GitHub Action

AI code reviewinside your CI pipeline

Run CodeCritic on every pull request or push with the official GitHub Action. Same review engine as the web app and REST API, with findings you can gate merges on or publish back to the PR.

pull_request triggerspush workflowsPR commentsmatrix buildssame API engine
How it works

Drop-in workflow step

Add a single job step after checkout. Pass your API key as a secret, point at the diff or files you care about, and let the Action call CodeCritic without hosting review logic yourself.

Fail or warn on severity

Treat blocking findings as hard failures or soft warnings depending on team maturity. Start in report-only mode, then tighten once you trust the signal.

Parallel with existing checks

Lint, test, and security scan jobs stay as they are. The Action adds reasoning-style feedback that complements deterministic rules rather than replacing them.

What teams automate first

Most repos start with pull_request on opened and synchronize events, then expand to release branches or monorepo paths.

  • Review only changed files in the PR diff so CI time tracks with scope, not repo size.
  • Post a summary comment when the run finishes so reviewers see AI output before they open the diff.
  • Reuse the same API key across staging and production workflows with separate secrets per environment.
  • Combine with required status checks so merges wait until the review job completes.

Workflow

How teams wire it

  1. 1

    Create an API key

    Generate a workspace API key in CodeCritic and store it as a GitHub Actions secret.

  2. 2

    Add the workflow

    Commit a YAML file under .github/workflows that triggers on the events your team cares about.

  3. 3

    Tune severity policy

    Start with report-only, then enable fail-on for blocking items once noise is acceptable.

  4. 4

    Wire required checks

    Mark the job as a required status check in branch protection when you are ready to enforce it.

Examples

Integration examples

Pull request workflow

Minimal job that runs on every PR update.

name: Code review
on:
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: codecritic/review-action@v1
        with:
          api-key: ${{ secrets.CODECRITIC_API_KEY }}
          fail-on: blocking

Checklist

  • Secrets scoped per repo Use repository secrets for single-repo setups; org-level secrets when many repos share one billing workspace.
  • Fetch depth for diffs Checkout with enough history so the Action can compute the PR diff reliably on shallow clones.
  • Document bypass policy Define when admins may merge despite a failed review job so on-call knows the escape hatch.

FAQ

Common questions

No. It front-loads structured findings on the diff so humans spend time on design and product tradeoffs instead of repeating the same security and correctness scans.

Put review in the same pipeline as tests

Connect a repo, add the Action, and ship the first automated review on your next pull request.

Integrations