Skip to content

Add code-review agent to CI (copy-paste)

Binary releases: https://github.com/kramlipi/code-agent-binaries/releases
Docs: https://kramlipi.github.io/code-review-ci/
Contact: cluevion@gmail.com

Wire code-review so every PR/MR gets a first-pass review (SOLID + security smells, line findings).

Platform Posts inline comments How
GitHub Actions Yes (gh API) --pr N
GitLab CI Summary note on the MR --diff-file + glab mr note
Azure DevOps Summary comment on the PR --diff-file + REST API

Secrets / variables needed on all platforms:

Name Purpose
GEMINI_API_KEY LLM key (AI Studio)
CODE_AGENT_MODEL Optional; default gemini/gemini-3.1-flash-lite

Economy mode is off by default (full quality). To save cost: CODE_AGENT_ECONOMY_MODE=true.


GitHub Actions — copy-paste

Save as .github/workflows/code-review.yml:

name: PR Code Review (kramlipi)

on:
  pull_request:
    types: [opened, synchronize, reopened]

permissions:
  contents: read
  pull-requests: write

jobs:
  code-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Download code-agent (Linux)
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
          TAG="$(gh release list --repo kramlipi/code-agent-binaries --limit 1 --json tagName -q '.[0].tagName')"
          # tag is code-agent-vX.Y.Z → asset uses vX.Y.Z
          VER="${TAG#code-agent-}"
          gh release download "$TAG" \
            --repo kramlipi/code-agent-binaries \
            --pattern "code-agent-${VER}-linux" \
            --dir /tmp
          install -m 755 "/tmp/code-agent-${VER}-linux" /usr/local/bin/code-agent
          code-agent --help | head -5
          # ripgrep is bundled in the binary (v0.1.3+)

      - name: Review PR (inline comments)
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
          CODE_AGENT_MODEL: gemini/gemini-3.1-flash-lite
        run: |
          code-agent experts run code-review \
            --pr ${{ github.event.pull_request.number }} \
            -w .

Optional dry-run (no posts): add --dry-run to the command.

Docker alternative:

      - name: Review PR via GHCR
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
          CODE_AGENT_MODEL: gemini/gemini-3.1-flash-lite
        run: |
          docker run --rm \
            -e GH_TOKEN -e GEMINI_API_KEY -e CODE_AGENT_MODEL \
            -v "$PWD:/workspace" -w /workspace \
            ghcr.io/kramlipi/code-agent:latest \
            experts run code-review \
              --pr ${{ github.event.pull_request.number }} \
              -w /workspace

GitLab CI — copy-paste

Save as .gitlab-ci.yml job (or include in an existing file).

CI/CD variables: GEMINI_API_KEY (masked). Optional: CODE_AGENT_MODEL.

stages:
  - review

code-review:
  stage: review
  image: ubuntu:24.04
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  before_script:
    - apt-get update -qq && apt-get install -y -qq curl ca-certificates git
    - |
      set -euo pipefail
      TAG=$(curl -fsSL \
        "https://api.github.com/repos/kramlipi/code-agent-binaries/releases/latest" \
        | sed -n 's/.*"tag_name": *"\([^"]*\)".*/\1/p' | head -1)
      VER="${TAG#code-agent-}"
      curl -fsSL -o /usr/local/bin/code-agent \
        "https://github.com/kramlipi/code-agent-binaries/releases/download/${TAG}/code-agent-${VER}-linux"
      chmod +x /usr/local/bin/code-agent
      # ripgrep is bundled in the binary (v0.1.3+)
  script:
    - git fetch origin "${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}" --depth=50 || true
    - git diff "origin/${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}...HEAD" > /tmp/mr.diff
    - |
      export CODE_AGENT_MODEL="${CODE_AGENT_MODEL:-gemini/gemini-3.1-flash-lite}"
      code-agent experts run code-review \
        --diff-file /tmp/mr.diff \
        -w .
    - |
      # Post a summary note on the MR (findings JSON from latest run)
      FINDINGS=$(ls -1d .code-agent/runs/*/review-findings.json 2>/dev/null | tail -1 || true)
      if [ -n "$FINDINGS" ] && command -v glab >/dev/null 2>&1; then
        glab mr note "$CI_MERGE_REQUEST_IID" --message "$(
          printf '### kramlipi code-review\n\n```json\n%s\n```\n' "$(cat "$FINDINGS")"
        )" || true
      elif [ -n "$FINDINGS" ]; then
        echo "Findings artifact: $FINDINGS"
        head -c 4000 "$FINDINGS" || true
      fi
  artifacts:
    when: always
    paths:
      - .code-agent/runs/
    expire_in: 7 days

Install glab in before_script if you want the MR note auto-posted.


Azure DevOps — copy-paste

Save as azure-pipelines-code-review.yml (copy-paste block below).

Pipeline variables / variable group: GEMINI_API_KEY (secret).

trigger: none

pr:
  branches:
    include:
      - "*"

pool:
  vmImage: ubuntu-latest

steps:
  - checkout: self
    fetchDepth: 0

  - bash: |
      set -euo pipefail
      sudo apt-get update -qq && sudo apt-get install -y -qq curl ca-certificates
      TAG=$(curl -fsSL \
        "https://api.github.com/repos/kramlipi/code-agent-binaries/releases/latest" \
        | sed -n 's/.*"tag_name": *"\([^"]*\)".*/\1/p' | head -1)
      VER="${TAG#code-agent-}"
      curl -fsSL -o /usr/local/bin/code-agent \
        "https://github.com/kramlipi/code-agent-binaries/releases/download/${TAG}/code-agent-${VER}-linux"
      chmod +x /usr/local/bin/code-agent
    displayName: Install code-agent binary

  - bash: |
      set -euo pipefail
      TARGET="${SYSTEM_PULLREQUEST_TARGETBRANCH:-main}"
      TARGET="${TARGET#refs/heads/}"
      git fetch origin "$TARGET" --depth=50 || true
      git diff "origin/${TARGET}...HEAD" > /tmp/pr.diff
      export CODE_AGENT_MODEL="${CODE_AGENT_MODEL:-gemini/gemini-3.1-flash-lite}"
      code-agent experts run code-review --diff-file /tmp/pr.diff -w .
    displayName: Run code-review
    env:
      GEMINI_API_KEY: $(GEMINI_API_KEY)

  - task: PublishPipelineArtifact@1
    inputs:
      targetPath: .code-agent/runs
      artifact: code-review-findings
    condition: always()

Findings land under .code-agent/runs/*/review-findings.json (pipeline artifact). Inline GitHub-style threads are GitHub-only today; Azure gets the artifact + optional REST comment (see full guide on the site).


Local one-liners

# GitHub PR — post inline comments
export GEMINI_API_KEY=...
export GH_TOKEN=...   # or gh auth login
code-agent experts run code-review --pr 42 -w .

# Preview only
code-agent experts run code-review --pr 42 --dry-run -w .

# Any platform — review a unified diff (findings on disk, no GitHub post)
git diff main...HEAD > /tmp/mr.diff
code-agent experts run code-review --diff-file /tmp/mr.diff -w .

  • Product templates: .github/workflows/code-review-template.yml
  • Expert flags: Experts
  • Quick start: Quick Start