From 9d74c479910bec9e56598b96010a709ce186bd4a Mon Sep 17 00:00:00 2001
From: guillermodotn <gleiro@redhat.com>
Date: Wed, 27 May 2026 07:51:21 +0000
Subject: [PATCH] ci: add OpenCode automated PR review workflow

---
 .github/workflows/opencode-review.yml | 50 +++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 .github/workflows/opencode-review.yml

diff --git a/.github/workflows/opencode-review.yml b/.github/workflows/opencode-review.yml
new file mode 100644
index 0000000..be9d107
--- /dev/null
+++ b/.github/workflows/opencode-review.yml
@@ -0,0 +1,50 @@
+# OpenCode Review
+#
+# Automatically reviews pull requests using OpenCode with Claude
+# via Google Vertex AI.
+#
+# Checks for code duplication, backward compatibility, test quality,
+# and design patterns.
+#
+# Requires:
+#   - GCP_SA_KEY secret (minified service account JSON key)
+#   - GOOGLE_CLOUD_PROJECT secret (Google Cloud project ID)
+#   - VERTEX_LOCATION variable (optional, defaults to us-east5)
+
+name: OpenCode Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: write
+      issues: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - uses: google-github-actions/auth@v3
+        with:
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      - uses: anomalyco/opencode/github@latest
+        env:
+          GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT }}
+          VERTEX_LOCATION: ${{ vars.VERTEX_LOCATION || 'us-east5' }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          model: google-vertex-anthropic/claude-sonnet-4-20250514
+          use_github_token: true
+          prompt: |
+            Review this pull request for the productmd Python library:
+            - No code duplication: flag logic in the PR that duplicates existing functions or patterns already in the codebase
+            - Backward compatibility: flag breaking changes to public API (renamed methods, changed return types, removed parameters)
+            - Test quality: flag tests that only check happy paths, miss edge cases, or use overly permissive assertions. Check for missing negative tests with unexpected or malformed inputs (wrong types, empty values, None, special characters)
+            - Design: suggest simplifications or flag fragile patterns