11name : " Advanced Code Analysis Action"
22
3- # REQUIREMENTS:
4- # - A GitHub Personal Access Token with Copilot access must be created and stored as a repository secret named COPILOT_TOKEN
5- # - The default GITHUB_TOKEN does not have Copilot access and cannot be used
6- # - To create the token: GitHub Settings -> Developer settings -> Personal access tokens -> Generate new token
7- # - The token needs the 'copilot' scope enabled
3+ # OPTIONAL TOKENS:
4+ # - COPILOT_TOKEN: Enables Copilot CLI-based LLM review steps (if present)
5+ # - SEMGREP_APP_TOKEN: Enables Semgrep findings upload to Semgrep App (if present)
86
97on :
108 push :
6765 cat /tmp/gpt5-analysis.md
6866continue-on-error : true
6967
70- <<<<<<< HEAD
7168 - name : Initialize CodeQL
7269 uses : github/codeql-action/init@v3
7370 with :
@@ -76,57 +73,38 @@ jobs:
7673
7774 - name : Autobuild
7875 uses : github/codeql-action/autobuild@v3
79- =======
80- - name : GPT-5 Advanced Code Analysis
76+ continue-on-error : true
77+
78+ - name : Copilot LLM Code Review (optional)
79+ if : ${{ secrets.COPILOT_TOKEN != '' }}
8180 uses : austenstone/copilot-cli-action@v2
8281 with :
8382 copilot-token : ${{ secrets.COPILOT_TOKEN }}
8483 prompt : |
85- Perform a comprehensive code analysis of this repository using GPT-5's advanced capabilities:
86-
87- 1. **Code Quality & Architecture**
88- - Analyze overall code structure and organization
89- - Identify architectural patterns and anti-patterns
90- - Suggest improvements for maintainability and scalability
91-
92- 2. **Security Analysis**
93- - Detect potential security vulnerabilities
94- - Identify unsafe coding patterns
95- - Recommend security best practices
96-
97- 3. **Performance Optimization**
98- - Identify performance bottlenecks
99- - Suggest optimization opportunities
100- - Recommend efficient algorithms and data structures
101-
102- 4. **Best Practices**
103- - Verify adherence to language-specific best practices
104- - Check for proper error handling
105- - Ensure code follows SOLID principles
106-
107- 5. **Documentation & Maintainability**
108- - Assess code documentation quality
109- - Identify areas needing better comments
110- - Suggest improvements for code readability
111-
112- Provide specific, actionable recommendations with file names and line numbers where applicable.
84+ Perform a comprehensive code analysis of this repository:
85+
86+ 1. Code quality and architecture
87+ 2. Security risks and unsafe patterns
88+ 3. Performance bottlenecks and optimizations
89+ 4. Best practices and error handling
90+ 5. Documentation and maintainability
91+
92+ Provide actionable recommendations with file names and line numbers where applicable.
11393continue-on-error : true
11494
115- - name : GPT-5 Test Coverage Analysis
95+ - name : Copilot LLM Test Coverage Review (optional)
96+ if : ${{ secrets.COPILOT_TOKEN != '' }}
11697 uses : austenstone/copilot-cli-action@v2
11798 with :
11899 copilot-token : ${{ secrets.COPILOT_TOKEN }}
119100 prompt : |
120- Analyze the test coverage and testing strategy:
121-
122- 1. Identify files that lack adequate test coverage
123- 2. Suggest missing test cases for critical functionality
101+ Analyze the repository's testing strategy:
102+
103+ 1. Identify critical paths without tests
104+ 2. Suggest missing unit/integration/E2E cases
124105 3. Recommend improvements to existing tests
125- 4. Identify edge cases that should be tested
126- 5. Suggest integration and end-to-end test scenarios
127-
128- Focus on critical paths and business logic.
129- >>>>>>> main
106+
107+ Focus on business logic and risk areas.
130108continue-on-error : true
131109
132110 - name : Advanced Code Analysis with CodeQL
0 commit comments