DEV.TO ARTICLE 36: GitHub Actions + AI: Automating Code Quality with Claude

Target Keyword: "github actions ai code review"
Tags: github-actions,ci-cd,ai,programming,developer
Type: Tutorial

Content

GitHub Actions + AI: Automating Code Quality with Claude

Continuous integration with AI-powered code review catches bugs before they reach production. Here's how to build a GitHub Actions workflow that runs Claude-powered analysis on every pull request.

Why AI Code Review in CI?

Traditional CI catches syntax errors and test failures. AI code review catches:

Logic bugs
Security vulnerabilities
Performance issues
Code quality problems
Documentation gaps

The GitHub Actions Workflow

# .github/workflows/ai-review.yml
name: AI Code Review

on:
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  ai-review:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
      contents: read

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Get PR diff
        id: diff
        run: |
          git diff origin/${{ github.base_ref }}...HEAD > pr_diff.txt
          echo "diff_size=$(wc -c < pr_diff.txt)" >> $GITHUB_OUTPUT
          echo "files_changed=$(git diff --name-only origin/${{ github.base_ref }}...HEAD | wc -l)" >> $GITHUB_OUTPUT

      - name: Run AI Code Review
        if: steps.diff.outputs.diff_size < 50000  # Skip if too large
        env:
          OFOX_API_KEY: ${{ secrets.OFOX_API_KEY }}
        run: |
          # Get PR context
          PR_NUMBER=$(echo ${{ github.event.pull_request.number }})
          REPO=${{ github.repository }}

          # Prepare review prompt
          DIFF=$(cat pr_diff.txt)

          # Call Claude via ofox.ai
          RESPONSE=$(curl -s -X POST https://api.ofox.ai/v1/chat/completions \
            -H "Authorization: Bearer $OFOX_API_KEY" \
            -H "Content-Type: application/json" \
            -d '{
              "model": "claude-3-5-sonnet-20241022",
              "messages": [{
                "role": "user",
                "content": "You are an expert code reviewer. Review this PR diff and provide feedback on bugs, security issues, performance problems, and code quality. Be concise but thorough.\n\n'${DIFF}'"
              }],
              "max_tokens": 2000,
              "temperature": 0.3
            }')

          echo "$RESPONSE" | jq -r '.choices[0].message.content' > review_comment.md
          echo "REVIEW_OUTPUT=$(cat review_comment.md)" >> $GITHUB_OUTPUT

      - name: Post review comment
        if: steps.diff.outputs.diff_size < 50000
        uses: actions/github-script@v7
        with:
          script: |
            github.rest.issues.createComment({
              issue_number: context.payload.pull_request.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: process.env.REVIEW_OUTPUT
            })

Filtering Large Diffs

- name: Check diff size
  id: size
  run: |
    SIZE=$(wc -c < pr_diff.txt)
    echo "size=$SIZE" >> $GITHUB_OUTPUT
    if [ $SIZE -gt 50000 ]; then
      echo "::warning::PR diff too large ($SIZE bytes), skipping AI review"
    fi

Getting Your API Key

Set up your ofox.ai API key as a GitHub Secret:

Go to your repository → Settings → Secrets and variables → Actions
Click New repository secret
Name: OFOX_API_KEY
Value: your key from ofox.ai

👉 Get your ofox.ai API key

Expanding to Full Analysis

Beyond simple diff review, extend the workflow:

# Add after PR review
- name: Run security scan
  uses: github/codeql-action/analyze@v3
  with:
    category: "/language:javascript"

- name: AI Summary
  run: |
    # Generate PR summary with AI
    SUMMARY=$(curl -s -X POST https://api.ofox.ai/v1/chat/completions \
      -H "Authorization: Bearer $OFOX_API_KEY" \
      -H "Content-Type: application/json" \
      -d '{
        "model": "claude-3-5-sonnet-20241022",
        "messages": [{
          "role": "user",
          "content": "Summarize this PR in 3 bullet points. Focus on what changed and why.\n\n'$(cat pr_diff.txt | head -100)'"
        }],
        "max_tokens": 300
      }')
    echo "$SUMMARY" | jq -r '.choices[0].message.content'

Best Practices

Rate limit awareness — Don't run on every push; use types: [opened, synchronize]
Diff size limits — Skip reviews for massive changes (>50KB)
Token budget — Set max_tokens to control costs
Cache common prompts — Reuse system prompts across runs

Complete Example

name: AI PR Review + Security Scan

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: AI Review
        env:
          OFOX_API_KEY: ${{ secrets.OFOX_API_KEY }}
        run: |
          DIFF=$(git diff origin/${{ github.base_ref }}...HEAD)

          curl -s -X POST https://api.ofox.ai/v1/chat/completions \
            -H "Authorization: Bearer $OFOX_API_KEY" \
            -H "Content-Type: application/json" \
            -d '{
              "model": "claude-3-5-sonnet-20241022",
              "messages": [{
                "role": "user",
                "content": "Review this PR. Flag: bugs, security, performance, quality. Format: ## Bugs\n## Security\n## Performance\n## Quality\n\n' + "$DIFF" + '"
              }],
              "max_tokens": 1500
            }' | jq -r '.choices[0].message.content' > review.md

          github.rest.issues.createComment({
            issue_number: context.payload.pull_request.number,
            owner: context.repo.owner,
            repo: context.repo.repo,
            body: require('fs').readFileSync('review.md', 'utf8')
          })