AI code reviewinside your CI pipeline
Run CodeCritic on every pull request or push with the official GitHub Action. Same review engine as the web app and REST API, with findings you can gate merges on or publish back to the PR.
Drop-in workflow step
Add a single job step after checkout. Pass your API key as a secret, point at the diff or files you care about, and let the Action call CodeCritic without hosting review logic yourself.
Fail or warn on severity
Treat blocking findings as hard failures or soft warnings depending on team maturity. Start in report-only mode, then tighten once you trust the signal.
Parallel with existing checks
Lint, test, and security scan jobs stay as they are. The Action adds reasoning-style feedback that complements deterministic rules rather than replacing them.
What teams automate first
Most repos start with pull_request on opened and synchronize events, then expand to release branches or monorepo paths.
- Review only changed files in the PR diff so CI time tracks with scope, not repo size.
- Post a summary comment when the run finishes so reviewers see AI output before they open the diff.
- Reuse the same API key across staging and production workflows with separate secrets per environment.
- Combine with required status checks so merges wait until the review job completes.
Workflow
How teams wire it
- 1
Create an API key
Generate a workspace API key in CodeCritic and store it as a GitHub Actions secret.
- 2
Add the workflow
Commit a YAML file under .github/workflows that triggers on the events your team cares about.
- 3
Tune severity policy
Start with report-only, then enable fail-on for blocking items once noise is acceptable.
- 4
Wire required checks
Mark the job as a required status check in branch protection when you are ready to enforce it.
Examples
Integration examples
Pull request workflow
Minimal job that runs on every PR update.
name: Code review
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: codecritic/review-action@v1
with:
api-key: ${{ secrets.CODECRITIC_API_KEY }}
fail-on: blockingChecklist
- Secrets scoped per repo Use repository secrets for single-repo setups; org-level secrets when many repos share one billing workspace.
- Fetch depth for diffs Checkout with enough history so the Action can compute the PR diff reliably on shallow clones.
- Document bypass policy Define when admins may merge despite a failed review job so on-call knows the escape hatch.
FAQ
Common questions
Related pages
Put review in the same pipeline as tests
Connect a repo, add the Action, and ship the first automated review on your next pull request.