vrr/supermemory
2
0
Fork 0
mirror of https://github.com/supermemoryai/supermemory.git synced 2026-05-21 18:45:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add ci, auto-fix, and upgrade code review workflows (#776)

Browse source 
Add CI and upgrade Claude workflows

 No CI existed — type errors and lint issues only caught by Cloudflare builds. Added type check + biome lint CI on PRs, auto-fix workflow when CI fails, and
  upgraded code review with supermemory MCP + inline comments.
This commit is contained in:
Prasanna721 2026-03-10 07:20:45 +00:00
parent 984297b62d
commit a0514e7a44
4 changed files with 242 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

28
.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,28 @@
name: CI - Type Check, Format & Lint
on:
pull_request:
jobs:
quality-checks:
name: Quality Checks
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: 1.3.4
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Run TypeScript type checking
run: bunx turbo run check-types --filter='@supermemory/ai-sdk' --filter='@supermemory/memory-graph'
- name: Run Biome CI (format & lint on changed files)
run: bunx biome ci --changed --since=origin/main --no-errors-on-unmatched

102
.github/workflows/claude-auto-fix-ci.yml vendored Normal file
View file

@ -0,0 +1,102 @@
name: Auto Fix CI Failures
on:
workflow_run:
workflows: ["CI - Type Check, Format & Lint"]
types:
- completed
permissions:
contents: write
pull-requests: write
actions: read
issues: write
id-token: write
jobs:
auto-fix:
if: |
github.event.workflow_run.conclusion == 'failure' &&
github.event.workflow_run.pull_requests[0]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
with:
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Bun
uses: oven-sh/setup-bun@v2
- name: Install dependencies
run: bun install
- name: Setup git identity
run: |
git config --global user.email "claude[bot]@users.noreply.github.com"
git config --global user.name "claude[bot]"
- name: Get CI failure details
id: failure_details
uses: actions/github-script@v7
with:
script: |
const run = await github.rest.actions.getWorkflowRun({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }}
});
const jobs = await github.rest.actions.listJobsForWorkflowRun({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }}
});
const failedJobs = jobs.data.jobs.filter(job => job.conclusion === 'failure');
return {
runUrl: run.data.html_url,
failedJobs: failedJobs.map(j => ({ name: j.name, id: j.id }))
};
- name: Fix CI failures with Claude
uses: anthropics/claude-code-action@v1
with:
prompt: |
Failed CI Run: ${{ fromJSON(steps.failure_details.outputs.result).runUrl }}
Failed Jobs: ${{ join(fromJSON(steps.failure_details.outputs.result).failedJobs.*.name, ', ') }}
PR Number: ${{ github.event.workflow_run.pull_requests[0].number }}
Branch: ${{ github.event.workflow_run.head_branch }}
Repository: ${{ github.repository }}
Check supermemory for similar past CI failures and fixes.
Fix the CI failures. Common fixes:
- Biome lint errors: Run `bun run format-lint` or `biome check --fix .`
- Type errors: Run `bun run check-types` and fix reported issues
- Test failures: Debug and fix the failing tests
After fixing, commit the changes and push directly to the branch `${{ github.event.workflow_run.head_branch }}`.
Do NOT create a new PR — the fixes should be pushed to the existing PR branch.
Save the fix pattern to supermemory for future reference.
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
claude_args: |
--max-turns 20
--model claude-opus-4-5-20251101
--allowedTools "Read,Write,Edit,Glob,Grep,Bash(*),WebSearch,WebFetch,Task,mcp__supermemory,mcp__github"
--mcp-config '{
"mcpServers": {
"supermemory": {
"type": "http",
"url": "https://mcp.supermemory.ai/mcp",
"headers": {
"Authorization": "Bearer ${{ secrets.SUPERMEMORY_API_KEY }}"
}
}
}
}'

