ci(github-action): update action misospace/pr-reviewer-action (v1.2.3 → v1.2.4)#347
Merged
Merged
Conversation
Contributor
Author
Branch automerge failureThis PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead. |
![its-saffron[bot]](https://avatars.githubusercontent.com/in/3901073?s=60&v=4){kind=small}
There was a problem hiding this comment.
AI Automated Review
Full PR review.
Analysis engine: review@https://litellm.jory.dev/v1 (openai)
Recommendation
Approved. This is a routine dependency update for the misospace/pr-reviewer-action GitHub Action, moving from v1.2.3 to v1.2.4. The update is performed by Renovate Bot and includes critical features for the action's thread-lifecycle management.
Change-by-Change Findings
.github/workflows/ai-pr-review.yaml
- Dependency Update: Updated
misospace/pr-reviewer-actionfrom SHAe891235...(v1.2.2/v1.2.3) to SHAd1a7753...(v1.2.4). - Configuration Updates:
- Updated
ai_primary_retriesfrom8to3. - Added
ai_response_format: json_object. - Added
review_routing_mode: auto. - Added
ai_smart_*configuration parameters (URL, format, model, API key). - Updated
tool_modefromplan_execute_oncetoplan_execute_loopand addedtool_max_rounds: "2". - Added
on_model_failure: notice. - Added
inline_findings: "true". - Added
verdict_policy: findings_severity_gated.
- Updated
- Security/Best Practice: The update uses a specific commit SHA for the action, which is a good security practice to prevent supply chain attacks via tag shifting.
README.md and action.yml
- Documentation: Updated
README.mdto include documentation for the new thread lifecycle features (resolving threads when findings are fixed and replying to still-open findings). - Outputs: Updated
action.ymlto expose theFINDINGSoutput, which is required for the new thread-management logic in the workflow.
Standards Compliance
- Dependency Management: Follows the repository's pattern of pinning actions to specific SHAs for security.
- Documentation: Updates documentation in tandem with functional changes.
Linked Issue Fit
- The release notes indicate this update addresses several issues related to finding thread lifecycles (PR 208, PR 209) and carry-forward logic (PR 212), which are correctly reflected in the configuration changes (e.g.,
inline_findings: "true").
Unknowns or Needs Verification
- None. The changes are consistent with the provided release notes for
v1.2.4.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.2.3→v1.2.4Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
misospace/pr-reviewer-action (misospace/pr-reviewer-action)
v1.2.4Compare Source
Feature-bearing 1.2.x release (1.3.0 remains reserved for the native tool-calling work tracked in #197). Backward-compatible: no new inputs — the thread-lifecycle features are gated by the existing
inline_findingsinput and engage automatically on incremental reviews.Features
resolved— the same fail-closed rule that drives the verdict), the matching open review thread is resolved via the GraphQLresolveReviewThreadmutation. Authors see live thread state instead of stale open conversations. Threads are matched by marker, never by author (#190); all API failures (e.g. read-only fork tokens) warn and never fail the publish.still_open/not_verifiable_from_delta/ unanswered) gets a short follow-up reply on its existing thread, stamped with the head SHA so re-runs never stack duplicates, and capped byinline_findings_max. The comment builder suppresses fresh anchored comments for findings that already have a live thread — one conversation per finding across N pushes. Findings the model markedresolvedno longer produce fresh anchored comments either. A still-open finding whose thread disappeared falls back to a fresh comment as before.Fixes
publish_mode: comment(#212): the comment-mode publish step never passedFINDINGSinto the metadata marker, soopen_findingswas always empty and the fail-closed carry-forward (#193) silently never ran in that mode. Incremental scope and skip-on-unchanged were unaffected; the findings safety net now works in all three publish modes.Internal
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.