📖 前置作業:請先完成第 07 章:整合應用再閱讀本附錄。
⚠️ 本附錄適用於已經有 CI/CD 流程的團隊。 如果你是 GitHub Actions 或 CI/CD 新手,請先參考第 07 章的程式碼審查自動化章節,採用較簡單的 pre-commit hook 方式。
本附錄說明如何將 GitHub Copilot CLI 整合進你的 CI/CD 流程,實現自動化的 Pull Request 程式碼審查。
此工作流程會在 Pull Request 開啟或更新時,自動審查變更的檔案:
# .github/workflows/copilot-review.yml
name: Copilot Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # 需要與 main 分支比較
- name: Install Copilot CLI
run: npm install -g @github/copilot
- name: Review Changed Files
env:
GITHUB_TOKEN: $
run: |
# 取得變更的 JS/TS 檔案清單
FILES=$(git diff --name-only origin/main...HEAD | grep -E '\.(js|ts|jsx|tsx)$' || true)
if [ -z "$FILES" ]; then
echo "No JavaScript/TypeScript files changed"
exit 0
fi
echo "# Copilot Code Review" > review.md
echo "" >> review.md
for file in $FILES; do
echo "Reviewing $file..."
echo "## $file" >> review.md
echo "" >> review.md
# 使用 --silent 抑制進度輸出
copilot --allow-all -p "Quick security and quality review of @$file. List only critical issues." --silent >> review.md 2>/dev/null || echo "Review skipped" >> review.md
echo "" >> review.md
done
- name: Post Review Comment
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const review = fs.readFileSync('review.md', 'utf8');
// 僅在有重要內容時發佈評論
if (review.includes('CRITICAL') || review.includes('HIGH')) {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: review
});
} else {
console.log('No critical issues found, skipping comment');
}
你可以聚焦於特定類型的問題進行審查:
# 僅進行安全性審查
copilot --allow-all -p "Security review of @$file. Check for: SQL injection, XSS, hardcoded secrets, authentication issues." --silent
# 僅進行效能審查
copilot --allow-all -p "Performance review of @$file. Check for: N+1 queries, memory leaks, blocking operations." --silent
對於包含許多檔案的 PR,可考慮分批或限制數量:
# 只審查前 10 個檔案
FILES=$(git diff --name-only origin/main...HEAD | grep -E '\.(js|ts)$' | head -10)
# 或對每個檔案設定逾時
timeout 60 copilot --allow-all -p "Review @$file" --silent || echo "Review timed out"
若要讓團隊審查標準一致,可建立共用設定檔:
// .copilot/config.json (提交到版本庫)
{
"model": "claude-sonnet-4.5",
"permissions": {
"allowedPaths": ["src/**/*", "tests/**/*"],
"deniedPaths": [".env*", "secrets/**/*", "*.min.js"]
}
}
若需更進階的審查流程,可考慮使用 GitHub Copilot 雲端 Agent:
# .github/workflows/copilot-agent-review.yml
name: Request Copilot Review
on:
pull_request:
types: [opened, ready_for_review]
jobs:
request-review:
runs-on: ubuntu-latest
steps:
- name: Request Copilot Review
uses: actions/github-script@v7
with:
script: |
await github.rest.pulls.requestReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
reviewers: ['copilot[bot]']
});
--silent 旗標 - 抑制進度輸出,讓日誌更乾淨請確認 workflow 設定了正確的權限:
permissions:
contents: read
pull-requests: write
issues: write
請增加逾時時間或縮小審查範圍:
timeout 120 copilot --allow-all -p "Quick review of @$file - critical issues only" --silent
跳過過大的檔案:
if [ $(wc -l < "$file") -lt 500 ]; then
copilot --allow-all -p "Review @$file" --silent
else
echo "Skipping $file (too large)"
fi
| ← 回到第 07 章 | 返回附錄目錄 |