As the availability and usefulness of AI have grown over the past few years, we as software engineers are always on the lookout for ways to boost our everyday efficiency using AI. One area that everyone at Zivtech participates in is peer code reviews. While nothing matches the discerning eye of human developers in code reviews, AI has proven to be useful at identifying common oversights and has decreased the amount of back and forth on individual tasks, enhancing our engineers' overall productivity and code quality. After seeing Yas Naoi’s talk "Automate, Integrate, Innovate: AI-powered GitLab CI for Drupal module development” at DrupalCon Atlanta 2025, we realized the potential of having AI assist in what is normally a mundane but necessary task. Building on the OpenAI cookbook example “Reasoning over Code Quality and Security in GitHub Pull Requests,” we are now utilizing GitHub Actions to expedite code reviews using OpenAI on every pull request. Built on GitHub’s CI/CD platform, GitHub Actions that tie directly into our development pipeline allowed us to implement this new assisted code review process within our existing workflow without any additional steps, making its adoption easy across the entire company.
Code reviews are a necessary, mundane, time-consuming process that, while susceptible to human error, provide astounding benefits, including better code quality, more secure and performant code, and also offer examples and ideas to junior developers. Manual code reviews have been a part of Zivtech’s process for over a decade, and there just isn’t a substitute. However, having an automated assistant that could catch common mistakes, offer additional insight, and generally speed up the process of code reviews is a great value to our clients as it allows us to focus on other tasks and getting work out the door without sacrificing quality.
Incorporating AI into our workflow has shown significant promise, particularly in our code review process. AI is a great assistant to software engineers, and code reviews are no exception. Leveraging OpenAI’s ChatGPT, we can quickly check code for common issues in security, performance, maintainability, and general coding standards. We have seen ChatGPT offer suggestions ranging from simple spelling errors to alternative designs in the code and functionalities. While not everything suggested or called out by ChatGPT is valid, 10-20% is useful and actionable, and every bit that is caught before another engineer looks at it is a productivity win.
At Zivtech, we are committed to staying at the forefront of technology advancements, and integrating AI into our workflow is a testament to that. Leveraging GitHub Actions, we have automated our learning, virtual assistant that can analyze and offer suggestions on every pull request before it ever goes to another engineer for code review. Here’s how it works:
- Automated initialization: When a PR is created, GitHub Actions automatically triggers a workflow that involves ChatGPT. It starts by gathering context about the custom code changes, being sure to exclude build artifacts, images, documents, contrib code, and existing code.
- Intelligent analysis: ChatGPT then analyzes the modified code, identifying potential code smells, suggesting optimizations, and highlighting areas that don’t align with coding standards. It also flags possible security vulnerabilities, providing explanations and potential resolutions.
- Feedback delivery: Once analysis is completed ChatGPT compiles its findings and leaves a comment on the pull request, grouping the results by Security, Performance, Clarity, Functionality, User Experience, and Documentation, and ensures it identifies what is a 'required' change and what is a 'nitpick,' following suggestions from “How to Make Good Code Reviews Better” by Gergely Orosz.
This seamless integration with GitHub Actions has not only improved the speed and accuracy of our code reviews but also empowered our engineers to focus on more creative and complex tasks. The result is an enhancement in our own code quality and overall productivity, benefiting our engineers and our clients.
Integrating AI-assisted code reviews has been streamlined with Zivtech’s GitHub workflows. Our repository for AI Code Quality & Security Checks contains all the necessary resources for our AI-powered code reviews on our Drupal GitHub projects. A few callouts not included in the README are:
- Model: o4-mini
- We use this model as it balances speed and thoroughness, providing meaningful insights without sacrificing speed. Usually able to return a review comment within 30 seconds to 1 minute for most pull requests.
- Role:
You are an expert Drupal code reviewer.- We provide a configurable persona for ChatGPT to act as an expert Drupal Developer.
- File exclusions:
\\.json$|\\.txt$|\\.css$|vendor/|node_modules/|bower_components/|dist/|build/|\\.min\\.js$|\\.min\\.css$|\\.png$|\\.jpg$|\\.jpeg$|\\.gif$|\\.bmp$|\\.svg$|\\.webp$|\\.ico$|\\.tiff$|\\.psd$|\\.ai$|\\.eps$|\\.zip$|\\.tar$|\\.gz$|\\.rar$|\\.pdf$|\\.docx$|\\.xlsx$|\\.pptx$|\\.exe$|\\.dll$|\\.so$|\\.dylib$|\\.class$|\\.jar$|\\.pyc$|\\.pyo$|\\.o$|\\.a$|\\.lib$|\\.pdb$|\\.7z$|\\.mp3$|\\.mp4$|\\.avi$|\\.mkv$|\\.mov$|\\.wav$|\\.map$|\\.proto$|\\.env$|\\.DS_Store$|Thumbs\\.db$|\\.snap$|\\.git/|\\.github/|\\.gitlab/|\\.circleci/|coverage/|reports/- To cut down on noise, we exclude dependencies, build artifacts, VCS metadata, coverage, reports, binary archives, media, fonts, office files, OS/config files, and lock files.
-
Prompt:
Review the following Drupal code changes, focusing on: 1. Security: Identify vulnerabilities like SQL injection, XSS, and access control issues. 2. Performance: Check query efficiency and resource usage. 3. Clarity: Ensure adherence to Drupal coding standards. 4. Functionality: Validate logic and API integrations. 5. User Experience: Consider accessibility and inclusivity. 6. Documentation: Evaluate comments and maintenance support. Distinguish between 'nitpicks' (optional) and 'required changes' (essential). Provide constructive suggestions where appropriate. Summarize your review as a concise markdown report.
For those interested in getting AI code reviews please check out the README and setup instructions from the code repository.
Integrating AI into our code review process at Zivtech has made our reviews more efficient and helped maintain our high standards of code quality. This addition to our process highlights a broader industry shift, where AI enhances human capabilities, leading to more effective workflows. By embracing AI, we've enabled our team to deliver greater value to our clients without compromising quality. As we look to the future, we will continue to leverage AI to boost our productivity and deliver quality work as quickly as possible to all our clients.