Reviewbot - Empower Your Code Quality with Self-Hosted Automated Analysis and Review

中文

Reviewbot assists you in rapidly establishing a self-hosted code analysis and review service, supporting multiple languages and coding standards. Its main features include:

• Universal Compatibility - Provides a universal way to integrate and execute Linters without coding
• Multi-Platform Support - Currently supports both GitHub and GitLab
• AI-Powered - Detected issues are analyzed by AI to provide detailed explanations and improvement suggestions
• Precise Feedback - All issues are reported during the Pull/Merge Request stage as comments, precisely pinpointing the relevant code lines
• Self-Hosted Deployment - Recommended self-hosting for better data security and control

See practical examples:

<div style="display: flex; justify-content: flex-start; gap: 10px;"> <img src="./docs/static/issue-comment.png" alt="Issue Comment" width="567"/> <img src="./docs/static/ci-status.png" alt="CI Status" width="567"/> </div>

Table of Contents

• Why Reviewbot
• Installation
• Linter Integration Guide
  • Universal Integration (No Coding Required)
  • Custom Integration
• Supported Linters
  • Go
  • Python
  • C/C++
  • Lua
  • Java
  • Shell
  • Git Workflow Standards
  • Documentation Standards
• Configuration
  • Adjusting Execution Commands
  • Disabling a Linter
  • Cloning multiple repositories
  • Executing Linters via Docker
  • Executing Linters via Kubernetes
• AI Enhancement
• Reviewbot Operational Flow
• Monitoring Detection Results
• Talks
• Contributing
• License

Why Reviewbot

Reviewbot is a self-hosted code analysis and review service with the following features:

• Universal Compatibility - Provides a universal way to integrate new code checking tools without modifying source code
• Multi-Platform Support - Currently supports both GitHub and GitLab platforms
• AI-Powered - Issues detected are analyzed by AI to provide detailed context and fix suggestions
• Security - Recommended self-hosting for data security and control
• Improvement-Oriented - Detected issues are primarily reported as comments precise to code lines, facilitating efficient problem resolution
• Flexibility - Supports multiple languages and coding standards with flexible configuration
• Observability - Supports alert notifications for timely awareness of detected issues

Installation

Please refer to the getting started guide.

The following are internal usage practices at Qiniu, which may provide you with more inspiration:

• Deployed in a Kubernetes cluster
• Using this Dockerfile to build the Reviewbot image

Linter Integration Guide

Universal Linter Integration (No Coding Required)

Reviewbot provides a universal way to integrate new code checking tools without modifying the source code.

For example:

customLinters:
  pylint:
    languages: [".py"] # Specify supported languages
    command: ["/bin/sh", "-c", "--"] # Specify execution command
    args: # Specify execution arguments
      - |
        pylint --disable=line-too-long --output-format=text --msg-template='{path}:{line}:{column}: {msg} ({symbol})' --reports=n --score=n --recursive=y ./

After this configuration, when there are changes to Python code in PR/MR, pylint will be used to perform checks, and the results will be reported to the corresponding code lines.

Note that the above configuration uses pylint from the default execution environment. If you need to use a specific version of pylint or want to use other execution environments, you can specify them through dockerAsRunner or kubernetesAsRunner, or even choose to check and install pylint in the above command before execution.

See the full configuration:

customLinters:
  <linter-name>:
    languages: <language-list> # optional, specify supported languages
    enable: <true|false> # optional, enable/disable this linter
    workDir: <work-dir> # optional, specify working directory
    command: <command-list> # optional, specify execution command
    args: <args-list> # optional, specify execution arguments
    env: <env-list> # optional, specify environment variables
    dockerAsRunner: # optional, use Docker image to execute linter
      image: <docker-image>
    kubernetesAsRunner: # optional, use Kubernetes to execute linter
      namespace: <kubernetes-namespace>
      image: <kubernetes-image>
    reportType: <report-type> # optional, specify report type
    configPath: <config-path> # optional, specify linter config file path

Custom Integration

For more complex scenarios, you can also consider code integration:

• For self-implemented linters or standards, refer to commit msg check, go mod check, etc.
• For customizing linter execution logic in complex scenarios, refer to golangci-lint, gofmt, etc.

Supported Linters

The following are the linters currently supported by Reviewbot:

Go

• golangci-lint
• gofmt
• gomodcheck

Python

• pylint

C/C++

• cppcheck

Lua

• luacheck

Java

• pmdcheck
• stylecheck

Shell

• shellcheck

Git Workflow Standards

• commit msg check

Documentation Standards

• note check

Configuration

Reviewbot adheres to a zero-configuration principle whenever possible, but also provides flexible configuration capabilities for special requirements. All configurable items are defined in the config/config.go file.

The following are some common configuration scenarios:

Adjusting Execution Commands

Linters are generally executed using default commands, but we can adjust these commands. For example:

qbox/kodo:
  linters:
    staticcheck:
      workDir: "src/qiniu.com/kodo"

This configuration means that for the staticcheck inspection of the qbox/kodo repository code, execution should occur in the src/qiniu.com/kodo directory.

We can even configure more complex commands, such as:

qbox/kodo:
  linters:
    golangci-lint:
      command:
        - "/bin/sh"
        - "-c"
        - "--"
      args:
        - |
          source env.sh
          cp .golangci.yml src/qiniu.com/kodo/.golangci.yml
          cd src/qiniu.com/kodo
          export GO111MODULE=auto
          go mod tidy
          golangci-lint run --timeout=10m0s --allow-parallel-runners=true --print-issued-lines=false --out-format=line-number >> $ARTIFACT/lint.log 2>&1

This configuration indicates that for the golangci-lint inspection of the qbox/kodo repository code, execution occurs through custom commands and arguments.

The usage of command and args here is similar to that of Kubernetes Pod command and args. You can refer to Kubernetes Pod for more information.

The $ARTIFACT environment variable is noteworthy. This is a built-in variable in Reviewbot used to specify the output directory, facilitating the exclusion of irrelevant interference. Since Reviewbot ultimately only cares about the linters' output, and in this complex scenario, the shell script will output a lot of irrelevant information, we can use this environment variable to specify the output directory. This allows Reviewbot to parse only the files in this directory, resulting in more precise detection results.

Disabling a Linter

We can also disable a specific linter check for a particular repository through configuration. For example:

qbox/net-gslb:
  linters:
    golangci-lint:
      enable: false

This configuration means that the golangci-lint check is disabled for the qbox/net-gslb repository.

We can also globally disable a linter, like this:

customLinters:
  golangci-lint:
    enable: false

Cloning multiple repositories

By default, Reviewbot clones the repository where the event occurs. However, in some scenarios, we might want to clone multiple repositories, and customizing the cloning path.

For example:

qbox/net-gslb:
  refs:
    - org: "qbox"
      repo: "net-gslb"
      pathAlias: "src/qiniu.com/net-gslb"
    - org: "qbox"
      repo: "kodo"

Executing Linters via Docker

By default, Reviewbot uses locally installed linters for checks. However, in some scenarios, we mig