Workflow overview
Why this workflow matters
Useful for software delivery and engineering operations. Relevant for managed services and support workflows.
Automatically detects new GitHub Pull Requests, analyzes changed code with AI, generates detailed review comments (quality, security, performance, best practices), posts suggestions back to the PR, stores results in a database, and sends notifications. Good to Know Triggers automatically on new/updated GitHub Pull Requests via webhook (or manual test) Fetches only changed files/diffs — no need to clone full repo Uses AI (Grok, OpenAI, Claude, Gemini, etc.) to provide intelligent, context-aware feedback Covers multiple dimensions: code quality, bugs, security vulnerabilities, performance issues, maintainability, style/best practices Posts formatted review comments directly on the GitHub PR (with severity levels, suggestions, code snippets) Stores review history & scores in PostgreSQL (or other DB) for auditing, metrics, team dashboards Sends real-time notifications (Slack, Discord, email, etc.) for high-severity findings Saves developers hours on initial reviews and catches issues early How It Works 1. Trigger PR Detection GitHub Webhook** node — listens for pull_request events (opened, synchronize, reopened, ready_for_review) Optional: Filter node to ignore drafts, dependabot PRs, or specific branches Manual trigger available for testing 2. Fetch & Analyze Code GitHub** node — retrieves PR details (title, body, number, repo, base/head commits) GitHub* or *HTTP Request** — fetches list of changed files + diffs (using GitHub API /pulls/{number}/files and diff content) Merge PR Details & Extract Diffs** — combines metadata + code changes into structured format Prepares payload: file paths, diff hunks, full file content if needed (truncated for large files) 3. AI Review & Score Sends prepared diff data + context (language, repo conventions, custom guidelines) to AI model Prompt engineering focuses on: Code correctness & bugs Security vulnerabilities (OWASP, secrets, injection risks) Performance optimizations Readability, maintainability, SOLID principles Best practices & style (specific to language/framework) Refactoring suggestions with examples AI returns structured output: severity (low/medium/high/critical), category, comment text, suggested fix (with code block) Optional: Score node — assigns overall PR quality score (0–100) based on findings 4. Post Review & Notify Route** by severity / issue count (e.g. critical → immediate Slack) GitHub** node — posts detailed review comments on the PR (as bot user) Supports threaded replies, line-specific comments (if hunk positions available) Adds label e.g. ai-reviewed, needs-changes Store Results in PostgreSQL** — logs full review (PR link, timestamp, AI output JSON, score, issues list) Send Summary to Slack** (or Discord/Email/Telegram) — concise message with key findings, link to PR, severity highlights Log Completion** — records successful execution for monitoring Data Sources GitHub** — Pull Requests, diffs, comments, labels (via webhook + API) AI Model** — Grok (xAI), OpenAI GPT-4o / o1, Anthropic Claude, Google Gemini, or local LLM Storage** — PostgreSQL (recommended for structured querying), or Supabase, Airtable, Google Sheets Notifications** — Slack, Discord, Microsoft Teams, Email (SMTP), Telegram How to Use Import the workflow JSON into your AlekSystem instance Configure credentials: GitHub OAuth / Personal Access Token (with repo scope) AI provider API key (Grok/OpenAI/etc.) PostgreSQL database connection Slack/Discord/Email credentials Set up GitHub Webhook: In repo Settings → Webhooks → Add webhook Payload URL = your AlekSystem webhook URL Content type: application/json Events: Pull requests Customize AI prompt — add repo-specific rules, coding standards, ignored patterns Tune filters — minimum severity to post, files to skip (e.g. lock files, generated code) Test — create/open a small PR or use Execute Workflow with sample payload Activate — turn on the workflow and monitor Executions + Logs Requirements AlekSystem (self-hosted preferred for webhooks) GitHub repo with admin access to add webhook & bot token AI API access with sufficient token limit (large PRs = large prompts) PostgreSQL database (or alternative) for persistent storage Notification service account (Slack app, Discord bot, etc.) Customizing This Workflow Add custom best practices** — load from Google Sheets/Notion/Airtable and inject into prompt Support multi-file analysis** — chunk very large PRs or summarize per-file first Auto-approve low-risk PRs** — add approval action if score > 90 and no critical issues Security focus** — integrate with tools like Semgrep/Trivy results Comment on specific lines** — use GitHub API position/hunk data for inline comments Team routing** — notify language-specific experts via Slack channels Metrics dashboard** — connect DB to Grafana/Metabase for review trends Ignore patterns** — skip vendor/, node_modules/, tests/, etc. Multiple AI models** — fallback or ensemble (e.g. Claude for reasoning + Grok for speed)
Best fit
Categories
Services
Use cases
Need another direction?