docs: documentation templates, CI workflows, and docker-compose #1

Merged

twerner merged 6 commits from feature/documentation into main 2026-05-19 09:14:39 +00:00

Conversation 1 Commits 6 Files changed 9 +533

coding-agent commented 2026-05-19 09:09:24 +00:00

Collaborator

Copy link

Adds documentation infrastructure and CI/CD templates aligned with the Video2Recipe project.

Changes

• CI/CD: Forgejo build-and-deploy workflow (SDK 10.0, WebClient), AI code review workflow + script
• Docker: Multi-stage Dockerfile, docker-compose with PostgreSQL + app service
• Docs: Project concept doc, todo list with MVP features, ADR template, AI agent guidelines
• AGENTS.md: References AI_GUIDELINES.md that agents must follow

Adds documentation infrastructure and CI/CD templates aligned with the Video2Recipe project. ### Changes - **CI/CD**: Forgejo build-and-deploy workflow (SDK 10.0, WebClient), AI code review workflow + script - **Docker**: Multi-stage Dockerfile, docker-compose with PostgreSQL + app service - **Docs**: Project concept doc, todo list with MVP features, ADR template, AI agent guidelines - **AGENTS.md**: References AI_GUIDELINES.md that agents must follow

coding-agent added 4 commits 2026-05-19 09:09:24 +00:00

feat: add AI code review script and workflows for automated PR reviews 82f42118b4

docs: adjust templates to match Video2Recipe project ... 89dd90350d

- docker-compose.yml: uncomment and configure app service
- build.yaml: update SDK to 10.0, app/webclient, fix Dockerfile path
- concept.md: fill in project-specific placeholders
- todo.md: replace example items with actual MVP tasks
- adr/0000-template.md: add ADR template

fix: update Docker image references and registry URLs in build workflow 45c1806b6d

docs: add AI_GUIDELINES.md reference to AGENTS.md ddcdf51de8

twerner added 2 commits 2026-05-19 09:10:47 +00:00

fix: update AI review workflow to use ubuntu-latest and install Python dependencies correctly 415d162235

Merge branch 'feature/documentation' of https://forgejo.to-wer.de/twerner/Video2Recipe into feature/documentation c22ad704a2

forgejo-actions commented 2026-05-19 09:14:12 +00:00

Copy link

🤖 AI Code Review

Code Review: Documentation Templates, CI Workflows, and Docker-Compose

🐛 Potential Bugs

🔴 Critical

1. AI Review Script - Missing Environment Validation (ai_review.py:18-24)

   • Required environment variables (OPENAI_API_BASE, OPENAI_API_KEY, etc.) are accessed without validation
   • Missing variables will cause unhandled KeyError exceptions

   # Should validate before accessing
   required_vars = ["OPENAI_API_BASE", "OPENAI_API_KEY", "FORGEJO_TOKEN", "FORGEJO_API_URL"]
   for var in required_vars:
       if not os.environ.get(var):
           print(f"[ERROR] Required environment variable {var} is missing")
           sys.exit(1)
   

2. Build Workflow - Git Operations in Container Context (build.yaml:38-48)

   • The versioning job runs inside a dotnet/sdk:10.0 container but attempts to push git tags
   • The container may not have proper git configuration or network access for pushing
   • This will fail silently or cause authentication issues

🔒 Security

🟡 Important

1. AI Review Script - Overly Broad Exception Handling (ai_review.py:140-142)

   • Catches all exceptions in delete_old_review_comments() which could hide authentication failures

   # Current: catches all exceptions
   except Exception as e:
       print(f"[WARN] Could not load old comments: {e}")
   
   # Better: catch specific exceptions
   except requests.exceptions.RequestException as e:
       print(f"[WARN] Could not load old comments: {e}")
   

2. AI Review Script - Token Exposure in Logs (ai_review.py:101)

   • Debug print exposes API endpoint; consider removing or sanitizing in production

   print(f"[INFO] Sending review request to {API_BASE}/chat/completions (model: {MODEL})")
   

⚡ Performance

🔵 Optional

1. Diff Generation - Large File Handling (ai_review.py:27-28)
   • Only truncates diff after reading entire file into memory
   • For very large diffs, consider streaming or line-based truncation

🏗️ Code Quality

🟡 Important

1. Magic Numbers (ai_review.py:29-30)

   • MAX_DIFF_CHARS = 30_000 and MAX_TOKENS = 4096 should be configurable or documented
   • Why these specific values? Add comments explaining the rationale

2. Build Workflow - Hardcoded Container Image (build.yaml:77)

   • forgejo.to-wer.de/twerner/docker-node-cli is a specific user's image
   • Should be configurable via variable or organization image

🔵 Optional

1. Missing .dockerignore - No .dockerignore file shown in the diff
   • Could lead to unnecessary files being copied into Docker context

✅ Positives

• Comprehensive AI Review Prompt: Well-structured system prompt covering all review areas
• Proper CI/CD Structure: Clean separation of test, build, and deploy jobs with dependencies
• Environment Variable Usage: Good use of environment variables with defaults in docker-compose

💡 Recommendations

1. Add Environment Validation to AI Review Script

def validate_env():
    required = {
        "OPENAI_API_BASE": "OpenAI API base URL",
        "OPENAI_API_KEY": "OpenAI API key",
        "FORGEJO_TOKEN": "Forgejo access token",
        "FORGEJO_API_URL": "Forgejo API URL"
    }
    missing = [k for k, v in required.items() if not os.environ.get(k)]
    if missing:
        print(f"[ERROR] Missing required environment variables: {', '.join(missing)}")
        sys.exit(1)

