From 624dac639bd7ed660d8d19bae2be549b4aa8ec0e Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Fri, 20 Feb 2026 14:49:30 -0500 Subject: [PATCH 1/2] Add warden and some skills --- .github/workflows/warden.yml | 24 +++++++++++++++++ .gitignore | 1 + warden.toml | 50 ++++++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+) create mode 100644 .github/workflows/warden.yml create mode 100644 warden.toml diff --git a/.github/workflows/warden.yml b/.github/workflows/warden.yml new file mode 100644 index 0000000..f2ff053 --- /dev/null +++ b/.github/workflows/warden.yml @@ -0,0 +1,24 @@ +name: Warden + +on: + pull_request: + types: [opened, synchronize, reopened] + +# contents: write required for resolving review threads via GraphQL +# See: https://github.com/orgs/community/discussions/44650 +permissions: + contents: write + pull-requests: write + checks: write + +jobs: + review: + runs-on: ubuntu-latest + env: + WARDEN_MODEL: ${{ secrets.WARDEN_MODEL }} + WARDEN_SENTRY_DSN: ${{ secrets.WARDEN_SENTRY_DSN }} + steps: + - uses: actions/checkout@v4 + - uses: getsentry/warden@v0 + with: + anthropic-api-key: ${{ secrets.WARDEN_ANTHROPIC_API_KEY }} diff --git a/.gitignore b/.gitignore index 44bfbc3..b974660 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ config.toml .env.local .env.development.local .env.production.local +.warden/logs/ diff --git a/warden.toml b/warden.toml new file mode 100644 index 0000000..7f58e7a --- /dev/null +++ b/warden.toml @@ -0,0 +1,50 @@ +version = 1 + +[defaults] +failOn = "high" +reportOn = "medium" +ignorePaths = ["**/node_modules/**", "**/*.lock", "**/migrations/**"] + +[[skills]] +name = "security-review" +remote = "getsentry/skills" + +[[skills.triggers]] +type = "pull_request" +actions = ["opened", "synchronize", "reopened"] + +[[skills]] +name = "django-access-review" +remote = "getsentry/skills" +paths = ["src/**/*.py"] +ignorePaths = ["**/tests/**", "**/test_*.py", "**/*_test.py"] + +[[skills.triggers]] +type = "pull_request" +actions = ["opened", "synchronize", "reopened"] + +[[skills]] +name = "django-perf-review" +remote = "getsentry/skills" +paths = ["src/**/*.py"] +ignorePaths = ["**/tests/**", "**/test_*.py", "**/*_test.py"] + +[[skills.triggers]] +type = "pull_request" +actions = ["opened", "synchronize", "reopened"] + +[[skills]] +name = "code-review" +remote = "getsentry/skills" + +[[skills.triggers]] +type = "pull_request" +actions = ["opened", "synchronize", "reopened"] + +[[skills]] +name = "find-bugs" +remote = "getsentry/skills" + +[[skills.triggers]] +type = "pull_request" +actions = ["opened", "synchronize", "reopened"] From 5041f77ae495903d7e5c02fba10438cf53ff1992 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Fri, 20 Feb 2026 14:52:35 -0500 Subject: [PATCH 2/2] Pin action versions to commit SHAs --- .github/workflows/warden.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/warden.yml b/.github/workflows/warden.yml index f2ff053..78f79a1 100644 --- a/.github/workflows/warden.yml +++ b/.github/workflows/warden.yml @@ -18,7 +18,7 @@ jobs: WARDEN_MODEL: ${{ secrets.WARDEN_MODEL }} WARDEN_SENTRY_DSN: ${{ secrets.WARDEN_SENTRY_DSN }} steps: - - uses: actions/checkout@v4 - - uses: getsentry/warden@v0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: getsentry/warden@1f9eace79906805de13786578aac58853d00cdc5 # v0 with: anthropic-api-key: ${{ secrets.WARDEN_ANTHROPIC_API_KEY }}