2. Authentication issues
+            3. Data validation
+            4. Input sanitization
+            5. Best practices
+
+            Provide a 1-5 star rating for the overall quality.
 ```
 
-## Features
+## Configuration Reference
+
+| Input             | Description                 | Required | Default                    | Notes                                    |
+| ----------------- | --------------------------- | -------- | -------------------------- | ---------------------------------------- |
+| `github_token`    | GitHub token for API access | Yes      | `${{ github.token }}`      | Automatically provided by GitHub Actions |
+| `open_router_key` | Your OpenRouter API key     | Yes      | -                          | Must be stored in GitHub Secrets         |
+| `model_id`        | Model ID to use             | No       | `anthropic/claude-2`       | See available models below               |
+| `custom_prompt`   | Custom prompt for analysis  | No       | Default code review prompt | Can be multiline YAML                    |
+| `max_tokens`      | Maximum tokens in response  | No       | `2048`                     | Adjust based on review complexity        |
 
-- Automated PR code review using AI
-- Customizable AI models through OpenRouter
-- Vulnerability and bug detection
-- Code improvement suggestions
-- Custom prompts for specialized analysis
-- Performance and security insights
+### Minimal Configuration
 
-## Configuration Options
+If you only want to use the defaults, this is the minimal configuration needed:
 
-| Input             | Description                 | Required | Default               | Security Note                            |
-| ----------------- | --------------------------- | -------- | --------------------- | ---------------------------------------- |
-| `github_token`    | GitHub token for API access | Yes      | `${{ github.token }}` | Automatically provided by GitHub Actions |
-| `open_router_key` | Your OpenRouter API key     | Yes      | -                     | Must be stored in GitHub Secrets         |
-| `model_id`        | Model ID to use             | Yes      | anthropic/claude-2    | Safe to include in workflow file         |
-| `custom_prompt`   | Custom prompt for analysis  | No       | Default prompt        | Safe to include in workflow file         |
-| `max_tokens`      | Maximum tokens in response  | No       | 2048                  | Safe to include in workflow file         |
+```yaml
+name: PR Review
+on:
+  pull_request:
+    types: [opened, synchronize]
 
-## Advanced Usage
+jobs:
+  review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: jonit-dev/openrouter-github-action@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          open_router_key: ${{ secrets.OPEN_ROUTER_KEY }}
+```
 
-### Custom Model
+### Custom Model Example
 
 ```yaml
 - uses: jonit-dev/openrouter-github-action@main
   with:
     github_token: ${{ secrets.GITHUB_TOKEN }}
     open_router_key: ${{ secrets.OPEN_ROUTER_KEY }}
-    model_id: 'openai/gpt-4' # Safe to customize
+    model_id: 'openai/gpt-4'
+    max_tokens: '4096' # Increased for more detailed reviews
 ```
 
-### Custom Prompt
+### Custom Prompt Example
 
 ```yaml
 - uses: jonit-dev/openrouter-github-action@main
@@ -88,15 +167,15 @@ jobs:
       3. Data validation
       4. Input sanitization
       5. Best practices
+
+      Rate the overall quality from 1-5 stars and provide final comments.
