AI Review
About 530 wordsAbout 2 min
With AI capabilities, you can let pipelines automatically review Pull Requests (PRs), quickly discovering potential issues and improving code quality.
Cloud Native Build supports two ways to perform AI code reviews. You can choose the method that suits your scenario.
Token Overview
The pipeline provides three NPC-related environment variables. They all have the same permissions and represent the pipeline trigger, only differing in which NPC role they represent:
| Environment Variable | Description |
|---|---|
CNB_TOKEN | When mentioning a custom NPC role, represents the mentioned custom role |
CNB_TOKEN_FOR_CODEBUDDY | When mentioning the system role CodeBuddy, represents the system role CodeBuddy |
CNB_TOKEN_FOR_AI | Can be used by users in non-NPC pipelines as needed |
Comparison
| Comparison | Method 1: AI Review Plugin | Method 2: NPC Event |
|---|---|---|
| Trigger | Automatic via pipeline | Mention NPC in PR comment |
| Token used | CNB_TOKEN_FOR_AI | CNB_TOKEN (custom role) or CNB_TOKEN_FOR_CODEBUDDY (system role) |
| Use case | Auto-review every PR event | On-demand review, flexible control |
| Config location | .cnb.yml pipeline config | .cnb.yml + .cnb/settings.yml (custom role) |
Method 1: Use AI Review Plugin
Use the cnbcool/ai-review image as a pipeline plugin to automatically perform code review when PR events are triggered.
Configuration Example
.cnb.yml
main:
pull_request:
- stages:
- name: Code Review
image: cnbcool/ai-review:latest
settings:
type: code-reviewHow It Works
- When a PR is created or updated on the
mainbranch, the pipeline is automatically triggered. - The pipeline can use the
CNB_TOKEN_FOR_AIenvironment variable to call the OpenAPI AI capability. - The AI reviews the code changes in the PR and submits review results as comments on the PR.
Use Cases
- Automatically get AI review feedback on every PR
- Enforce quality checks before merging code
Method 2: Trigger NPC Event
Mention an NPC role in a PR comment to trigger the NPC event pipeline and perform AI review.
How to Trigger
- System NPC: Simply mention
@CodeBuddyin the PR comment, for example:
@CodeBuddy Code review- Custom NPC: First configure a custom NPC role in your repository, then mention it in the PR comment, for example:
@cnb/feedback(评审专家) Code reviewNPC Event How It Works
- When someone comments and mentions an NPC in a PR, it triggers the
pull_request.comment@npcevent. - The system loads the
.cnb.ymlconfiguration from the NPC's repository and parses the corresponding role's event pipeline. - The pipeline calls the OpenAPI AI capability using the token:
- When mentioning a custom NPC, uses
CNB_TOKEN, representing the mentioned custom role - When mentioning the system role CodeBuddy, uses
CNB_TOKEN_FOR_CODEBUDDY, representing the system role CodeBuddy
- When mentioning a custom NPC, uses
- The review results are submitted to the PR comment with the NPC's identity.
For detailed configuration, see NPC.
NPC Event Use Cases
- Trigger review on demand instead of every PR automatically
- Use custom review roles and styles
- Let NPC perform other automation tasks during the review
Notes
- Both methods require ensuring the pipeline has sufficient permissions to access the code repository and submit comments.
- When the NPC event pipeline runs, its TOKEN permissions are limited to the current repository.
- If you need to make code changes during review, you can enable NPC Work Mode.