codeflash-omni-java #3661
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| types: [opened, synchronize, ready_for_review, reopened] | |
| paths-ignore: | |
| - '.github/workflows/**' | |
| - '*.md' | |
| - 'docs/**' | |
| - 'demos/**' | |
| - 'experiments/**' | |
| - 'LICENSE' | |
| - '.tessl/**' | |
| - 'code_to_optimize/**' | |
| - 'codeflash.code-workspace' | |
| - 'uv.lock' | |
| issue_comment: | |
| types: [created] | |
| pull_request_review_comment: | |
| types: [created] | |
| issues: | |
| types: [opened, assigned] | |
| pull_request_review: | |
| types: [submitted] | |
| jobs: | |
| # Automatic PR review (can fix linting issues and push) | |
| # Blocked for fork PRs to prevent malicious code execution | |
| pr-review: | |
| concurrency: | |
| group: pr-review-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| if: | | |
| ( | |
| github.event_name == 'pull_request' && | |
| github.event.sender.login != 'claude[bot]' && | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) || | |
| github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: read | |
| id-token: write | |
| actions: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.ref || github.ref }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| - name: Install dependencies | |
| run: | | |
| uv venv --seed | |
| uv sync | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Run Claude Code | |
| id: claude | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| use_bedrock: "true" | |
| use_sticky_comment: true | |
| track_progress: true | |
| allowed_bots: "claude[bot],codeflash-ai[bot]" | |
| exclude_comments_by_actor: "*[bot]" | |
| prompt: | | |
| <context> | |
| repo: ${{ github.repository }} | |
| pr_number: ${{ github.event.pull_request.number }} | |
| event: ${{ github.event.action }} | |
| is_re_review: ${{ github.event.action == 'synchronize' }} | |
| </context> | |
| <commitment> | |
| Execute these steps in order. If a step has no work, state that and continue to the next step. | |
| Post all review findings in a single summary comment only — never as inline PR review comments. | |
| </commitment> | |
| <step name="triage"> | |
| Before doing any work, assess the PR scope: | |
| 1. Run `gh pr diff ${{ github.event.pull_request.number }} --name-only` to get changed files. | |
| 2. Classify as TRIVIAL if ALL changed files are: | |
| - Config/CI files (.github/, .tessl/, *.toml, *.lock, *.json, *.yml, *.yaml) | |
| - Documentation (*.md, docs/) | |
| - Non-production code (demos/, experiments/, code_to_optimize/) | |
| - Only whitespace, formatting, or comment changes | |
| If TRIVIAL: post a single comment "No substantive code changes to review." and stop — do not execute any further steps. | |
| Otherwise: continue with the full review below. | |
| </step> | |
| <step name="lint_and_typecheck"> | |
| Run checks on files changed in this PR and auto-fix what you can. | |
| 1. Run `uv run prek run --from-ref origin/main` to check linting/formatting. | |
| If there are auto-fixable issues, run it again to fix them. | |
| Report any issues prek cannot auto-fix in your summary. | |
| 2. Run `uv run mypy <changed_files>` to check types. | |
| Fix type annotation issues (missing return types, Optional unions, import errors). | |
| Always fix the root cause instead of adding `type: ignore` comments. | |
| Leave alone: type errors requiring logic changes, complex generics, anything changing runtime behavior. | |
| 3. After fixes: stage with `git add`, commit ("style: auto-fix linting issues" or "fix: resolve mypy type errors"), push. | |
| 4. Verify by running `uv run prek run --from-ref origin/main` one more time. Report honestly if issues remain. | |
| </step> | |
| <step name="resolve_stale_threads"> | |
| Before reviewing, resolve any stale review threads from previous runs. | |
| 1. Fetch unresolved threads you created: | |
| `gh api graphql -f query='{ repository(owner: "${{ github.repository_owner }}", name: "${{ github.event.repository.name }}") { pullRequest(number: ${{ github.event.pull_request.number }}) { reviewThreads(first: 100) { nodes { id isResolved path comments(first: 1) { nodes { body author { login } } } } } } } }' --jq '.data.repository.pullRequest.reviewThreads.nodes[] | select(.isResolved == false) | select(.comments.nodes[0].author.login == "claude") | {id: .id, path: .path, body: .comments.nodes[0].body}'` | |
| 2. For each unresolved thread: | |
