Skip to content

Update tenet-pr-review.yml #111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
S3DFX-CYBER wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Update tenet-pr-review.yml #111

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
98b9a96
Update tenet-pr-review.yml
S3DFX-CYBER Jun 5, 2026
b89669a
Update tenet-pr-review.yml
S3DFX-CYBER Jun 5, 2026
927e40e
Update .github/workflows/tenet-pr-review.yml
S3DFX-CYBER Jun 5, 2026
8009c3c
Merge branch 'main' into S3DFX-CYBER-patch-6
S3DFX-CYBER Jun 7, 2026
98c85e0
Merge branch 'main' into S3DFX-CYBER-patch-6
S3DFX-CYBER Jun 10, 2026
6a85340
Merge branch 'main' into S3DFX-CYBER-patch-6
S3DFX-CYBER Jun 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 18 additions & 14 deletions .github/workflows/tenet-pr-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: 🤖 TENET Agent - PR Review

on:
pull_request:
pull_request_target:
types: [opened, synchronize, reopened]

permissions:
Expand All @@ -13,38 +13,42 @@ jobs:
tenet-review:
name: TENET Security Review
runs-on: ubuntu-latest
# Skip bot-created PRs to avoid loops
if: |
github.actor != 'github-actions[bot]' &&
github.actor != 'coderabbitai[bot]'
if: github.event.pull_request.user.login != 'github-actions[bot]' && github.event.pull_request.user.login != 'coderabbitai[bot]'

# SECURITY: Do NOT add `ref: github.event.pull_request.head.sha` here.
# pull_request_target runs with repository secrets.
# Checking out fork code could expose secrets.
# TENET reads PR diffs through the GitHub API using HEAD_SHA.

steps:
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
with:
fetch-depth: 0
Comment thread
coderabbitai[bot] marked this conversation as resolved.
Comment thread
S3DFX-CYBER marked this conversation as resolved.

- name: Set up Python
uses: actions/setup-python@v6
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0
with:
python-version: "3.11"
cache: "pip"
cache-dependency-path: .github/tenet_agent/requirements.txt
cache-dependency-path: agent/tenet_agent/requirements.txt
Comment thread
coderabbitai[bot] marked this conversation as resolved.

- name: Install TENET agent dependencies
run: pip install -r .github/tenet_agent/requirements.txt
run: pip install -r agent/tenet_agent/requirements.txt
Comment thread
S3DFX-CYBER marked this conversation as resolved.

- name: Check TENET_AI_KEY is configured
id: key_check
run: |
if [ -z "$TENET_AI_KEY" ]; then
echo "⚠️ TENET_AI_KEY is not set — skipping review."
echo "Add it under Settings → Secrets and variables → Actions."
exit 0
echo "has_key=false" >> "$GITHUB_OUTPUT"
else
echo "has_key=true" >> "$GITHUB_OUTPUT"
fi
env:
TENET_AI_KEY: ${{ secrets.TENET_AI_KEY }}

- name: Run TENET PR Review
if: steps.key_check.outputs.has_key == 'true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TENET_AI_KEY: ${{ secrets.TENET_AI_KEY }}
Expand All @@ -56,5 +60,5 @@ jobs:
BASE_SHA: ${{ github.event.pull_request.base.sha }}
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
run: |
cd .github/tenet_agent
python tenet_review.py
cd agent/tenet_agent
python tenet_review.py
Loading