feat(ci): add pr-agent GH Action

[skyl]

PR Type

enhancement, configuration changes

---

Description

• Added a new GitHub Actions workflow file pr-agent.yml to automate PR handling using the PR agent. The workflow is triggered on pull request events and issue comments, with necessary permissions and environment variables configured.
• Updated .devcontainer/devcontainer.json by commenting out certain VSCode extensions related to GitHub Actions and SQL tools.
• Updated TODO.md to include a new task related to .devcontainer/README.md.

---

Changes walkthrough 📝

	Relevant files
Enhancement	pr-agent.yml Add GitHub Actions workflow for PR agent                                  .github/workflows/pr-agent.yml Added a new GitHub Actions workflow for PR agent. Configured the workflow to trigger on pull request events and issue comments. Set up job permissions and environment variables for the PR agent. +21/-0
Configuration changes	devcontainer.json Update VSCode devcontainer extensions configuration            .devcontainer/devcontainer.json Commented out GitHub Actions and SQL tools extensions. +4/-4
Miscellaneous	TODO.md Update TODO list with new task                                                      TODO.md Added a new item to the TODO list regarding .devcontainer/README.md. +1/-0

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Code Commenting The comments on lines 19-22 about the uncertainty of extensions should be clarified or resolved to maintain clean and clear configuration files. Hardcoded Secrets Ensure that the use of secrets like OPENAI_KEY and GITHUB_TOKEN is secure and adheres to best practices to avoid potential security risks.

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Security	Verify and secure the usage of sensitive secrets in the GitHub Actions workflow Ensure that the OPENAI_KEY and GITHUB_TOKEN are properly secured and have minimal permissions to avoid security risks. .github/workflows/pr-agent.yml [20-21] +OPENAI_KEY: ${{ secrets.OPENAI_KEY }} +GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - Suggestion importance[1-10]: 8 Why: Ensuring that sensitive secrets like OPENAI_KEY and GITHUB_TOKEN are properly secured is crucial for preventing security vulnerabilities. This suggestion addresses a significant security concern, making it highly relevant and impactful.	8
Maintainability	Clean up the extensions list by removing commented-out entries Remove commented-out extensions if they are not planned to be used in the near future to keep the configuration clean and maintainable. .devcontainer/devcontainer.json [19-22] -// "github.vscode-github-actions", -// not sure about these below -// "mtxr.sqltools", -// "mtxr.sqltools-driver-pg" +// Extensions list cleaned up Suggestion importance[1-10]: 3 Why: The suggestion to remove commented-out extensions can improve maintainability by keeping the configuration clean. However, it is a minor improvement and does not address any functional issues.	3

[skyl]

/help "change the pr-agent action to respond to comments instead of firing automatically"

[skyl]

/describe