OpenCode GitHub Action
ActionsTags
(2)Enhanced GitHub Action to run OpenCode GitHub agent
Create .github/workflows/opencode.yml in the repository where you want OpenCode to respond to issue and pull request comments.
By default, the action exchanges the workflow OIDC token for an OpenCode GitHub App token, so the workflow must grant id-token: write.
---
name: OpenCode
on:
issue_comment:
types:
- created
pull_request_review_comment:
types:
- created
permissions:
contents: write
issues: write
pull-requests: write
id-token: write
jobs:
opencode:
if: contains(github.event.comment.body, '/oc') || contains(github.event.comment.body, '/opencode')
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v7
with:
fetch-depth: 1
persist-credentials: false
- name: Run OpenCode
uses: dceoy/opencode-action@main
env:
OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
model: opencode-go/glm-5.2Then comment /opencode or /oc on an issue, pull request, or pull request review comment.
| Input | Required | Default | Description |
|---|---|---|---|
model |
Yes | Model to use, in provider/model format. |
|
agent |
No | build |
OpenCode primary agent to use. Falls back to default_agent from config or build if not found. |
share |
No | false |
Whether to share the OpenCode session. |
prompt |
No | Custom prompt to override the default prompt. | |
use-github-token |
No | false |
Use GITHUB_TOKEN directly instead of OpenCode App token exchange. |
mentions |
No | /opencode,/oc |
Comma-separated trigger phrases, matched case-insensitively. |
variant |
No | Provider-specific model variant for reasoning effort, such as high, max, or minimal. |
|
oidc-base-url |
No | https://api.opencode.ai |
Base URL for OIDC token exchange. Override only for a custom GitHub App installation. |
version |
No | latest |
OpenCode version to install, such as v1.2.3; latest resolves the latest upstream release. |
enable-toolkit |
No | true |
Install the action's bundled .opencode/ agents, commands, and skills into ~/.config/opencode (global config) before running. Existing files are preserved. |
| Output | Description |
|---|---|
opencode-version |
OpenCode version resolved for the workflow run. |
cache-hit |
Whether the OpenCode binary cache was restored. |
Set the API key required by the selected model provider, for example:
OPENCODE_API_KEYfor OpenCode modelsOPENROUTER_API_KEYfor OpenRouter modelsANTHROPIC_API_KEYfor Anthropic modelsOPENAI_API_KEYfor OpenAI models
When use-github-token: true, pass GITHUB_TOKEN in env and grant the workflow enough permissions for the requested work.
The bundled /review-pr command produces a single markdown review response that the OpenCode GitHub integration posts to the PR as opencode-agent[bot]. The command does not post to GitHub directly, so a review run yields one OpenCode PR comment rather than a separate github-actions[bot] review. Workflows that invoke it must provide:
GH_TOKEN: ${{ github.token }}orGITHUB_TOKEN: ${{ github.token }}forgh pr diff/gh pr viewreads- A valid API key for the selected model provider with available credits or quota
Example OpenCode step:
- name: Run OpenCode review
uses: dceoy/opencode-action@main
env:
OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
GH_TOKEN: ${{ github.token }}
with:
model: openrouter/openrouter/free
prompt: /review-prThe bundled toolkit combines Claude Code Action-style core reviewers with pr-review-toolkit specialty agents. Use /review-pr with any of the following aspect keywords:
| Command | What runs |
|---|---|
/review-pr or /review-pr all |
Core reviewers (code-quality-reviewer, performance-reviewer, test-coverage-reviewer, documentation-accuracy-reviewer, security-code-reviewer, code-reviewer) plus specialty agents (pr-test-analyzer, silent-failure-hunter, comment-analyzer, type-design-analyzer) when triggered by diff content |
/review-pr security performance |
security-code-reviewer, performance-reviewer |
/review-pr tests docs |
test-coverage-reviewer, pr-test-analyzer, documentation-accuracy-reviewer |
/review-pr code |
code-reviewer, code-quality-reviewer |
/review-pr quality |
code-quality-reviewer |
/review-pr coverage |
test-coverage-reviewer, pr-test-analyzer |
/review-pr documentation |
documentation-accuracy-reviewer |
/review-pr errors |
silent-failure-hunter |
/review-pr comments |
comment-analyzer |
/review-pr types |
type-design-analyzer |
/review-pr simplify |
code-simplifier — refinement only, does not return a review |
code-quality-reviewer— general quality, maintainability, edge cases, robustness, type safetytest-coverage-reviewer— missing critical test scenarios, brittle tests, error coverage gapsdocumentation-accuracy-reviewer— README, API docs, docstrings, examples vs. implementation
code-reviewer— project-guideline compliance (AGENTS.md), bugs, and qualityperformance-reviewer— algorithmic complexity, N+1, resource leakssecurity-code-reviewer— trust boundaries, injection, secrets, auth/authzpr-test-analyzer— behavioral test coverage and critical coverage gapssilent-failure-hunter— silent failures, broad catch blocks, fallback logiccomment-analyzer— comment accuracy, completeness, and comment rottype-design-analyzer— type invariants, encapsulation, and design quality
Findings are normalized, deduplicated across agents, and validated against the PR diff before being returned. All findings go into a single markdown response as file:line references; duplicated root causes produce one summary entry listing all affected files, and cross-document or cross-file consistency problems are summarized once instead of repeated at each location. The surrounding opencode github run integration posts that response to the PR as opencode-agent[bot].
Explain an issue:
/opencode explain this issue
Fix an issue and open a pull request:
/opencode fix this
Request a change on a pull request:
Delete the attachment from S3 when the note is removed /oc
Request a change on specific code lines from the pull request Files tab:
/oc add error handling here
OpenCode GitHub Action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.