PR Code Inspection Example
Pull Request code inspection workflow, including code style, security scan, PR comment, and review assistance.
name: PR Code Inspection
on:
pull_request:
types:
- open
- update
- reopen
concurrency:
max: 1
exceed-action: QUEUE
permissions:
repository: read
pr: write
issue: write
jobs:
code-style:
name: Code Style Check
runs-on: {ubuntu-24,x64,slim}
if: ${{ atomgit.event_name == 'pull_request' }}
steps:
- name: Checkout PR Code
uses: checkout
with:
ref: ${{ atomgit.event.pull_request.head.sha }}
fetch-depth: 0
- name: Get Changed Files List
id: changed-files
run: |
files=$(git diff --name-only ${{ atomgit.event.pull_request.base.sha }} ${{ atomgit.event.pull_request.head.sha }})
echo "files=$files" >> $ATOMGIT_OUTPUT
echo "## Changed Files" >> $ATOMGIT_STEP_SUMMARY
for f in $files; do
echo "- $f" >> $ATOMGIT_STEP_SUMMARY
done
- name: Setup Node.js
uses: setup-node
with:
node-version: '20'
cache: 'npm'
- name: Install Dependencies
run: npm ci
- name: ESLint Check (Only Changed Files)
run: |
npx eslint ${{ steps.changed-files.outputs.files }} --format compact || true
- name: Prettier Format Check
run: |
npx prettier --check ${{ steps.changed-files.outputs.files }} || true
security-scan:
name: Security Scan
runs-on: {ubuntu-24,x64,slim}
if: ${{ atomgit.event_name == 'pull_request' }}
steps:
- name: Checkout PR Code
uses: checkout
with:
ref: ${{ atomgit.event.pull_request.head.sha }}
- name: Setup Node.js
uses: setup-node
with:
node-version: '20'
- name: Dependency Security Audit
run: npm audit --audit-level=high || true
- name: License Check
run: npx license-checker --summary || true
- name: Security Scan Summary
if: ${{ always }}
run: |
echo "## Security Scan Results" >> $ATOMGIT_STEP_SUMMARY
echo "Scan completed for PR #${{ atomgit.event.pull_request.number }}" >> $ATOMGIT_STEP_SUMMARY
pr-size-check:
name: PR Size Check
runs-on: {ubuntu-24,x64,slim}
if: ${{ atomgit.event_name == 'pull_request' }}
steps:
- name: Checkout PR Code
uses: checkout
with:
ref: ${{ atomgit.event.pull_request.head.sha }}
fetch-depth: 0
- name: Calculate Change Size
id: size
run: |
additions=$(git diff --numstat ${{ atomgit.event.pull_request.base.sha }} ${{ atomgit.event.pull_request.head.sha }} | awk '{sum+=$1} END {print sum}')
deletions=$(git diff --numstat ${{ atomgit.event.pull_request.base.sha }} ${{ atomgit.event.pull_request.head.sha }} | awk '{sum+=$2} END {print sum}')
total=$((additions + deletions))
echo "additions=$additions" >> $ATOMGIT_OUTPUT
echo "deletions=$deletions" >> $ATOMGIT_OUTPUT
echo "total=$total" >> $ATOMGIT_OUTPUT
if [ $total -lt 100 ]; then
echo "size_label=small" >> $ATOMGIT_OUTPUT
elif [ $total -lt 500 ]; then
echo "size_label=medium" >> $ATOMGIT_OUTPUT
else
echo "size_label=large" >> $ATOMGIT_OUTPUT
fi
- name: PR Size Summary
run: |
echo "## PR Size Statistics" >> $ATOMGIT_STEP_SUMMARY
echo "| Metric | Value |" >> $ATOMGIT_STEP_SUMMARY
echo "|--------|-------|" >> $ATOMGIT_STEP_SUMMARY
echo "| Added Lines | ${{ steps.size.outputs.additions }} |" >> $ATOMGIT_STEP_SUMMARY
echo "| Deleted Lines | ${{ steps.size.outputs.deletions }} |" >> $ATOMGIT_STEP_SUMMARY
echo "| Total Changes | ${{ steps.size.outputs.total }} |" >> $ATOMGIT_STEP_SUMMARY
echo "| Size Label | ${{ steps.size.outputs.size_label }} |" >> $ATOMGIT_STEP_SUMMARY
- name: Add Size Label
if: ${{ steps.size.outputs.size_label == 'large' }}
env:
ATOMGIT_TOKEN: ${{ atomgit.token }}
run: |
curl -X POST \
"${{ atomgit.api_url }}/repos/${{ atomgit.repository }}/issues/${{ atomgit.event.pull_request.number }}/labels" \
-H "Authorization: token $ATOMGIT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"labels": ["size/large"]}'