Summary: Adds a Woodpecker CI pipeline that triggers AI-based code reviews on pull requests using a custom bot image and LLM configuration from secrets.

Issues:

💡 LOW: .woodpecker/10-pr-review.yml:21 - Missing trailing newline

File does not end with a newline character. Unix/Linux convention requires text files to end with a newline. This can cause issues in some tools or git diffs.

⚠️ MEDIUM: .woodpecker/10-pr-review.yml:9 - Floating Docker image tag

The Docker image uses the latest tag (git.hackmi.ch/phil/pr-review-bot:latest). Using mutable tags is risky because the image can be changed unexpectedly, leading to non-reproducible builds or security issues if the image is compromised.

Recommendations:

💡 [.woodpecker/10-pr-review.yml:9] Pin Docker image to a specific version

Step 1: Replace git.hackmi.ch/phil/pr-review-bot:latest with a versioned tag like git.hackmi.ch/phil/pr-review-bot:v1.0.0 once a stable release is available.
Step 2: Document the version update process to ensure timely updates when new stable versions are released.

Score (Code Quality): 85

Result:

👍 Good (acceptable, minor improvements recommended)

The pipeline configuration is structurally sound and follows security best practices by storing all sensitive credentials in secrets. The main concerns are the floating latest image tag and the missing trailing newline.

**Summary:** Adds a Woodpecker CI pipeline that triggers AI-based code reviews on pull requests using a custom bot image and LLM configuration from secrets. **Issues:** <details> <summary>💡 LOW: .woodpecker/10-pr-review.yml:21 - Missing trailing newline</summary> > File does not end with a newline character. Unix/Linux convention requires text files to end with a newline. This can cause issues in some tools or git diffs. </details> <details> <summary>⚠️ MEDIUM: .woodpecker/10-pr-review.yml:9 - Floating Docker image tag</summary> > The Docker image uses the `latest` tag (`git.hackmi.ch/phil/pr-review-bot:latest`). Using mutable tags is risky because the image can be changed unexpectedly, leading to non-reproducible builds or security issues if the image is compromised. </details> **Recommendations:** <details> <summary>💡 [.woodpecker/10-pr-review.yml:9] Pin Docker image to a specific version</summary> > Step 1: Replace `git.hackmi.ch/phil/pr-review-bot:latest` with a versioned tag like `git.hackmi.ch/phil/pr-review-bot:v1.0.0` once a stable release is available. > Step 2: Document the version update process to ensure timely updates when new stable versions are released. </details> **Score (Code Quality):** 85 **Result:** - 👍 Good (acceptable, minor improvements recommended) The pipeline configuration is structurally sound and follows security best practices by storing all sensitive credentials in secrets. The main concerns are the floating `latest` image tag and the missing trailing newline.

phil merged commit bc355067d7 into main

2026-04-20 19:38:24 +02:00

phil deleted branch add/ai-review

2026-04-20 19:38:24 +02:00

phil referenced this pull request from a commit

2026-04-20 19:38:25 +02:00

Added PR Review AI Pipeline (#18)