You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Addresses review feedback (inputs must be real, not for show; guide users to the
automatic detection flow; VS Code output format) and the flag audit.
action.yml:
- Automatic flow (primary): trigger on pull_request opened/synchronize/reopened/
ready_for_review (actor = PR author, no commenter gate). Manual @mention stays
as the secondary flow (with the commenter permission pre-check).
- Trim inputs to the ones that do something: username, access-key,
fail-on-severity. Removed comment / check-gate / comment-mode /
inline-suggestions / sarif (now always-on server defaults) and
remediation / ai-agent (deferred preview). check-gate is folded into
fail-on-severity (none = never fail).
- Real gate + outputs: parse the CLI's `[deva11y-result]` line into
error-count / warning-count / findings-count / comment-url, and fail the run
per fail-on-severity (a real `warning` gate, and `error` actually fails now —
previously --pr-scan always exited 0 so the check never failed). Operational
errors (FUP/permission/error) always fail. Dropped the sarif-file output
(SARIF is uploaded server-side; there is no local file).
README + example:
- Automatic-first quick start (on: pull_request + issue_comment), @main (no v1 pin).
- Inputs/outputs tables reflect reality; describe what actually gets posted
(sticky comment, inline comments in VS Code format, Check Run, SARIF).
- Inline are review comments, not one-click suggestion blocks (findings carry
how-to-fix text, not literal replacement code) — corrected the earlier claim.
- Single support link; removed the internal-note remediation section.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|`username`| — |**Required.** Service Account username (store as a secret). |
96
-
|`access-key`| — |**Required.** Service Account access key (store as a secret). |
97
-
|`comment`|`true`| Post a summary findings comment on the PR. |
98
-
|`check-gate`|`true`| Publish a Check Run / commit status for the PR. |
99
-
|`fail-on-severity`|`error`| Fail the check at this severity and above: `error`, `warning`, or `none`. |
100
-
|`inline-suggestions`|`false`| Add one‑click suggestion blocks on offending lines. |
101
-
|`sarif`|`false`| Publish results to GitHub code scanning (Security tab). Uploaded by the App server-side — your workflow token needs no extra permission. |
102
-
|`comment-mode`|`update`|`update` a single sticky comment across runs, or post a `new` one each time. |
103
-
|`remediation`|`false`| Enable the optional agent hand‑off (preview; see below). |
104
-
|`ai-agent`| — | Required when `remediation: true`. The agent's name (e.g. `coderabbitai`, `claude`); we @‑mention it. |
0 commit comments