Summary: Migrates the PR review pipeline from direct Docker image execution to Woodpecker's plugin-style configuration, updating environment variable naming conventions and secret references.

Issues:

⚠️ MEDIUM .woodpecker/pr-review.yml:9 - Using mutable `latest` image tag

Using git.hackmi.ch/phil/pr-review-bot:latest means the pipeline behavior can change unexpectedly when new images are pushed. For production CI/CD pipelines, pinning to a specific version (e.g., 0.2.0 or a commit SHA) ensures reproducibility and prevents breaking changes.

💡 LOW .woodpecker/pr-review.yml:5 - Breaking change in secret names

Secrets were renamed from llm_provider/llm_model/etc. to global_llm_provider/global_llm_model/etc. This is a breaking change that requires updating the CI/CD secrets configuration before merging, otherwise the pipeline will fail.

Recommendations:

💡 .woodpecker/pr-review.yml:9 - Pin to a specific version tag

Step 1: Replace git.hackmi.ch/phil/pr-review-bot:latest with a specific version like git.hackmi.ch/phil/pr-review-bot:0.2.0 or a git SHA tag.
Step 2: Document the versioning strategy in the repository (e.g., update CHANGELOG or migration guide when upgrading).

Score (Code Quality): 75

Result: ⚠️ Changes Requested

The migration follows Woodpecker's plugin pattern correctly, but the latest tag is a production reliability concern. Consider pinning to a stable version tag.

**Summary:** Migrates the PR review pipeline from direct Docker image execution to Woodpecker's plugin-style configuration, updating environment variable naming conventions and secret references. **Issues:** <details> <summary>⚠️ MEDIUM .woodpecker/pr-review.yml:9 - Using mutable `latest` image tag</summary> > Using `git.hackmi.ch/phil/pr-review-bot:latest` means the pipeline behavior can change unexpectedly when new images are pushed. For production CI/CD pipelines, pinning to a specific version (e.g., `0.2.0` or a commit SHA) ensures reproducibility and prevents breaking changes. </details> <details> <summary>💡 LOW .woodpecker/pr-review.yml:5 - Breaking change in secret names</summary> > Secrets were renamed from `llm_provider`/`llm_model`/etc. to `global_llm_provider`/`global_llm_model`/etc. This is a breaking change that requires updating the CI/CD secrets configuration before merging, otherwise the pipeline will fail. </details> **Recommendations:** <details> <summary>💡 .woodpecker/pr-review.yml:9 - Pin to a specific version tag</summary> > Step 1: Replace `git.hackmi.ch/phil/pr-review-bot:latest` with a specific version like `git.hackmi.ch/phil/pr-review-bot:0.2.0` or a git SHA tag. > Step 2: Document the versioning strategy in the repository (e.g., update CHANGELOG or migration guide when upgrading). </details> **Score (Code Quality):** 75 **Result:** ⚠️ Changes Requested The migration follows Woodpecker's plugin pattern correctly, but the `latest` tag is a production reliability concern. Consider pinning to a stable version tag.

phil merged commit fb0f1d2017 into main

2026-04-24 20:41:06 +02:00

phil deleted branch fix/ci

2026-04-24 20:41:06 +02:00

phil referenced this pull request from a commit

2026-04-24 20:41:08 +02:00

Merge pull request 'ci: migrate pr-review pipeline to plugin' (#33) from fix/ci into main