* ci(workflow): add rate-limit-aware retry for PR review comment posting
Add GitHub REST API rate-limit handling to the ocr-review workflow:
- Implement computeRetryDelayMs() following GitHub's documented strategy:
* Honor retry-after header (seconds or HTTP-date)
* Wait until x-ratelimit-reset when primary limit is exhausted (remaining=0)
* Exponential backoff (>=60s base) for secondary limits without a header
* Backoff for transient 5xx/408 errors
- Add per-comment retry loop with configurable attempts and delays
- Add logRateLimitQuota() to log and proactively throttle on low remaining quota
- Honor batch createReview rate-limit headers before per-comment retry
- Cap all waits (including header-derived) to avoid stalling the CI job
- Expose tuning via OCR_* env vars (retries, delays, thresholds)
- Update example workflow docs with retry/delay configuration reference
* fix(workflow): use shorter transient backoff base and dedupe header lookup
- Transient server errors (5xx/408) now use a 2s base delay instead of
the 60s rate-limit base, matching the comment's stated intent and
avoiding unnecessary CI stalls on short-lived server hiccups.
- Extract a shared getHeader() helper for case-insensitive header
lookup, reused by both computeRetryDelayMs and logRateLimitQuota to
eliminate duplicated logic and ensure consistent robustness.
* doc: revert example doc
The release job uses ubuntu:24.04 which lacks git. After adding
commit-based release notes generation, git commands (config/describe/log)
fail with "git: not found". Install git before checkout so the full
history is available for release notes.
Add continuous integration pipeline that runs go vet, tests with
race detection, and a build check on every push to main and PR.
Satisfies the OpenSSF Best Practices test_continuous_integration criterion.
Satisfy the OpenSSF Best Practices "release_notes" criterion by parsing
commits between tags and categorizing them into Features, Bug Fixes,
Refactoring, and Documentation sections.
Ship Go binaries inside per-platform npm packages (@alibaba-group/ocr-{os}-{arch})
so npm install resolves the correct binary via optionalDependencies + os/cpu fields.
This removes the need for a postinstall download from GitHub Releases, which is
extremely slow for users behind restricted networks (e.g. China mainland).
The postinstall download is retained as a fallback for --no-optional installs.
* ci: use self-hosted runners with container images for build and deploy workflows
- deploy-pages: switch to self-hosted runner with node:20 container, remove redundant setup-node
- release: use self-hosted runner with golang:1.26.4 container for build job, remove redundant setup-go
- release: use self-hosted runner with ubuntu:24.04 container for release job
- release: use self-hosted runner with node:20 container for npm-publish job, remove redundant setup-node
- release: add jq installation step for version injection in npm-publish
* ci: fix dubious ownership in self-hosted container jobs
- Add git safe.directory trust step after checkout in release.yml build and npm-publish jobs
- Add git safe.directory trust step after checkout in deploy-pages.yml build job
- Switch deploy-pages deploy job from ubuntu-latest to self-hosted with node:20 container
Add safe.directory '*' to git config before running git operations.
Self-hosted runners may run jobs under a different OS user than the
one that owns the workspace, causing git to refuse operations with a
'dubious ownership' error.
* ci: add GitHub Actions workflow for automated PR review
- Trigger on PR opened and issue_comment (/open-code-review)
- Install OCR via npm, configure LLM secrets, run review
- Post inline review comments via GitHub PR review API
- Fallback to individual comments if batch posting fails
- Use commit SHA instead of branch ref to support fork PRs
* ci: use pull_request_target to support fork PR secret access
- Switch from pull_request to pull_request_target trigger
- Add synchronize and reopened event types
- Explicitly checkout PR head SHA (pull_request_target defaults to base)
- This ensures secrets are available for PRs from forked repos
* ci: fix pull_request_target handling for fork PRs
- Narrow trigger types to 'opened' only to reduce redundant runs
- Add explicit fetch of PR head ref to ensure fork commits are available
- Fix event name check from 'pull_request' to 'pull_request_target'
* feat(build): add Windows platform support
Add windows/amd64 and windows/arm64 to CI build matrix, Makefile
cross-platform targets, and handle .exe suffix in install/update
scripts and binary wrapper. Skip chmod on Windows where unsupported.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* docs(README): add Windows download instructions
Add Windows x86_64 and ARM64 binary download commands to both
English and Chinese README install sections.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* docs: add GitHub issue and PR templates
Add structured issue templates for bug reports, feature requests, and docs reports with YAML forms. Include a pull request template with checklist for contribution quality.
* docs: add bilingual contributing guide (EN & zh-CN)
Provide detailed contribution guidelines covering development setup, coding standards, commit conventions, PR workflow, and community conduct in both English and Chinese.
Allow users to configure include/exclude glob patterns in
.open-code-review/rule.json (global or project-level) to control
which files are reviewed. Exclude has highest priority, include
penetrates default path exclusions but not the extension allowlist.
Only one layer takes effect following --rule > project > global priority.