ci: add PR agent

[mayconamaroCW]

Add Codium PR Agent to automatically review pull requests in the repositories

• Auto describe is turned off, to avoid pollution
• Auto label is turned off, highly likely to poison our current label management
• Auto review and code suggestions are turned on
• Slash commands are available

[github-actions]

PR Review

⏱️ Estimated effort to review [1-5]	2, because the changes are straightforward and mainly involve adding a new workflow file and updating existing workflow files to include the new PR agent workflow. The logic is simple and the impact is limited to CI configurations.
🧪 Relevant tests	No
🔍 Possible issues	Possible Misconfiguration: The new PR agent workflow is configured to not output any logs (github_action_config.enable_output: "false"). This might make debugging issues with the PR agent difficult in the future.
🔒 Security concerns	No

Code feedback:

---

relevant file	.github/workflows/pr-agent.yml
suggestion	Consider enabling minimal logging for the PR agent to aid in troubleshooting without overwhelming the log files. This can be done by setting github_action_config.enable_output to "true" or adjusting it to a more moderate setting. [important]
relevant line	github_action_config.enable_output: "false"

---

---

✨ Review tool usage guide:

---

Overview:
The review tool scans the PR code changes, and generates a PR review which includes several types of feedbacks, such as possible PR issues, security threats and relevant test in the PR. More feedbacks can be added by configuring the tool.

The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.

• When commenting, to edit configurations related to the review tool (pr_reviewer section), use the following template:

/review --pr_reviewer.some_config1=... --pr_reviewer.some_config2=...

• With a configuration file, use the following template:

[pr_reviewer]
some_config1=...
some_config2=...

See the review usage page for a comprehensive guide on using this tool.

[github-actions]

PR Code Suggestions

Category	Suggestions
Best practice	Use a specific version of GitHub Actions to ensure workflow stability. It's recommended to specify the exact version of the GitHub Action you are using instead of main to ensure stability and predictability in your CI/CD pipeline. Using a specific version or commit hash can prevent unexpected changes from affecting your workflows. .github/workflows/pr-agent.yml [19] -uses: Codium-ai/pr-agent@main +uses: Codium-ai/[email protected] # Replace 'v1.0.0' with the desired version or commit hash
Enhancement	Enable automatic PR descriptions for better documentation. Consider enabling the auto_describe feature in the GitHub action configuration to provide automatic descriptions for the PRs, enhancing the documentation and understanding of changes made. .github/workflows/pr-agent.yml [23] -github_action_config.auto_describe: "false" +github_action_config.auto_describe: "true"
	Handle more pull request event types to improve workflow responsiveness. To ensure that the workflow can handle different types of pull request events more effectively, consider adding more event types such as synchronize to the pull_request trigger. .github/workflows/pr-agent.yml [5] -types: [opened, reopened, ready_for_review] +types: [opened, reopened, ready_for_review, synchronize]
Security	Restrict workflow permissions to enhance security. To improve the security of the workflow, consider restricting the permissions to the minimum required. For instance, if the workflow does not need to write to issues, adjust the issues permission to read. .github/workflows/pr-agent.yml [12] -issues: write +issues: read
Maintainability	Enable action output for better monitoring and debugging. To ensure that the output from the GitHub Action is useful for debugging and monitoring, consider setting enable_output to true. This change will allow you to see the outputs from the action in the workflow logs. .github/workflows/pr-agent.yml [27] -github_action_config.enable_output: "false" +github_action_config.enable_output: "true"

---

✨ Improve tool usage guide:

---

Overview:
The improve tool scans the PR code changes, and automatically generates suggestions for improving the PR code. The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on a PR.

• When commenting, to edit configurations related to the improve tool (pr_code_suggestions section), use the following template:

/improve --pr_code_suggestions.some_config1=... --pr_code_suggestions.some_config2=...

• With a configuration file, use the following template:

[pr_code_suggestions]
some_config1=...
some_config2=...

See the improve usage page for a comprehensive guide on using this tool.

[mayconamaroCW]

/review

[mayconamaroCW]

/review