2. Fix Build Workflow Versioning

# Move versioning logic to a separate job that runs on host
versioning:
  runs-on: ubuntu-latest  # Not in container
  steps:
    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
    # ... versioning logic

3. Make Registry Image Configurable

- name: Build and push Docker image
  run: |
    REGISTRY_IMAGE="${{ vars.REGISTRY_BASE_IMAGE || 'forgejo.to-wer.de' }}/${{ github.repository_owner }}/${{ matrix.app }}"
    IMAGE="$REGISTRY_IMAGE"

4. Add Dockerignore File

# .dockerignore
**/bin/
**/obj/
.git/
*.md
Dockerfile
docker-compose*.yml
node_modules/

5. Remove Debug Print or Make Conditional

if os.environ.get("DEBUG"):
    print(f"[DEBUG] API endpoint: {API_BASE}")

---

Generated by [poolside/laguna-xs.2:free] via AI Code Review Action

## 🤖 AI Code Review # Code Review: Documentation Templates, CI Workflows, and Docker-Compose ## 🐛 Potential Bugs ### 🔴 Critical 1. **AI Review Script - Missing Environment Validation** (`ai_review.py:18-24`) - Required environment variables (`OPENAI_API_BASE`, `OPENAI_API_KEY`, etc.) are accessed without validation - Missing variables will cause unhandled `KeyError` exceptions ```python # Should validate before accessing required_vars = ["OPENAI_API_BASE", "OPENAI_API_KEY", "FORGEJO_TOKEN", "FORGEJO_API_URL"] for var in required_vars: if not os.environ.get(var): print(f"[ERROR] Required environment variable {var} is missing") sys.exit(1) ``` 2. **Build Workflow - Git Operations in Container Context** (`build.yaml:38-48`) - The versioning job runs inside a `dotnet/sdk:10.0` container but attempts to push git tags - The container may not have proper git configuration or network access for pushing - This will fail silently or cause authentication issues ## 🔒 Security ### 🟡 Important 1. **AI Review Script - Overly Broad Exception Handling** (`ai_review.py:140-142`) - Catches all exceptions in `delete_old_review_comments()` which could hide authentication failures ```python # Current: catches all exceptions except Exception as e: print(f"[WARN] Could not load old comments: {e}") # Better: catch specific exceptions except requests.exceptions.RequestException as e: print(f"[WARN] Could not load old comments: {e}") ``` 2. **AI Review Script - Token Exposure in Logs** (`ai_review.py:101`) - Debug print exposes API endpoint; consider removing or sanitizing in production ```python print(f"[INFO] Sending review request to {API_BASE}/chat/completions (model: {MODEL})") ``` ## ⚡ Performance ### 🔵 Optional 1. **Diff Generation - Large File Handling** (`ai_review.py:27-28`) - Only truncates diff after reading entire file into memory - For very large diffs, consider streaming or line-based truncation ## 🏗️ Code Quality ### 🟡 Important 1. **Magic Numbers** (`ai_review.py:29-30`) - `MAX_DIFF_CHARS = 30_000` and `MAX_TOKENS = 4096` should be configurable or documented - Why these specific values? Add comments explaining the rationale 2. **Build Workflow - Hardcoded Container Image** (`build.yaml:77`) - `forgejo.to-wer.de/twerner/docker-node-cli` is a specific user's image - Should be configurable via variable or organization image ### 🔵 Optional 1. **Missing .dockerignore** - No `.dockerignore` file shown in the diff - Could lead to unnecessary files being copied into Docker context ## ✅ Positives - **Comprehensive AI Review Prompt**: Well-structured system prompt covering all review areas - **Proper CI/CD Structure**: Clean separation of test, build, and deploy jobs with dependencies - **Environment Variable Usage**: Good use of environment variables with defaults in docker-compose ## 💡 Recommendations ### 1. Add Environment Validation to AI Review Script ```python def validate_env(): required = { "OPENAI_API_BASE": "OpenAI API base URL", "OPENAI_API_KEY": "OpenAI API key", "FORGEJO_TOKEN": "Forgejo access token", "FORGEJO_API_URL": "Forgejo API URL" } missing = [k for k, v in required.items() if not os.environ.get(k)] if missing: print(f"[ERROR] Missing required environment variables: {', '.join(missing)}") sys.exit(1) ``` ### 2. Fix Build Workflow Versioning ```yaml # Move versioning logic to a separate job that runs on host versioning: runs-on: ubuntu-latest # Not in container steps: - uses: actions/checkout@v4 with: fetch-depth: 0 # ... versioning logic ``` ### 3. Make Registry Image Configurable ```yaml - name: Build and push Docker image run: | REGISTRY_IMAGE="${{ vars.REGISTRY_BASE_IMAGE || 'forgejo.to-wer.de' }}/${{ github.repository_owner }}/${{ matrix.app }}" IMAGE="$REGISTRY_IMAGE" ``` ### 4. Add Dockerignore File ```dockerignore # .dockerignore **/bin/ **/obj/ .git/ *.md Dockerfile docker-compose*.yml node_modules/ ``` ### 5. Remove Debug Print or Make Conditional ```python if os.environ.get("DEBUG"): print(f"[DEBUG] API endpoint: {API_BASE}") ``` --- *Generated by [poolside/laguna-xs.2:free] via AI Code Review Action*

twerner merged commit e628c4c0e6 into main 2026-05-19 09:14:39 +00:00

twerner deleted branch feature/documentation 2026-05-19 09:14:39 +00:00

twerner referenced this pull request from a commit 2026-05-19 09:14:40 +00:00

Merge pull request 'docs: documentation templates, CI workflows, and docker-compose' (#1) from feature/documentation into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

3 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

twerner/Video2Recipe!1

No description provided.