skills/gitea-transfer/references/opencode-review.md

OpenCode PR Review Workflow

Use this pattern when adding a repo-scoped OpenCode reviewer to Gitea Actions.

Core behavior:

• Trigger only from PR comments containing /review and optional workflow_dispatch.
• Do not auto-review on PR open or synchronize for the first version.
• Run OpenCode read-only.
• Post or update one aggregate PR comment using a stable marker such as <!-- opencode-review -->.
• Checkout the PR head tree shallowly for repository context.
• Do not expose Gitea API tokens to OpenCode.

Required secrets:

• REVIEW_BOT_TOKEN: Gitea token with read:repository, read:issue, and write:issue.
• OPENCODE_GO_TOKEN: OpenCode Go API token.

Preparation step should:

• Read $GITHUB_EVENT_PATH with jq.
• Skip unless action is created, issue is a PR, and comment contains /review.
• Fetch PR metadata from GET /repos/{owner}/{repo}/pulls/{number}.
• Fetch diff from GET /repos/{owner}/{repo}/pulls/{number}.diff.
• Export PR_NUMBER, REPO, BASE_BRANCH, HEAD_BRANCH, and HEAD_SHA.

Checkout pattern:

- uses: actions/checkout@v4
  with:
    ref: ${{ env.HEAD_SHA }}
    fetch-depth: 1
    persist-credentials: false

Avoid fetch-depth: 0 unless full history is required.

Before invoking OpenCode, generate auth from OPENCODE_GO_TOKEN, disable mutation tools, and unset repository tokens from the environment.

Gitea Actions logs can be awkward before Gitea 1.26; if tea actions runs logs is unavailable or incomplete, inspect run/task state through the Gitea API.