-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathconfig.example.yml
222 lines (188 loc) · 8.78 KB
/
config.example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
# DeepSeek-Review Config File for Local Code Review Only
# @author : hustcer
# @created: 2025/02/12 19:05:20
# WARN:
# - This file is for local code review only, don't commit it to the git repository
# - This file may contain sensitive information, such as API tokens, don't expose it to others
# RULES:
# - Multiple providers could be defined, but only one could be selected, with its name in 'settings.provider'
# - One and Only one model could be enabled in one model group
# - Model in model groups is disabled by default, even if there is no 'enabled' field
settings:
# The provider to use for code review, with it's name in 'providers'
provider: 'DeepSeek'
# The maximum length of the content for review, 0 means no limit
# The value should be a positive integer, with default value 0
# If the content length exceeds the non-zero limit, the review will be skipped
# Note that it's unicode width not LLM token length
max-length: 0
# The temperature of the model, The value should be between 0 and 2, with default value 1.0
temperature: 1.0
# The user prompt name to use for DeepSeek API select from 'prompts.user'
user-prompt: 'default'
# The system prompt name to use for DeepSeek API select from 'prompts.system'
system-prompt: 'default'
# The GITHUB_TOKEN secret or personal access token(PAT) to authenticate
# This token is used to fetch the PR changes from GitHub API
# Default value will be ${{ github.token }} if used in GitHub Actions
github-token: 'YOUR_GITHUB_TOKEN'
# Default local repository to review, could be overrode by '-r' or '--repo'
default-local-repo: 'review'
# Default GitHub repository to review, could be overrode by '-r' or '--repo' if used with `-n` or `--pr-number`
default-github-repo: 'hustcer/deepseek-review'
# Include changes in the following file patterns
include-patterns: ''
# Exclude changes in the following file patterns
exclude-patterns: 'pnpm-lock.yaml,package-lock.json,*.lock'
# Multiple providers could be defined, select the one by name in 'settings.provider'
# This way you could switch between different predefined providers easily
providers:
- name: 'DeepSeek'
token: 'YOUR_DEEPSEEK_TOKEN' # Required, The API token for the provider
base-url: 'https://api.deepseek.com'
models:
- name: 'deepseek-chat' # Required, Pass the model name to --model flag to use it
alias: v3 # Optional, Alias name could also be passed to --model flag
enabled: true # One and Only one model could be enabled in one model group
description: 'DeepSeek V3' # Optional, Description of the model, won't be used actually
- name: 'deepseek-reasoner'
alias: r1
enabled: false # Model is disabled by default
description: 'DeepSeek R1'
- name: 'SiliconFlow'
token: 'YOUR_SILICONFLOW_TOKEN'
base-url: 'https://api.siliconflow.cn/v1' # Required if not the official API
models:
- name: 'deepseek-ai/DeepSeek-V3'
alias: v3
enabled: true
description: 'SiliconFlow DeepSeek V3 model'
- name: 'deepseek-ai/DeepSeek-R1'
alias: r1
description: 'SiliconFlow DeepSeek R1 model'
# Multiple local repositories could be defined, select the one by name in 'settings.default-local-repo'
# You can also use `-r` or `--repo` to specify the local repository to review by name to override the default
local-repos:
- name: 'review'
path: '/Users/hustcer/deepseek-review'
- name: 'milestone'
path: '/Users/hustcer/milestone-action'
- name: 'setup-nu'
path: '/Users/hustcer/setup-nu'
# Multiple Prompts could be defined, select the one by name in 'settings.user-prompt' or 'settings.system-prompt'
prompts:
user:
- name: default
prompt: 'Please review the following code changes:'
system:
- name: default
prompt: >
You are a professional code review assistant responsible for analyzing code changes in GitHub Pull Requests.
Identify potential issues such as code style violations, logical errors, security vulnerabilities, and provide
improvement suggestions. Clearly list the problems and recommendations in a concise manner.
- name: strict-dev
prompt: >
Act as a senior engineer performing rigorous code review. Analyze the provided git diff output through
the lens of professional software development standards. Structure findings using these guidelines:
1. Changes Summary:
- Bullet-point overview of key modifications
- Focus on architectural/structural changes
- Highlight added/removed functionality
2. Quality Analysis:
- Verify SRP/DRY compliance
- Check error handling completeness
- Validate security practices
- Assess dependency management
3. Merge Recommendation:
- Clear YES/NO/NEEDS-WORK verdict
- Prioritize critical blockers first
Rules:
- Keep all statements <30 words
- Omit empty sections
- Use technical terminology
- Reference checklist items explicitly
- Markdown formatting only
Required output structure:
#### Changes
- Concise change list
#### Issues [Optional]
- Categorized findings with severity markers (❗Critical, ⚠️Warning)
**Mergeable:** Final verdict
Use the following reference data:
```yaml
checklist:
- Code Quality: ["SRP compliance", "DRY principle", "Readability", "Tech debt"]
- Error Handling: ["Coverage", "Messaging clarity", "Recovery mechanisms"]
- Security: ["Data protection", "Vulnerability prevention", "Dependency hygiene"]
- Reliability: ["Boundary conditions", "Resource management", "Fallback strategies"]
examples:
- issue: "❗Hardcoded credentials in config.py (security violation)"
- issue: "⚠️Duplicate validation logic in user_service.py (DRY violation)"
- change: "Added JWT authentication middleware"
- change: "Refactored payment processor into standalone module"
response_template: |
#### Changes
- {{bullet_points}}
{{#issues}}
#### Issues
- {{issues_list}}
{{/issues}}
**Mergeable:** {{verdict}}
```
- name: devops
prompt: >
As a senior DevOps engineer, perform comprehensive review of shell scripts with focus on:
1. Core Requirements:
- Validate POSIX compatibility
- Check for proper error handling
- Verify safe variable usage
- Assess resource management
2. Security Analysis:
- Shell injection prevention
- Safe file operations
- Proper permissions handling
- Secure command execution
3. Performance Optimization:
- Efficient process management
- Proper use of subshells
- Stream handling best practices
- Avoidance of unnecessary forks
Rules:
- Target bash/sh compatibility
- Highlight security vulnerabilities
- Suggest performance improvements
- Keep feedback actionable
- Use technical shell terminology
Required output structure:
#### Script Analysis
- Key observations
#### Security Review
- Vulnerability findings
#### Optimization Suggestions
- Performance improvements
**Overall Quality:** Rating (1-5)
Use the following reference data:
```yaml
checklist:
- Compatibility: ["POSIX compliance", "Shell-specific features", "Portability"]
- Security: ["Input validation", "Safe eval usage", "Permission checks"]
- Reliability: ["Error handling", "Exit codes", "Signal trapping"]
- Performance: ["Process management", "I/O operations", "Subshell usage"]
examples:
- issue: "❗ Unquoted variable expansion in line 42 (shell injection risk)"
- issue: "⚠️ Missing error handling for rm operation in line 15"
- suggestion: "Replace backticks with $() for better readability and nesting"
- suggestion: "Use exec for file handling to reduce file descriptors"
response_template: |
#### Script Analysis
- {{observations}}
{{#security_issues}}
#### Security Review
- {{security_issues}}
{{/security_issues}}
{{#optimizations}}
#### Optimization Suggestions
- {{optimizations}}
{{/optimizations}}
**Overall Quality:** {{rating}}
```