| a. Read the file at that path to check if the issue still exists | |
| b. If fixed → resolve it: `gh api graphql -f query='mutation { resolveReviewThread(input: {threadId: "<THREAD_ID>"}) { thread { isResolved } } }'` | |
| c. If still present → leave it | |
| Read the actual code before deciding. If there are no unresolved threads, skip to the next step. | |
| </step> | |
| <step name="review"> | |
| Review the diff (`gh pr diff ${{ github.event.pull_request.number }}`) for: | |
| 1. Bugs that will crash at runtime | |
| 2. Security vulnerabilities | |
| 3. Breaking API changes | |
| Ignore style issues, type hints, and log message wording. | |
| Record findings for the summary comment. Refer to CLAUDE.md for project conventions. | |
| </step> | |
| <step name="duplicate_detection"> | |
| Check whether this PR introduces code that duplicates logic already present elsewhere in the repository — including across languages. Focus on finding true duplicates, not just similar-looking code. | |
| 1. Get changed source files (excluding tests and config): | |
| `git diff --name-only origin/main...HEAD -- '*.py' '*.js' '*.ts' '*.java' | grep -v -E '(test_|_test\.(py|js|ts)|\.test\.(js|ts)|\.spec\.(js|ts)|conftest\.py|/tests/|/test/|/__tests__/)' | grep -v -E '^(\.github/|code_to_optimize/|\.tessl/|node_modules/)'` | |
| 2. For each changed file, read it and identify functions/methods added or substantially modified (longer than 5 lines). | |
| 3. Search for duplicates using Grep: | |
| - Same function name defined elsewhere | |
| - 2-3 distinctive operations from the body (specific API calls, algorithm patterns, string literals) | |
| 4. Cross-module check: this codebase has parallel modules under `languages/python/`, `languages/javascript/`, and `languages/java/` plus runtimes under `packages/codeflash/runtime/` and `codeflash-java-runtime/`. When a changed file is under one of these areas, search the others for equivalent logic. Only flag cases where the logic is genuinely shared or one module could import from the other. | |
| 5. When a Grep hit looks promising, read the full function and compare semantics. Flag only: | |
| - Same function with same/very similar body in another module | |
| - Same helper logic repeated in sibling files | |
| - Same logic implemented inline across multiple classes | |
| - Same algorithm reimplemented across language modules (Python code, not target-language differences) | |
| Report at most 5 findings with confidence (HIGH/MEDIUM), locations, what's duplicated, and suggestion. | |
| DO NOT report: boilerplate, functions under 5 lines, config/setup, intentional polymorphism, test files, imports, code that must differ due to target-language semantics. | |
| If no duplicates found, include "No duplicates detected" in the summary. | |
| </step> | |
| <step name="coverage"> | |
| Analyze test coverage for changed files: | |
| 1. Get changed Python files (excluding tests): `git diff --name-only origin/main...HEAD -- '*.py' | grep -v test` | |
| 2. Run coverage on PR branch: `uv run coverage run -m pytest tests/ -q --tb=no` then `uv run coverage json -o coverage-pr.json` | |
| 3. Get per-file coverage: `uv run coverage report --include="<changed_files>"` | |
| 4. Compare with main: checkout main, run coverage, checkout back | |
| 5. Flag: new files below 75%, decreased coverage, untested changed lines | |
| </step> | |
| <step name="summary_comment"> | |
| Post exactly one summary comment containing all results from previous steps using this format: | |
| ## PR Review Summary | |
| ### Prek Checks | |
| ### Code Review | |
| ### Duplicate Detection | |
| ### Test Coverage | |
| --- | |
| *Last updated: <timestamp>* | |
| </step> | |
| <step name="merge_optimization_prs"> | |
| Check for open PRs from codeflash-ai[bot]: | |
| `gh pr list --author "codeflash-ai[bot]" --state open --json number,title,headRefName,createdAt,mergeable` | |
| For each PR: | |
| - If CI passes and the PR is mergeable → merge with `--squash --delete-branch` | |
| - If CI is failing: | |
| 1. Check out the PR branch and inspect the failing tests | |
| 2. Attempt to fix the failures (the optimization may have broken tests or introduced issues) | |
| 3. If fixed: commit, push, and leave a comment explaining what was fixed | |
| 4. If unfixable: close with `gh pr close <number> --comment "Closing: CI checks are failing — <describe the specific failures and why they can't be auto-fixed>." --delete-branch` | |
