feat: implement PR review pipeline with Gitea/GitHub/GitLab webhooks
Some checks failed
CI / Format (push) Successful in 3s
CI / Clippy (push) Failing after 1m50s
CI / Security Audit (push) Has been skipped
CI / Tests (push) Has been skipped
CI / Detect Changes (push) Has been skipped
CI / Deploy Agent (push) Has been skipped
CI / Deploy Dashboard (push) Has been skipped
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Has been skipped
Some checks failed
CI / Format (push) Successful in 3s
CI / Clippy (push) Failing after 1m50s
CI / Security Audit (push) Has been skipped
CI / Tests (push) Has been skipped
CI / Detect Changes (push) Has been skipped
CI / Deploy Agent (push) Has been skipped
CI / Deploy Dashboard (push) Has been skipped
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Has been skipped
On PR open/sync, webhook triggers incremental scan: runs semgrep on changed files + LLM code review on the diff, then posts review comments via the configured tracker. Adds Gitea webhook handler with HMAC-SHA256 verification, and wires up the previously stubbed GitHub/GitLab PR handlers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
@@ -90,7 +90,7 @@ async fn handle_push(agent: Arc<ComplianceAgent>, payload: &serde_json::Value) -
|
||||
}
|
||||
|
||||
async fn handle_pull_request(
|
||||
_agent: Arc<ComplianceAgent>,
|
||||
agent: Arc<ComplianceAgent>,
|
||||
payload: &serde_json::Value,
|
||||
) -> StatusCode {
|
||||
let action = payload["action"].as_str().unwrap_or("");
|
||||
@@ -100,14 +100,42 @@ async fn handle_pull_request(
|
||||
|
||||
let repo_url = payload["repository"]["clone_url"].as_str().unwrap_or("");
|
||||
let pr_number = payload["pull_request"]["number"].as_u64().unwrap_or(0);
|
||||
let head_sha = payload["pull_request"]["head"]["sha"]
|
||||
.as_str()
|
||||
.unwrap_or("");
|
||||
let base_sha = payload["pull_request"]["base"]["sha"]
|
||||
.as_str()
|
||||
.unwrap_or("");
|
||||
|
||||
if repo_url.is_empty() || pr_number == 0 {
|
||||
if repo_url.is_empty() || pr_number == 0 || head_sha.is_empty() || base_sha.is_empty() {
|
||||
return StatusCode::BAD_REQUEST;
|
||||
}
|
||||
|
||||
tracing::info!("GitHub PR webhook: PR #{pr_number} {action} on {repo_url}");
|
||||
// PR review scan would be triggered here - runs incremental SAST on diff
|
||||
// and posts review comments via the GitHub tracker
|
||||
let repo = agent
|
||||
.db
|
||||
.repositories()
|
||||
.find_one(mongodb::bson::doc! { "git_url": repo_url })
|
||||
.await
|
||||
.ok()
|
||||
.flatten();
|
||||
|
||||
if let Some(repo) = repo {
|
||||
let repo_id = repo.id.map(|id| id.to_hex()).unwrap_or_default();
|
||||
let head_sha = head_sha.to_string();
|
||||
let base_sha = base_sha.to_string();
|
||||
let agent_clone = (*agent).clone();
|
||||
tokio::spawn(async move {
|
||||
tracing::info!("GitHub PR webhook: reviewing PR #{pr_number} on {repo_id}");
|
||||
if let Err(e) = agent_clone
|
||||
.run_pr_review(&repo_id, pr_number, &base_sha, &head_sha)
|
||||
.await
|
||||
{
|
||||
tracing::error!("PR review failed for #{pr_number}: {e}");
|
||||
}
|
||||
});
|
||||
} else {
|
||||
tracing::debug!("GitHub PR webhook: no tracked repo for {repo_url}");
|
||||
}
|
||||
|
||||
StatusCode::OK
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user