 ```
 
 ## Available Models
 
-Some recommended models:
+Recommended models:
 
-- `anthropic/claude-2`: Excellent for detailed code analysis
-- `openai/gpt-4`: Strong general-purpose code review
-- `anthropic/claude-instant-v1`: Faster, more economical option
+- Check best programming ones on [openrouter](https://openrouter.ai/rankings/programming/scripting?view=week)
 
 ## Testing Locally
 
@@ -109,7 +188,7 @@ Some recommended models:
    - Never commit the API key directly
    - Never include it in environment files
    - Always use GitHub Secrets
-7. The action will run automatically on your PR
+7. The action will run automatically on your PR and post its analysis as a comment
 
 ## Security Best Practices
 

dist/index.js

@@ -41626,28 +41626,48 @@ const github = __nccwpck_require__(5438);
 const axios = __nccwpck_require__(8757);
 
 async function getPRDiff(octokit, context) {
-  const { data: diff } = await octokit.rest.pulls.get({
-    owner: context.repo.owner,
-    repo: context.repo.repo,
-    pull_number: context.payload.pull_request.number,
-    mediaType: {
-      format: 'diff',
-    },
-  });
-  return diff;
+  try {
+    const { data: pullRequest } = await octokit.rest.pulls.get({
+      owner: context.repo.owner,
+      repo: context.repo.repo,
+      pull_number: context.payload.pull_request.number,
+      mediaType: {
+        format: 'diff',
+      },
+    });
+
+    return pullRequest;
+  } catch (error) {
+    throw new Error(`Failed to fetch PR diff: ${error.message}`);
+  }
 }
 
 async function analyzeDiff(diff, modelId, openRouterKey, customPrompt) {
   const defaultPrompt = `You are a highly skilled software engineer reviewing a pull request. 
-Please analyze the following code changes and provide:
-1. Potential bugs or vulnerabilities
-2. Code improvement suggestions
-3. Performance implications
-4. Security concerns
-5. Best practices violations`;
+Analyze the following code changes and provide a detailed review in the following format:
+
+### Potential Issues
+[List any bugs, vulnerabilities, or critical issues]
+
+### Improvements Suggested
+[List specific code improvements and refactoring suggestions]
+
+### Performance
+[Discuss performance implications and optimization opportunities]
+
+### Security Concerns
+[List security issues, if any]
+
+### Best Practices
+[Suggest adherence to coding standards and best practices]
+
+### Overall score
+[Give a 1-5 star rating for this PR] and final comments
+
+Please be specific and provide actionable feedback.`;
 
   const prompt = customPrompt || defaultPrompt;
-  const fullPrompt = `${prompt}\n\nHere's the diff:\n${diff}\n\nPlease provide your analysis in a clear, structured format.`;
+  const fullPrompt = `${prompt}\n\nHere's the diff:\n${diff}\n\nProvide your analysis in the specified format.`;
 
   try {
     const response = await axios.post(
@@ -41670,24 +41690,37 @@ Please analyze the following code changes and provide:
       }
     );
 
+    if (!response.data?.choices?.[0]?.message?.content) {
+      throw new Error('Invalid response format from OpenRouter API');
+    }
+
     return response.data.choices[0].message.content;
   } catch (error) {
-    throw new Error(`OpenRouter API error: ${error.message}`);
+    if (error.response?.data) {
+      throw new Error(
+        `OpenRouter API error: ${JSON.stringify(error.response.data)}`
+      );
+    }
+    throw new Error(`Failed to analyze diff: ${error.message}`);
   }
 }
 
 async function createPRComment(octokit, context, analysis) {
-  await octokit.rest.issues.createComment({
-    owner: context.repo.owner,
-    repo: context.repo.repo,
-    issue_number: context.payload.pull_request.number,
-    body: `## OpenRouter AI Analysis
+  try {
+    await octokit.rest.issues.createComment({
+      owner: context.repo.owner,
+      repo: context.repo.repo,
+      issue_number: context.payload.pull_request.number,
+      body: `## OpenRouter AI Analysis
 
 ${analysis}
 
 ---
 *Analyzed using ${core.getInput('model_id')}*`,
-  });
+    });
+  } catch (error) {
+    throw new Error(`Failed to create PR comment: ${error.message}`);
+  }
 }
 
 async function run() {

package.json

@@ -2,10 +2,10 @@
   "name": "openrouter-pr-review-action",
   "version": "1.0.0",
   "description": "GitHub Action for PR review using OpenRouter AI models",
-  "main": "index.js",
+  "main": "dist/index.js",
   "scripts": {
     "build": "ncc build src/index.js -o dist",
-    "test": "jest"
+    "prepare": "npm run build"
   },
   "dependencies": {
     "@actions/core": "^1.10.0",