DEV Community

ZNY
ZNY

Posted on

GitHub Actions + AI: Automating Code Quality with Claude

#api #ai #javascript #python

Continuous integration with AI-powered code review catches bugs before they reach production. Here's how to build a GitHub Actions workflow that runs Claude-powered analysis on every pull request.

Why AI Code Review in CI?

Traditional CI catches syntax errors and test failures. AI code review catches:
Logic bugs
Security vulnerabilities
Performance issues
Code quality problems
Documentation gaps

The GitHub Actions Workflow

`yaml
.github/workflows/ai-review.yml
name: AI Code Review

on:
pull_request:
types: [opened, synchronize, reopened]

jobs:
ai-review:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read

steps:

  • name: Checkout code
    uses: actions/checkout@v4
    with:
    fetch-depth: 0

  • name: Get PR diff
    id: diff
    run: |
    git diff origin/${{ github.baseref }}...HEAD > prdiff.txt
    echo "diffsize=$(wc -c < prdiff.txt)" >> $GITHUB_OUTPUT
    echo "fileschanged=$(git diff --name-only origin/${{ github.baseref }}...HEAD | wc -l)" >> $GITHUB_OUTPUT

  • name: Run AI Code Review
    if: steps.diff.outputs.diff_size < 50000 # Skip if too large
    env:
    OFOXAPIKEY: ${{ secrets.OFOXAPIKEY }}
    run: |

    Get PR context

    PRNUMBER=$(echo ${{ github.event.pullrequest.number }})
    REPO=${{ github.repository }}

Prepare review prompt

DIFF=$(cat pr_diff.txt)

Call Claude via ofox.ai

RESPONSE=$(curl -s -X POST https://api.ofox.ai/v1/chat/completions \
-H "Authorization: Bearer $OFOXAPIKEY" \
-H "Content-Type: application/json" \
-d '{
"model": "claude-3-5-sonnet-20241022",
"messages": [{
"role": "user",
"content": "You are an expert code reviewer. Review this PR diff and provide feedback on bugs, security issues, performance problems, and code quality. Be concise but thorough.\n\n'${DIFF}'"
}],
"max_tokens": 2000,
"temperature": 0.3
}')

echo "$RESPONSE" | jq -r '.choices[0].message.content' > review_comment.md
echo "REVIEWOUTPUT=$(cat reviewcomment.md)" >> $GITHUB_OUTPUT

  • name: Post review comment if: steps.diff.outputs.diff_size < 50000 uses: actions/github-script@v7 with: script: | github.rest.issues.createComment({ issuenumber: context.payload.pullrequest.number, owner: context.repo.owner, repo: context.repo.repo, body: process.env.REVIEW_OUTPUT }) `

Filtering Large Diffs

yaml
name: Check diff size
id: size
run: |
SIZE=$(wc -c < pr_diff.txt)
echo "size=$SIZE" >> $GITHUB_OUTPUT
if [ $SIZE -gt 50000 ]; then
echo "::warning::PR diff too large ($SIZE bytes), skipping AI review"
fi

Getting Your API Key

Set up your ofox.ai API key as a GitHub Secret:

  1. Go to your repository → Settings → Secrets and variables → Actions
  2. Click New repository secret
  3. Name: OFOXAPIKEY
  4. Value: your key from ofox.ai

👉 Get your ofox.ai API key

Expanding to Full Analysis

Beyond simple diff review, extend the workflow:

`yaml
Add after PR review
name: Run security scan
uses: github/codeql-action/analyze@v3
with:
category: "/language:javascript"

name: AI Summary
run: |

Generate PR summary with AI

SUMMARY=$(curl -s -X POST https://api.ofox.ai/v1/chat/completions \
-H "Authorization: Bearer $OFOXAPIKEY" \
-H "Content-Type: application/json" \
-d '{
"model": "claude-3-5-sonnet-20241022",
"messages": [{
"role": "user",
"content": "Summarize this PR in 3 bullet points. Focus on what changed and why.\n\n'$(cat pr_diff.txt | head -100)'"
}],
"max_tokens": 300
}')
echo "$SUMMARY" | jq -r '.choices[0].message.content'
`

Best Practices

  1. Rate limit awareness — Don't run on every push; use types: [opened, synchronize]
  2. Diff size limits — Skip reviews for massive changes (>50KB)
  3. Token budget — Set max_tokens to control costs
  4. Cache common prompts — Reuse system prompts across runs

Complete Example

`yaml
name: AI PR Review + Security Scan

on:
pull_request:
types: [opened, synchronize]

jobs:
review:
runs-on: ubuntu-latest
steps:

  • uses: actions/checkout@v4
    with:
    fetch-depth: 0

  • name: AI Review
    env:
    OFOXAPIKEY: ${{ secrets.OFOXAPIKEY }}
    run: |
    DIFF=$(git diff origin/${{ github.base_ref }}...HEAD)

curl -s -X POST https://api.ofox.ai/v1/chat/completions \
-H "Authorization: Bearer $OFOXAPIKEY" \
-H "Content-Type: application/json" \
-d '{
"model": "claude-3-5-sonnet-20241022",
"messages": [{
"role": "user",
"content": "Review this PR. Flag: bugs, security, performance, quality. Format: ## Bugs\n## Security\n## Performance\n## Quality\n\n' + "$DIFF" + '"
}],
"max_tokens": 1500
}' | jq -r '.choices[0].message.content' > review.md

github.rest.issues.createComment({
issuenumber: context.payload.pullrequest.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: require('fs').readFileSync('review.md', 'utf8')
})
`

Get started with Claude-powered CI: ofox.ai

This article contains affiliate links.

Tags: github-actions,ci-cd,ai,programming,developer
Canonical URL: https://dev.to/zny10289

Top comments (0)