feat: add parallel workflow for code and security reviews #19
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
Droid finished @shashank-factory's task —— View job |
![factory-droid[bot]](https://avatars.githubusercontent.com/in/358017?s=60&v=4){kind=small}
shashank-factory
force-pushed
the
ssharma/pr3-review-json-output
branch
from
394437b to
6d909b9
Compare
Implement parallel workflow architecture that runs code review and security review simultaneously, then combines results. New Composite Actions: - prepare/ - Initialize review, create tracking comment, detect modes - review/ - Standalone code review action - security/ - Standalone security review action - combine/ - Combine results and post inline comments New Features: - Parallel execution of code and security reviews - Combined summary with deduplication - Install security skills step in main action - PR branch checkout for full file access Workflow Changes: - .github/workflows/droid-review.yml now uses multi-job parallel workflow - @droid review security triggers both reviews - run_code_review and run_security_review output flags Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
Restrict parallel review execution to automatic mode only (via automaticReview + automaticSecurityReview flags). For manual tagging, users must explicitly choose ONE of: - @droid review - Code review only - @droid security - Security review only @droid review security now parses as just @droid review. Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
- Fix combine job to run when EITHER review ran (not both) - Set run_security_review=false when skipping existing security review - Validate DROID_COMMENT_ID is non-zero in generate-review-prompt Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
shashank-factory
force-pushed
the
ssharma/pr4-parallel-workflow
branch
from
4c7a37b to
22898eb
Compare
varin-nair-factory
approved these changes
Jan 15, 2026
Collaborator
varin-nair-factory
left a comment
varin-nair-factory
left a comment
There was a problem hiding this comment.
Mostly looks good, just see comments. Did you test this? Does it work?
- Merge dev branch into parallel workflow branch - Remove redundant appendFileSync for github_token output - core.setOutput() already handles GITHUB_OUTPUT internally Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
Contributor
|
Droid encountered an error —— View job |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Closes https://linear.app/factoryai/issue/FAC-14927/update-readme-with-new-structure-around-the-security-workflow
Closes https://linear.app/factoryai/issue/FAC-14354/add-action-inputs-for-security-review-configuration
Implement parallel workflow architecture that runs code review and security review simultaneously, then combines results.
New Composite Actions
prepare/- Initialize review, create tracking comment, detect modesreview/- Standalone code review actionsecurity/- Standalone security review actioncombine/- Combine results and post inline commentsNew Features
Workflow Changes
.github/workflows/droid-review.ymlnow uses multi-job parallel workflow@droid review securitytriggers both reviewsrun_code_reviewandrun_security_reviewoutput flagsNew Entrypoints
src/entrypoints/get-token.ts- OIDC token helpersrc/entrypoints/generate-review-prompt.ts- Prompt generationsrc/entrypoints/generate-combine-prompt.ts- Combine promptsrc/entrypoints/combine-reviews.ts- Combine logicThis is the final PR in the split from the security review feature branch.
PR Stack