(doris) branch master updated: [Enhancement](CI) Auto refresh AI Review credential (#63431)

hellostephen Tue, 19 May 2026 23:33:55 -0700

This is an automated email from the ASF dual-hosted git repository.

hello-stephen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git



The following commit(s) were added to refs/heads/master by this push:
     new 06f55c0ac14 [Enhancement](CI) Auto refresh AI Review credential 
(#63431)
06f55c0ac14 is described below

commit 06f55c0ac149a1962bc9d34ce545a15017cbe1b1
Author: zclllyybb <[email protected]>
AuthorDate: Wed May 20 14:30:16 2026 +0800

    [Enhancement](CI) Auto refresh AI Review credential (#63431)
    
    The OpenAI with OAuth authentication will expire but has the ability to
    refresh automatically. Therefore, we ensure the refresh by storing and
    accessing credentials through OSS.
---
 .github/workflows/opencode-review-runner.yml | 58 +++++++++++++++++++---------
 1 file changed, 40 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/opencode-review-runner.yml 
b/.github/workflows/opencode-review-runner.yml
index a8e800e99c3..54b121f7147 100644
--- a/.github/workflows/opencode-review-runner.yml
+++ b/.github/workflows/opencode-review-runner.yml
@@ -32,10 +32,10 @@ jobs:
         with:
           ref: ${{ inputs.head_sha }}
 
-      - name: Install ripgrep
+      - name: Install runner utilities
         run: |
           sudo apt-get update
-          sudo apt-get install -y ripgrep
+          sudo apt-get install -y ripgrep unzip
 
       - name: Install OpenCode
         run: |
@@ -50,24 +50,26 @@ jobs:
           echo "All install attempts failed"
           exit 1
 
+      - name: Install ossutil
+        run: |
+          tmp_dir="$(mktemp -d)"
+          trap 'rm -rf "$tmp_dir"' EXIT
+          curl -fsSL -o "$tmp_dir/ossutil.zip" 
https://gosspublic.alicdn.com/ossutil/1.7.19/ossutil-v1.7.19-linux-amd64.zip
+          unzip -q "$tmp_dir/ossutil.zip" -d "$tmp_dir"
+          sudo install -m 0755 "$tmp_dir/ossutil-v1.7.19-linux-amd64/ossutil" 
/usr/local/bin/ossutil
+
       - name: Configure OpenCode auth
+        id: configure-auth
+        env:
+          OSS_AK: ${{ secrets.OSS_AK }}
+          OSS_SK: ${{ secrets.OSS_SK }}
+          OSS_ENDPOINT: oss-cn-hongkong.aliyuncs.com
+          OSS_AUTH_OBJECT: oss://doris-community-ci/auth.json
         run: |
           mkdir -p ~/.local/share/opencode
-          cat > ~/.local/share/opencode/auth.json <<EOF
-          {
-            "openai": {
-              "type": "oauth",
-              "access": "${CODE_REVIEW_ZCLLL_OPENAI_ACCESS_KEY}",
-              "refresh": "${CODE_REVIEW_ZCLLL_OPENAI_REFRESH_KEY}",
-              "expires": 1779122093655,
-              "accountId": "${CODE_REVIEW_ZCLLL_OPENAI_ACCOUNT_ID}"
-            }
-          }
-          EOF
-        env:
-          CODE_REVIEW_ZCLLL_OPENAI_ACCESS_KEY: ${{ 
secrets.CODE_REVIEW_ZCLLL_OPENAI_ACCESS_KEY }}
-          CODE_REVIEW_ZCLLL_OPENAI_REFRESH_KEY: ${{ 
secrets.CODE_REVIEW_ZCLLL_OPENAI_REFRESH_KEY }}
-          CODE_REVIEW_ZCLLL_OPENAI_ACCOUNT_ID: ${{ 
secrets.CODE_REVIEW_ZCLLL_OPENAI_ACCOUNT_ID }}
+          ossutil -i "$OSS_AK" -k "$OSS_SK" -e "$OSS_ENDPOINT" cp -f 
"$OSS_AUTH_OBJECT" ~/.local/share/opencode/auth.json
+          chmod 600 ~/.local/share/opencode/auth.json
+          test -s ~/.local/share/opencode/auth.json
 
       - name: Prepare review context directory
         run: |
@@ -209,7 +211,10 @@ jobs:
           status=${PIPESTATUS[0]}
           set -e
 
-          last_log_line=$(awk 'NF { line = $0 } END { print line }' 
"$REVIEW_CONTEXT_DIR/opencode-review.log")
+          last_log_line=$(
+            awk 'NF { line = $0 } END { print line }' 
"$REVIEW_CONTEXT_DIR/opencode-review.log" \
+              | perl -pe 's/\e\[[0-9;?]*[ -\/]*[@-~]//g'
+          )
 
           failure_reason=""
           if printf '%s\n' "$last_log_line" | rg -q -i '^Error:|SSE read timed 
out'; then
@@ -227,6 +232,23 @@ jobs:
             exit 1
           fi
 
+      - name: Persist OpenCode auth
+        if: ${{ always() && steps.configure-auth.outcome == 'success' }}
+        env:
+          OSS_AK: ${{ secrets.OSS_AK }}
+          OSS_SK: ${{ secrets.OSS_SK }}
+          OSS_ENDPOINT: oss-cn-hongkong.aliyuncs.com
+          OSS_AUTH_OBJECT: oss://doris-community-ci/auth.json
+        run: |
+          if [ ! -s ~/.local/share/opencode/auth.json ]; then
+            echo "::warning::OpenCode auth file is missing or empty; skip OSS 
auth persistence."
+            exit 0
+          fi
+
+          if ! ossutil -i "$OSS_AK" -k "$OSS_SK" -e "$OSS_ENDPOINT" cp -f 
~/.local/share/opencode/auth.json "$OSS_AUTH_OBJECT"; then
+            echo "::warning::Failed to persist OpenCode auth to OSS; continue 
because review already finished."
+          fi
+
       - name: Comment PR on review failure
         if: ${{ always() && steps.review.outcome != 'success' }}
         env:


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(doris) branch master updated: [Enhancement](CI) Auto refresh AI Review credential (#63431)

Reply via email to