| - Close the PR (without attempting fixes) if ANY of these apply: | |
| - Older than 7 days | |
| - Has merge conflicts (mergeable state is "CONFLICTING") | |
| - The optimized function no longer exists in the target file (check the diff) | |
| Close with: `gh pr close <number> --comment "<reason>" --delete-branch` | |
| where <reason> explains WHY the PR is being closed. Examples: | |
| - "Closing: PR is older than 7 days without being merged." | |
| - "Closing: merge conflicts with the target branch." | |
| - "Closing: the optimized function no longer exists in the target file." | |
| </step> | |
| <verification> | |
| Before finishing, confirm: | |
| - All steps were attempted (even if some had no work) | |
| - Stale review threads were checked and resolved where appropriate | |
| - All findings are in a single summary comment (no inline review comments were created) | |
| - If fixes were made, they were verified with prek | |
| </verification> | |
| claude_args: '--model us.anthropic.claude-sonnet-4-6 --allowedTools "Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*),Bash(gh pr checks:*),Bash(gh pr merge:*),Bash(gh pr close:*),Bash(gh issue view:*),Bash(gh issue list:*),Bash(gh api:*),Bash(uv run prek *),Bash(uv run mypy *),Bash(uv run coverage *),Bash(uv run pytest *),Bash(git status*),Bash(git add *),Bash(git commit *),Bash(git push*),Bash(git diff *),Bash(git checkout *),Read,Glob,Grep,Edit"' | |
| additional_permissions: | | |
| actions: read | |
| # @claude mentions (can edit and push) - restricted to maintainers only | |
| claude-mention: | |
| concurrency: | |
| group: claude-mention-${{ github.event.issue.number || github.event.pull_request.number || github.run_id }} | |
| cancel-in-progress: false | |
| if: | | |
| ( | |
| github.event_name == 'issue_comment' && | |
| contains(github.event.comment.body, '@claude') && | |
| (github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'COLLABORATOR') | |
| ) || | |
| ( | |
| github.event_name == 'pull_request_review_comment' && | |
| contains(github.event.comment.body, '@claude') && | |
| (github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'COLLABORATOR') && | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) || | |
| ( | |
| github.event_name == 'pull_request_review' && | |
| contains(github.event.review.body, '@claude') && | |
| (github.event.review.author_association == 'OWNER' || github.event.review.author_association == 'MEMBER' || github.event.review.author_association == 'COLLABORATOR') && | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) || | |
| ( | |
| github.event_name == 'issues' && | |
| (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')) && | |
| (github.event.issue.author_association == 'OWNER' || github.event.issue.author_association == 'MEMBER' || github.event.issue.author_association == 'COLLABORATOR') | |
| ) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: read | |
| id-token: write | |
| actions: read | |
| steps: | |
| - name: Get PR head ref | |
| id: pr-ref | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| # For issue_comment events, we need to fetch the PR info | |
| if [ "${{ github.event_name }}" = "issue_comment" ]; then | |
| PR_REF=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.issue.number }} --jq '.head.ref') | |
| echo "ref=$PR_REF" >> $GITHUB_OUTPUT | |
| else | |
| echo "ref=${{ github.event.pull_request.head.ref || github.head_ref }}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ steps.pr-ref.outputs.ref }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| - name: Install dependencies | |
| run: | | |
| uv venv --seed | |
| uv sync | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Run Claude Code | |
| id: claude | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| use_bedrock: "true" | |
| claude_args: '--model us.anthropic.claude-sonnet-4-6 --allowedTools "Read,Edit,Write,Glob,Grep,Bash(git status*),Bash(git diff*),Bash(git add *),Bash(git commit *),Bash(git push*),Bash(git log*),Bash(git merge*),Bash(git fetch*),Bash(git checkout*),Bash(git branch*),Bash(uv run prek *),Bash(prek *),Bash(uv run ruff *),Bash(uv run pytest *),Bash(uv run mypy *),Bash(uv run coverage *),Bash(gh pr comment*),Bash(gh pr view*),Bash(gh pr diff*),Bash(gh pr merge*),Bash(gh pr close*)"' | |
| additional_permissions: | | |
| actions: read |