📖 先備條件:請先完成第 07 章:融會貫通後再閱讀本附錄。
⚠️ 本附錄適用於已有 CI/CD 流水線的團隊。 若您剛接觸 GitHub Actions 或 CI/CD 概念,建議先從第 07 章程式碼審查自動化章節中較簡單的 pre-commit hook 方式入手。
本附錄示範如何將 GitHub Copilot CLI 整合至 CI/CD 流水線,以便在 pull request 上自動進行程式碼審查。
以下工作流程會在 pull request 開啟或更新時,自動審查已變更的檔案:
# .github/workflows/copilot-review.yml
name: Copilot Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Needed to compare with main branch
- name: Install Copilot CLI
run: npm install -g @github/copilot
- name: Review Changed Files
env:
GITHUB_TOKEN: $
run: |
# Get list of changed JS/TS files
FILES=$(git diff --name-only origin/main...HEAD | grep -E '\.(js|ts|jsx|tsx)$' || true)
if [ -z "$FILES" ]; then
echo "No JavaScript/TypeScript files changed"
exit 0
fi
echo "# Copilot Code Review" > review.md
echo "" >> review.md
for file in $FILES; do
echo "Reviewing $file..."
echo "## $file" >> review.md
echo "" >> review.md
# Use --silent to suppress progress output
copilot --allow-all -p "Quick security and quality review of @$file. List only critical issues." --silent >> review.md 2>/dev/null || echo "Review skipped" >> review.md
echo "" >> review.md
done
- name: Post Review Comment
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const review = fs.readFileSync('review.md', 'utf8');
// Only post if there's meaningful content
if (review.includes('CRITICAL') || review.includes('HIGH')) {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: review
});
} else {
console.log('No critical issues found, skipping comment');
}
您可以將審查聚焦於特定類型的問題:
# Security-only review
copilot --allow-all -p "Security review of @$file. Check for: SQL injection, XSS, hardcoded secrets, authentication issues." --silent
# Performance-only review
copilot --allow-all -p "Performance review of @$file. Check for: N+1 queries, memory leaks, blocking operations." --silent
對於包含大量檔案的 PR,可考慮分批處理或加以限制:
# Limit to first 10 files
FILES=$(git diff --name-only origin/main...HEAD | grep -E '\.(js|ts)$' | head -10)
# Or set a timeout per file
timeout 60 copilot --allow-all -p "Review @$file" --silent || echo "Review timed out"
若要在整個團隊中維持一致的審查標準,可建立共用設定檔:
// .copilot/config.json (committed to repo)
{
"model": "claude-sonnet-4.5",
"permissions": {
"allowedPaths": ["src/**/*", "tests/**/*"],
"deniedPaths": [".env*", "secrets/**/*", "*.min.js"]
}
}
若需要更完善的審查工作流程,可考慮使用 Copilot 編程代理:
# .github/workflows/copilot-agent-review.yml
name: Request Copilot Review
on:
pull_request:
types: [opened, ready_for_review]
jobs:
request-review:
runs-on: ubuntu-latest
steps:
- name: Request Copilot Review
uses: actions/github-script@v7
with:
script: |
await github.rest.pulls.requestReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
reviewers: ['copilot[bot]']
});
--silent 旗標 — 抑制進度輸出,讓日誌更整潔請確認工作流程具備正確的權限設定:
permissions:
contents: read
pull-requests: write
issues: write
增加逾時時間或縮減審查範圍:
timeout 120 copilot --allow-all -p "Quick review of @$file - critical issues only" --silent
跳過過大的檔案:
if [ $(wc -l < "$file") -lt 500 ]; then
copilot --allow-all -p "Review @$file" --silent
else
echo "Skipping $file (too large)"
fi
| ← 返回第 07 章 | 返回附錄 |