117
.github/workflows/claude-code-review.yml vendored
View file

@ -3,42 +3,117 @@ name: Claude Code Review
on:
pull_request:
types: [opened, synchronize, ready_for_review, reopened]
# Optional: Only run on specific file changes
# paths:
# - "src/**/*.ts"
# - "src/**/*.tsx"
# - "src/**/*.js"
# - "src/**/*.jsx"
jobs:
claude-review:
# Optional: Filter by PR author
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: read
contents: write
pull-requests: write
issues: write
actions: read
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
fetch-depth: 1
- name: Run Claude Code Review
id: claude-review
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
plugin_marketplaces: 'https://github.com/anthropics/claude-code.git'
plugins: 'code-review@claude-code-plugins'
prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}'
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options
# Enable progress tracking
track_progress: true
use_sticky_comment: true
include_fix_links: true
bot_name: Supermemory code review
# Enable inline comments for specific issues
claude_args: |
--model claude-opus-4-5-20251101
--allowedTools "Read,Write,Edit,Glob,Grep,Bash(*),WebSearch,WebFetch,Task,mcp__supermemory__*,mcp__github__*"
--mcp-config '{
"mcpServers": {
"supermemory": {
"type": "http",
"url": "https://mcp.supermemory.ai/mcp",
"headers": {
"Authorization": "Bearer ${{ secrets.SUPERMEMORY_API_KEY }}"
}
}
}
}'
prompt: |
You are a senior engineer reviewing a pull request. Your job is to catch real bugs, security issues, and logic errors that a human reviewer might miss. You are NOT a linter — do not comment on style, naming, formatting, or minor nitpicks.
REPO: ${{ github.repository }}
PR NUMBER: ${{ github.event.pull_request.number }}
PR TITLE: ${{ github.event.pull_request.title }}
**REVIEW PHILOSOPHY:**
Think like a Staff Engineer doing a final review before a deploy to production. Ask yourself:
- "Could this cause a production incident?"
- "Is there a subtle bug hiding here that tests won't catch?"
- "Does this introduce a security vulnerability?"
- "Will this break existing functionality or other parts of the system?"
If the answer to all of these is "no" for a given line, DO NOT comment on it. Silence is a perfectly good review. A PR with 0 inline comments and a clean summary is ideal when the code is solid.
**WHAT TO COMMENT ON (only these):**
- Bugs: race conditions, off-by-one errors, null/undefined access, logic errors, wrong operator, missing await, incorrect error handling
- Security: SQL injection, XSS, auth bypass, secrets exposure, insecure defaults, CORS misconfiguration
- Data loss: missing transactions, incorrect cascade deletes, silent data corruption
- Breaking changes: API contract changes, removed fields that clients depend on, changed behavior without migration
- Dependency issues: known CVEs, incompatible version combinations, deprecated APIs that will break
**WHAT TO NEVER COMMENT ON:**
- Code style, formatting, naming conventions (that's what linters are for)
- "Consider using X instead of Y" unless Y is actually broken
- Missing types/docs/tests (unless the missing test hides a specific bug you found)
- Suggestions that are purely preferential
- Praise or affirmation — no "LGTM" or "nice!" comments
**WORKFLOW:**
1. Use `mcp__github__get_pull_request_diff` to get the full diff
2. Read the diff carefully. For each changed file, understand the INTENT of the change, not just the syntax
3. For non-trivial changes, use Read/Grep to look at surrounding code that ISN'T in the diff — bugs often hide at the boundary between changed and unchanged code
4. Search Supermemory for any relevant past patterns, known issues, or architectural decisions related to the changed code
5. Check for existing review comments with `mcp__github__get_pull_request_review_comments` to avoid duplicates
6. Create a pending review with `mcp__github__create_pending_pull_request_review` (event: "COMMENT")
7. Add inline comments ONLY for issues that meet the bar above. For each comment:
- Explain the actual bug/risk concisely
- Show what could go wrong (e.g., "If X happens, this will Y")
- Provide a concrete fix using a code suggestion block when possible
8. Submit the review with `mcp__github__submit_pending_pull_request_review`
**REVIEW SUMMARY FORMAT:**
Keep the summary short and direct. Format:
**Overview:** One sentence on what this PR does.
**Issues found:** List only real issues, or "None — this looks good to ship." if clean.
**Score: X/10**
Scoring guide:
- 10/10: No bugs, no security issues, clean logic. This is the COMMON case for competent engineers — don't be stingy.
- 8-9/10: Minor issues that won't cause incidents but should be addressed
- 6-7/10: Real bugs or security concerns that need fixing before merge
- Below 6: Critical issues, data loss risk, or security vulnerabilities
Most PRs from experienced engineers should score 8-10. Reserve low scores for genuinely problematic code.
**CRITICAL RESTRICTIONS:**
- DO NOT use `gh pr comment` or `gh api` CLI commands — use MCP tools only
- DO NOT leave more than 5 inline comments. If you find more than 5 issues, pick the 5 most critical ones.
- DO NOT comment on things that are correct but could be "slightly better"
- If the PR is a simple config change, dependency bump, or typo fix, just submit a clean summary with no inline comments

26
.github/workflows/claude.yml vendored
View file

@ -23,7 +23,7 @@ jobs:
pull-requests: read
issues: read
id-token: write
actions: read # Required for Claude to read CI results on PRs
actions: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
@ -36,15 +36,21 @@ jobs:
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
# This is an optional setting that allows Claude to read CI results on PRs
additional_permissions: |
actions: read
# Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
# prompt: 'Update the pull request description to include a summary of changes.'
# Optional: Add claude_args to customize behavior and configuration
# See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
# or https://code.claude.com/docs/en/cli-reference for available options
# claude_args: '--allowed-tools Bash(gh pr:*)'
claude_args: |
--max-turns 15
--model claude-opus-4-5-20251101
--allowedTools "Read,Write,Edit,Glob,Grep,Bash(*),WebSearch,WebFetch,Task,mcp__supermemory,mcp__github"
--mcp-config '{
"mcpServers": {
"supermemory": {
"type": "http",
"url": "https://mcp.supermemory.ai/mcp",
"headers": {
"Authorization": "Bearer ${{ secrets.SUPERMEMORY_API_KEY }}"
}
}
}
}'