Implement AI Code Review Using GitLab API and CI – Tutorial Part 6
This tutorial walks through creating a personal GitLab access token, testing the GitLab API, configuring CI variables, importing a sample project, triggering a merge‑request pipeline, sending changed files to a Zhipu AI model, and writing the AI's review back into the merge request as comments.
Overview
The article demonstrates how to build an AI‑assisted code review workflow on a self‑hosted GitLab instance by leveraging the GitLab REST API and CI/CD pipelines. It covers token creation, API testing, CI configuration, merge‑request handling, and interaction with the Zhipu AI model.
1. Create a GitLab Personal Access Token
In GitLab, navigate to the user profile → Personal Access Tokens , click Add new token , set an expiration date, and grant the api scope. Save the generated token for later API calls.
2. Test the GitLab API
With the token, verify connectivity using curl or Postman. The API can receive the token via URL parameter, PRIVATE-TOKEN header (common), or Authorization header. A successful request returns project information, confirming that the token works.
3. Import a Sample Project
The tutorial imports the Apache Commons Lang repository into the GitLab instance and creates a feature branch feature/20240803-gitlab-ci-demo and a target branch st/20240803-target. This provides a concrete code base for the AI review.
4. Configure CI Variables
In the project’s CI/CD settings, add two custom variables:
GITLAB_TOKEN – the personal access token created earlier.
GITLAB_API – the base URL of the GitLab server (e.g., https://gitlab.example.com).
Optionally, the predefined variable CI_API_V4_URL can be used to obtain the API base automatically.
5. Write the CI Job
The .gitlab-ci.yml defines two stages: print_hello_world and aicode. The aicode job performs the following steps:
Retrieve the current pipeline’s commit SHA via
GET $GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID.
Obtain the associated merge‑request ID using the commit SHA.
List changed files of the merge request.
For each changed file, fetch its raw content.
Build a JSON payload for the Zhipu AI model (model glm-4-flash) with a system prompt and the file content.
POST the payload to https://open.bigmodel.cn/api/paas/v4/chat/completions with the ZHIPU_API_KEY header.
Parse the AI’s response and post the suggestions back to the merge request as a note.
stages:
- print_hello_world
- aicode
print_hello_world_job:
stage: print_hello_world
script:
- echo "Hello World"
aicode:
stage: aicode
script:
- |
#!/bin/bash
echo "GITLAB_API: $GITLAB_API"
echo "GITLAB_TOKEN: $GITLAB_TOKEN"
echo "CI_PIPELINE_ID: $CI_PIPELINE_ID"
echo "CI_PROJECT_ID: $CI_PROJECT_ID"
# Get commit SHA
COMMIT_SHA=$(curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" -X GET $GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID | jq -r .sha)
# Get MR ID
MR_ID=$(curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" -X GET $GITLAB_API/projects/$CI_PROJECT_ID/repository/commits/$COMMIT_SHA/merge_requests | jq -r .[].iid)
# Get changed files
MR_FILES=$(curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" -X GET $GITLAB_API/projects/$CI_PROJECT_ID/merge_requests/$MR_ID/changes | jq -r '.changes[] | select(.new_file == true or .deleted_file == false) | .new_path')
for FILE_PATH in $MR_FILES; do
ENCODED_FILE_PATH=$(echo "$FILE_PATH" | sed 's/\//%2F/g' | sed 's/\./%2E/g')
FILE_CONTENT=$(curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" -X GET "$GITLAB_API/projects/$CI_PROJECT_ID/repository/files/$ENCODED_FILE_PATH/raw?ref=$COMMIT_SHA")
JSON_PAYLOAD=$(jq -n \
--arg file_path "$FILE_PATH" \
--arg file_content "$FILE_CONTENT" \
'{ model:"glm-4-flash",messages: [ { role: "system", content: "You are an AI code reviewer..." }, { role: "user", content: ("Please review the file:
Name: " + $file_path + "
Content:
" + $file_content) } ] }')
API_RESPONSE=$(curl -X POST "https://open.bigmodel.cn/api/paas/v4/chat/completions" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $ZHIPU_API_KEY" \
-d "$JSON_PAYLOAD")
SUGGESTIONS=$(echo "$API_RESPONSE" | jq -r '.choices[0].message.content')
curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/merge_requests/$MR_ID/notes" \
--form "body=File review **$FILE_PATH**:
$SUGGESTIONS"
done
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"6. Create a Merge Request
After pushing the feature branch, open a merge request targeting the st/20240803-target branch. When the MR event triggers, the CI job runs, prints the changed file list, sends each file to the AI model, and posts the AI’s suggestions as MR comments.
7. Review the Results
The merge‑request overview now displays AI‑generated comments, including suggested code improvements and automatically generated documentation snippets.
Key API Endpoints Used
GET $GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID
GET $GITLAB_API/projects/$CI_PROJECT_ID/repository/commits/$COMMIT_SHA/merge_requests
GET $GITLAB_API/projects/$CI_PROJECT_ID/merge_requests/$MR_ID/changes
GET $GITLAB_API/projects/$CI_PROJECT_ID/repository/files/$ENCODED_FILE_PATH/raw?ref=$COMMIT_SHA
POST $GITLAB_API/projects/$CI_PROJECT_ID/merge_requests/$MR_ID/notesBy following these steps, a fully automated AI code review system is established within GitLab CI, requiring only a single CI configuration file.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Ubiquitous Tech
A ubiquitous public account for pirate enthusiasts, regularly sharing curated experiences, tech learning, and growth insights. Currently publishing articles on AI RAG customer service, AI MCP technology, and open-source design. Personal free Knowledge Planet: Awakening New World Programmer.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
