diff --git a/.github/workflows/continue-detailed-review.yaml b/.github/workflows/continue-detailed-review.yaml index f718deeca28..aad3cebd951 100644 --- a/.github/workflows/continue-detailed-review.yaml +++ b/.github/workflows/continue-detailed-review.yaml @@ -17,9 +17,17 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: + - name: Generate GitHub App Token + id: app-token + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v2.0.0 + with: + app-id: ${{ secrets.CONTINUE_APP_ID }} + private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} + - name: Run Detailed PR Review uses: continuedev/continue/actions/detailed-review@b3f4b82600f603ca28c65a319b80ec36c4644ed7 with: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} continue-org: continuedev continue-config: continuedev/review-bot + github-token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/continue-general-review.yaml b/.github/workflows/continue-general-review.yaml index 01fffa3165d..eb7da50507a 100644 --- a/.github/workflows/continue-general-review.yaml +++ b/.github/workflows/continue-general-review.yaml @@ -17,9 +17,17 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: + - name: Generate GitHub App Token + id: app-token + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v2.0.0 + with: + app-id: ${{ secrets.CONTINUE_APP_ID }} + private-key: ${{ secrets.CONTINUE_APP_PRIVATE_KEY }} + - name: Run Continue PR Review Action uses: continuedev/continue/actions/general-review@b3f4b82600f603ca28c65a319b80ec36c4644ed7 with: continue-api-key: ${{ secrets.CONTINUE_API_KEY }} continue-org: "continuedev" continue-config: "continuedev/review-bot" + github-token: ${{ steps.app-token.outputs.token }} diff --git a/actions/detailed-review/action.yml b/actions/detailed-review/action.yml index f8273cc501c..b5d6bbe6cdc 100644 --- a/actions/detailed-review/action.yml +++ b/actions/detailed-review/action.yml @@ -12,6 +12,9 @@ inputs: continue-config: description: 'Config path to use (e.g., "myorg/review-bot")' required: true + github-token: + description: 'GitHub token for API access' + required: true runs: using: 'composite' @@ -79,7 +82,7 @@ runs: if: env.SKIP_REVIEW != 'true' shell: bash env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ inputs.github-token }} run: | # Get PR number based on event type if [ "${{ github.event_name }}" = "pull_request" ]; then @@ -282,6 +285,7 @@ runs: if: env.SKIP_REVIEW != 'true' uses: actions/github-script@v7 with: + github-token: ${{ inputs.github-token }} script: | const fs = require('fs'); @@ -417,8 +421,6 @@ runs: console.log('Failed to post review:', error.message); console.log('Error details:', error); } - env: - GITHUB_TOKEN: ${{ github.token }} - name: Upload Review Artifacts if: env.SKIP_REVIEW != 'true' && always() diff --git a/actions/general-review/action.yml b/actions/general-review/action.yml index dd18c447a43..d9e1993e8bd 100644 --- a/actions/general-review/action.yml +++ b/actions/general-review/action.yml @@ -12,6 +12,9 @@ inputs: continue-config: description: 'Config path to use (e.g., "myorg/review-bot")' required: true + github-token: + description: 'GitHub token for API access' + required: true runs: using: 'composite' @@ -74,7 +77,7 @@ runs: if: env.SHOULD_RUN == 'true' shell: bash env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ inputs.github-token }} run: | # Get PR number based on event type if [ "${{ github.event_name }}" = "pull_request" ]; then @@ -251,6 +254,7 @@ EOF if: env.SHOULD_RUN == 'true' && always() uses: actions/github-script@v7 with: + github-token: ${{ inputs.github-token }} script: | const fs = require('fs');