name: opencode-review
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
concurrency:
group: opencode-review-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
review:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- uses: anomalyco/opencode/github@77fc88c8ade8e5a620ebbe1197f3a572d29ae91a
timeout-minutes: 15
continue-on-error: true
env:
OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
OPENCODE_CONFIG_CONTENT: >-
{"provider":{"openai":{"options":{"baseURL":"{env:OPENAI_BASE_URL}","apiKey":"{env:OPENAI_API_KEY}"}}}}
with:
model: openai/gpt-5.5
prompt: |
You are a pull-request reviewer for this repository.
Focus on actionable, evidence-backed findings in the changed code.
Prioritize:
- correctness bugs and regression risks
- security or permission boundary mistakes
- CI, release, or workflow breakage
- invalid assumptions about inputs, state, or side effects
Review rules:
- Only report issues you can justify with a concrete trigger scenario,
code path, or permission boundary.
- Trace behavior through callers and downstream effects instead of
pattern-matching on one line.
- Ignore style nits, speculative concerns, and low-signal cleanup ideas.
- Prefer a short "no actionable findings" outcome over weak comments.
For each finding, include:
- severity
- primary file location
- concrete trigger or failure mode
- why it matters
- highest-leverage fix