feat(ci): enable self-review on pull requests using OpenCodeReview bot

[Fanduzi]

Problem Statement

The project provides a GitHub Actions workflow example (examples/github_actions/ocr-review.yml) for automated PR review, but the upstream repository itself does not use this capability on its own pull requests. Currently all PR reviews are manual (human-only), with no automated AI-assisted review.

For context, similar tools like Kodus (kodustech/kodus-ai) use their own bot (kody-ai) to automatically review nearly every incoming PR. This "eat your own dog food" approach provides:

1. Faster feedback loops — contributors get initial review feedback within minutes, before a maintainer is available.
2. Dogfooding — using the tool on its own repo surfaces real-world bugs, edge cases, and UX pain points that would otherwise go unnoticed.
3. Quality signal — demonstrates confidence in the product by running it on a real, active codebase.

I noticed that a workflow named "OpenCodeReview PR Review" (.github/workflows/ocr-review.yml) was registered on 2025-05-25 and triggered once on PR #3 (feat/multi-model-support), but the run concluded with action_required status (likely unconfigured secrets). No further runs have occurred since. The workflow file itself was never committed to the main branch and does not exist in .github/workflows/ today.

Proposed Solution

1. Promote the example workflow to an active CI workflow. Copy/adapt examples/github_actions/ocr-review.yml into .github/workflows/ocr-review.yml on the main branch.
2. Configure the required repository secrets (OCR_LLM_URL, OCR_LLM_AUTH_TOKEN, OCR_LLM_MODEL, OCR_LLM_USE_ANTHROPIC) in the upstream repository settings.
3. Trigger on PR open/sync — optionally also support manual trigger via /open-code-review comment.
4. (Optional) Create a GitHub App (e.g., open-code-review[bot]) for branded bot identity instead of github-actions[bot], as described in the existing example comments.

Alternatives Considered

• Keep status quo (manual review only) — misses the dogfooding benefit and leaves contributors waiting longer for feedback.
• Use a third-party review bot — contradicts the project's own value proposition. OpenCodeReview should review itself.

Affected Area

• CI / GitHub Actions
• Documentation (README could highlight self-review as a trust signal)

Additional Context

• The example workflow already exists at examples/github_actions/ocr-review.yml with full inline-comment posting logic via GitHub PR Review API.
• A GitLab CI equivalent also exists at examples/gitlab_ci/.gitlab-ci.yml.
• Similar tools that self-review: Kodus (kody-ai bot), CodeRabbit (coderabbitai bot).
• The one historical run (workflow run ID 26404030251, 2025-05-25) ended in action_required, suggesting secrets were not configured at that time.

中文说明

问题陈述

项目已经提供了 GitHub Actions workflow 示例（examples/github_actions/ocr-review.yml）用于自动化 PR 审查，但上游仓库自身并未在自己的 Pull Request 上启用此功能。目前所有 PR 审查均为人工进行，没有 AI 辅助的自动审查。

作为对比，类似工具如 Kodus（kodustech/kodus-ai）使用自己的 bot（kody-ai）自动审查几乎每一个新提交的 PR。这种"吃自己的狗粮"的做法有以下好处：

1. 更快的反馈周期 — 贡献者在维护者上线之前即可在数分钟内获得初步审查反馈。
2. 产品自验 — 在自己的仓库中使用工具，能发现真实场景中的 bug、边界情况和体验痛点，否则这些问题很难被注意到。
3. 质量信号 — 在真实的活跃代码库上运行工具，展示了对产品的信心。

我注意到一个名为 "OpenCodeReview PR Review"（.github/workflows/ocr-review.yml）的 workflow 于 2025-05-25 注册，并在 PR #3（feat/multi-model-support）上触发过一次，但运行结果为 action_required 状态（可能是 secrets 未配置）。此后再也没有运行过。该 workflow 文件本身从未提交到 main 分支，当前 .github/workflows/ 目录下并不存在此文件。

建议方案

1. 将示例 workflow 升级为正式 CI workflow。 将 examples/github_actions/ocr-review.yml 复制/适配到 .github/workflows/ocr-review.yml 并提交到 main 分支。
2. 配置所需的仓库 secrets（OCR_LLM_URL、OCR_LLM_AUTH_TOKEN、OCR_LLM_MODEL、OCR_LLM_USE_ANTHROPIC），在上游仓库设置中完成配置。
3. 在 PR 打开/同步时触发 — 可选同时支持通过 /open-code-review 评论手动触发。
4. （可选） 创建 GitHub App（如 open-code-review[bot]），以品牌化的 bot 身份替代 github-actions[bot]，如现有示例注释中所述。

考虑过的替代方案

• 维持现状（仅人工审查）— 错过了产品自验的好处，贡献者需要等待更长时间才能获得反馈。
• 使用第三方审查 bot — 与项目自身定位矛盾。OpenCodeReview 应该用自己来审查自己。

影响范围

• CI / GitHub Actions
• 文档（README 可以突出展示自我审查作为信任信号）

补充上下文

• 示例 workflow 已存在于 examples/github_actions/ocr-review.yml，包含完整的通过 GitHub PR Review API 发布 inline comment 的逻辑。
• GitLab CI 的等价配置同样存在于 examples/gitlab_ci/.gitlab-ci.yml。
• 使用自身产品进行自审查的类似工具：Kodus（kody-ai bot）、CodeRabbit（coderabbitai bot）。
• 唯一一次历史运行（workflow run ID 26404030251，2025-05-25）以 action_required 结束，说明当时 secrets 未正确配置。

[lizhengfeng101]

Thanks for the detailed analysis and great suggestion! We fully agree with the "eat your own dog food" philosophy.

We're currently navigating some internal processes and compliance requirements, and are actively looking for the right approach to secure funding to support the project's own dogfooding (primarily the LLM API call costs). Once that's in place, this will be a priority.

Thanks again for the thoughtful proposal!

[mogul]

are actively looking for the right approach to secure funding to support the project's own dogfooding (primarily the LLM API call costs).

The answer is staring you right in the mirror! 😜

my-friends-you-bow-to-no-one.mp4

[stay-foolish-forever]

@Fanduzi @mogul Thanks for the suggestion — great idea 👍

We've now integrated self-review into the project. The .github/workflows/ocr-review.yml workflow is active and automatically triggers OpenCodeReview on PRs when they are opened or through /open-code-review command.

We tested this with PR #63:

• Test PR: [TEST] feat: add utility functions for enhanced git operations and debugging #63
• Actions run: https://github.com/alibaba/open-code-review/actions/runs/27060924991

The OpenCodeReview PR Review workflow completed successfully (~1min 12s), triggered by the pull_request_target event. Review results were automatically posted as inline comments on PR #63 for contributors to reference.