Implement AI Code Review Using GitLab API and CI – Tutorial Part 6

This tutorial walks through creating a personal GitLab access token, testing the GitLab API, configuring CI variables, importing a sample project, triggering a merge‑request pipeline, sending changed files to a Zhipu AI model, and writing the AI's review back into the merge request as comments.

Ubiquitous Tech
Ubiquitous Tech
Ubiquitous Tech
Implement AI Code Review Using GitLab API and CI – Tutorial Part 6

Overview

The article demonstrates how to build an AI‑assisted code review workflow on a self‑hosted GitLab instance by leveraging the GitLab REST API and CI/CD pipelines. It covers token creation, API testing, CI configuration, merge‑request handling, and interaction with the Zhipu AI model.

1. Create a GitLab Personal Access Token

In GitLab, navigate to the user profile → Personal Access Tokens , click Add new token , set an expiration date, and grant the api scope. Save the generated token for later API calls.

2. Test the GitLab API

With the token, verify connectivity using curl or Postman. The API can receive the token via URL parameter, PRIVATE-TOKEN header (common), or Authorization header. A successful request returns project information, confirming that the token works.

3. Import a Sample Project

The tutorial imports the Apache Commons Lang repository into the GitLab instance and creates a feature branch feature/20240803-gitlab-ci-demo and a target branch st/20240803-target. This provides a concrete code base for the AI review.

4. Configure CI Variables

In the project’s CI/CD settings, add two custom variables:

GITLAB_TOKEN – the personal access token created earlier.

GITLAB_API – the base URL of the GitLab server (e.g., https://gitlab.example.com).

Optionally, the predefined variable CI_API_V4_URL can be used to obtain the API base automatically.

5. Write the CI Job

The .gitlab-ci.yml defines two stages: print_hello_world and aicode. The aicode job performs the following steps:

Retrieve the current pipeline’s commit SHA via

GET $GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID

.

Obtain the associated merge‑request ID using the commit SHA.

List changed files of the merge request.

For each changed file, fetch its raw content.

Build a JSON payload for the Zhipu AI model (model glm-4-flash) with a system prompt and the file content.

POST the payload to https://open.bigmodel.cn/api/paas/v4/chat/completions with the ZHIPU_API_KEY header.

Parse the AI’s response and post the suggestions back to the merge request as a note.

stages:
  - print_hello_world
  - aicode

print_hello_world_job:
  stage: print_hello_world
  script:
    - echo "Hello World"

aicode:
  stage: aicode
  script:
    - |
      #!/bin/bash
      echo "GITLAB_API: $GITLAB_API"
      echo "GITLAB_TOKEN: $GITLAB_TOKEN"
      echo "CI_PIPELINE_ID: $CI_PIPELINE_ID"
      echo "CI_PROJECT_ID: $CI_PROJECT_ID"
      # Get commit SHA
      COMMIT_SHA=$(curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" -X GET $GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID | jq -r .sha)
      # Get MR ID
      MR_ID=$(curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" -X GET $GITLAB_API/projects/$CI_PROJECT_ID/repository/commits/$COMMIT_SHA/merge_requests | jq -r .[].iid)
      # Get changed files
      MR_FILES=$(curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" -X GET $GITLAB_API/projects/$CI_PROJECT_ID/merge_requests/$MR_ID/changes | jq -r '.changes[] | select(.new_file == true or .deleted_file == false) | .new_path')
      for FILE_PATH in $MR_FILES; do
        ENCODED_FILE_PATH=$(echo "$FILE_PATH" | sed 's/\//%2F/g' | sed 's/\./%2E/g')
        FILE_CONTENT=$(curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" -X GET "$GITLAB_API/projects/$CI_PROJECT_ID/repository/files/$ENCODED_FILE_PATH/raw?ref=$COMMIT_SHA")
        JSON_PAYLOAD=$(jq -n \
          --arg file_path "$FILE_PATH" \
          --arg file_content "$FILE_CONTENT" \
          '{ model:"glm-4-flash",messages: [ { role: "system", content: "You are an AI code reviewer..." }, { role: "user", content: ("Please review the file:
Name: " + $file_path + "

Content:
" + $file_content) } ] }')
        API_RESPONSE=$(curl -X POST "https://open.bigmodel.cn/api/paas/v4/chat/completions" \
          -H "Content-Type: application/json" \
          -H "Authorization: Bearer $ZHIPU_API_KEY" \
          -d "$JSON_PAYLOAD")
        SUGGESTIONS=$(echo "$API_RESPONSE" | jq -r '.choices[0].message.content')
        curl -H "PRIVATE-TOKEN: $GITLAB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/merge_requests/$MR_ID/notes" \
          --form "body=File review **$FILE_PATH**:
$SUGGESTIONS"
      done
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

6. Create a Merge Request

After pushing the feature branch, open a merge request targeting the st/20240803-target branch. When the MR event triggers, the CI job runs, prints the changed file list, sends each file to the AI model, and posts the AI’s suggestions as MR comments.

7. Review the Results

The merge‑request overview now displays AI‑generated comments, including suggested code improvements and automatically generated documentation snippets.

Key API Endpoints Used

GET $GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID
GET $GITLAB_API/projects/$CI_PROJECT_ID/repository/commits/$COMMIT_SHA/merge_requests
GET $GITLAB_API/projects/$CI_PROJECT_ID/merge_requests/$MR_ID/changes
GET $GITLAB_API/projects/$CI_PROJECT_ID/repository/files/$ENCODED_FILE_PATH/raw?ref=$COMMIT_SHA
POST $GITLAB_API/projects/$CI_PROJECT_ID/merge_requests/$MR_ID/notes

By following these steps, a fully automated AI code review system is established within GitLab CI, requiring only a single CI configuration file.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

ci/cdGitLabAPIcurlbashAI code reviewzhipu
Ubiquitous Tech
Written by

Ubiquitous Tech

A ubiquitous public account for pirate enthusiasts, regularly sharing curated experiences, tech learning, and growth insights. Currently publishing articles on AI RAG customer service, AI MCP technology, and open-source design. Personal free Knowledge Planet: Awakening New World Programmer.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.