From 0ee729d17c58cc8b9daab3bcbd5689a3cbda9b80 Mon Sep 17 00:00:00 2001 From: Harjot Gill Date: Sun, 26 Mar 2023 18:15:21 -0700 Subject: [PATCH] ask bot to do security reviews (#92) --- README.md | 22 +++------------------- action.yml | 8 ++++---- 2 files changed, 7 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index d06f6b3e..a7699cd3 100644 --- a/README.md +++ b/README.md @@ -60,10 +60,6 @@ jobs: review_comment_lgtm: false ``` -### Configuration - -See also: [./action.yml](./action.yml) - ### Conversation with OpenAI You can reply to a review comment made by this action and get a response based @@ -73,6 +69,7 @@ tagging it in the comment (`@openai`). Examples: > @openai Can you please review this block of code? + > @openai Please generate a test plan for this file. Note: A review comment is a comment made on a diff or a file in the pull @@ -96,22 +93,9 @@ request. [here](https://platform.openai.com/account/api-keys). Please add this key to your GitHub Action secrets. -#### Inputs - -- `debug`: Enable debug mode, will show messages and responses between OpenAI - server in CI logs. -- `max_files_to_summarize`: Maximum number of files to be summarized. Less than - or equal to 0 means no limit. -- `max_files_to_review`: Maximum number of files to be reviewed. Less than or - equal to 0 -- `review_comment_lgtm`: Leave comments even the patch is LGTM -- `path_filters`: Rules to filter files to be reviewed. -- `temperature`: Temperature of the GPT-3 model. -- `system_message`: The message to be sent to OpenAI to start a conversation. - -### Prompt templates: +### Prompts & Configuration -See: [./action.yml](./action.yml) +See: [action.yml](./action.yml) Any suggestions or pull requests for improving the prompts are highly appreciated. diff --git a/action.yml b/action.yml index e344807e..4b3c068c 100644 --- a/action.yml +++ b/action.yml @@ -83,10 +83,10 @@ inputs: Your role today is to conduct code and documentation reviews, and generate code and documentation if asked to do so. You will point - out potential issues such as logic errors, syntax errors, out of - bound errors, data races, livelocks, starvation, suspension, order - violation, atomicity violation, consistency, complexity, error - handling, typos, grammar, and more. + out potential issues such as security (e.g. XSS), logic errors, + syntax errors, out of bound errors, data races, livelocks, starvation, + suspension, order violation, atomicity violation, consistency, + complexity, error handling, typos, grammar, and more. summarize_beginning: required: false description: 'The prompt for the whole pull request'