Summary: Adds a Woodpecker CI pipeline configuration that runs a PR review bot (pr-review-bot) on pull request events, using LLM APIs to provide automated code reviews.

Issues:

⚠️ MEDIUM: .woodpecker/pr-review.yml:12 - Using release candidate image in production

The pipeline uses image tag 0.2.0-rc.0 which is a release candidate. RC versions may contain bugs, receive breaking changes, or be abandoned. Consider pinning to a stable release tag (e.g., 0.2.0 or later) once available, or document the rationale for using RC.

⚠️ MEDIUM: .woodpecker/pr-review.yml:12 - External custom registry dependency

The Docker image is hosted on a custom Forgejo registry (git.hackmi.ch) rather than a major registry like Docker Hub. This introduces availability risk—if the registry goes down, the image becomes unavailable. Ensure you trust the maintainer of this image and consider mirroring it for redundancy.

💡 LOW: .woodpecker/pr-review.yml - Missing pipeline timeout

No failure: cancel or timeout is configured for the step. A misbehaving or looping review bot could run indefinitely, consuming CI resources. Consider adding step-level timeout settings.

Recommendations:

💡 [.woodpecker/pr-review.yml] Recommended improvements

Step 1: Change the image tag from 0.2.0-rc.0 to a stable release once available, or add a comment documenting the RC usage decision.
Step 2: Add a timeout to the step (e.g., timeout: 600 for 10 minutes) to prevent runaway processes.
Step 3: Consider adding a settings block with pull: always explicitly for reproducible image pulls.

Score (Code Quality): 78/100

Result:

👍 Good (acceptable with minor improvements recommended)

**Summary:** Adds a Woodpecker CI pipeline configuration that runs a PR review bot (pr-review-bot) on pull request events, using LLM APIs to provide automated code reviews. **Issues:** <details> <summary>⚠️ MEDIUM: .woodpecker/pr-review.yml:12 - Using release candidate image in production</summary> > The pipeline uses image tag `0.2.0-rc.0` which is a release candidate. RC versions may contain bugs, receive breaking changes, or be abandoned. Consider pinning to a stable release tag (e.g., `0.2.0` or later) once available, or document the rationale for using RC. </details> <details> <summary>⚠️ MEDIUM: .woodpecker/pr-review.yml:12 - External custom registry dependency</summary> > The Docker image is hosted on a custom Forgejo registry (`git.hackmi.ch`) rather than a major registry like Docker Hub. This introduces availability risk—if the registry goes down, the image becomes unavailable. Ensure you trust the maintainer of this image and consider mirroring it for redundancy. </details> <details> <summary>💡 LOW: .woodpecker/pr-review.yml - Missing pipeline timeout</summary> > No `failure: cancel` or `timeout` is configured for the step. A misbehaving or looping review bot could run indefinitely, consuming CI resources. Consider adding step-level timeout settings. </details> **Recommendations:** <details> <summary>💡 [.woodpecker/pr-review.yml] Recommended improvements</summary> > Step 1: Change the image tag from `0.2.0-rc.0` to a stable release once available, or add a comment documenting the RC usage decision. > Step 2: Add a timeout to the step (e.g., `timeout: 600` for 10 minutes) to prevent runaway processes. > Step 3: Consider adding a `settings` block with `pull: always` explicitly for reproducible image pulls. </details> **Score (Code Quality):** 78/100 **Result:** - 👍 Good (acceptable with minor improvements recommended)

phil merged commit 09bcb9b7a2 into main

2026-04-19 20:59:30 +02:00

phil deleted branch add/pr-review

2026-04-19 20:59:31 +02:00

phil referenced this pull request from a commit

2026-04-19 20:59:31 +02:00

Added pr-review-bot (#31)