Automated code review for GitHub pull requests powered by large language models (LLMs). Supports OpenAI, Groq, Azure OpenAI, and any OpenAI-compatible API endpoint.

• [Features] (#features)

• [Supported Providers] (#supported-providers)

• [Quick Start] (#quick-start)

• [Configuration] (#configuration)

• [Example Output] (#example-output)

• [Roadmap] (#roadmap)

• [Troubleshooting] (#troubleshooting)

• [License] (#license)

• Smart Analysis: Detect bugs, security issues, and optimization opportunities
• Multi-LLM Support: Works seamlessly with leading AI providers
• Customizable Feedback: Control review depth, creativity, and response length (To-Do)
• Rich Markdown Formatting: Clear, structured, and detailed review outputs
• Enterprise Ready: Dockerized with secure handling of secrets
• Multi-language Support: Reviews are available in 100+ languages (Any language supported by the LLM provider)

In your GitHub repository:

Settings → Secrets and variables → Actions → New repository secret
Name: INPUT_API_KEY  # make sure this is the name of the secret
Value: your-api-key-here

Create .github/workflows/pr-review.yml:

name: AI Code Review
on: [pull_request]

jobs:
  ai-review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - uses: pritom007/ai-pr-review@v1
        with:
          api-key: ${{ secrets.INPUT_API_KEY }}
          model-name: "llama3-70b-8192"
          base-url: "https://api.groq.com/openai/v1"
          temperature: "0.7"
          max-tokens: "1000"
          language: "English"

Set the llm model api key in your github secrets as INPUT_API_KEY. Also make sure you gave read permission to the contents and write premission to the pull-requests.

with:
  system-prompt: "Act as a principal engineer at a leading tech company"
  review-focus: "security,performance,readability"

(To be done)

• [LOW] [Code Quality] Line 1-31: The file name 'test.yml' might be misleading as it seems to be a workflow for AI PR review rather than a test. Consider renaming it to something more descriptive like 'ai-pr-review.yml'.

name: AI PR Review

• [MEDIUM] [Security] Line 22: The 'github-token' is passed as an input to the 'ai-pr-review' action. Although it's using the 'secrets.GITHUB_TOKEN', ensure that the 'pritom007/ai-pr-review' action handles the token securely.

      - name: AI PR Review
        uses: pritom007/ai-pr-review@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

• [MEDIUM] [Service boundaries] Line 20-30: The workflow uses an external action 'pritom007/ai-pr-review' which interacts with an external API 'https://api.groq.com/openai/v1'. This might introduce service boundary issues, such as dependency on the external API or potential data leaks.

      - name: AI PR Review
        uses: pritom007/ai-pr-review@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          repository: ${{ github.repository }}
          ref: ${{ github.event.ref }}
          api-key: ${{ secrets.API_KEY }}
          api-url: https://api.groq.com/openai/v1

• [HIGH] [Error handling] Line 19-30: There is no error handling mechanism in place for the 'ai-pr-review' action. Consider adding try-except blocks or error handling mechanisms to handle potential errors or exceptions raised by the action.

      - name: AI PR Review
        uses: pritom007/ai-pr-review@v1
        with:
          # ...

• Support for customizable prompt templates
• Enhanced security review capabilities
• Integration with additional code hosting platforms

• Ensure your secret key matches the configured workflow input

Test your API key:

curl -H "Authorization: Bearer $KEY" $BASE_URL/models

• Verify exact model ID and regional availability

• Lower max-tokens or switch to lighter models

This project is licensed under the MIT License - see the LICENSE file for details.

Important: AI reviews should complement human judgment, not replace it. Always manually verify critical changes.