Guide for GitLab (self-hosted)
Integrate the AI Code Review Agent into your self-hosted GitLab workflow.
Boost your development workflow by configuring the AI Code Review Agent with your GitLab (self-hosted) repositories. In this guide, you'll learn how to set up the Agent to receive automated code reviews that trigger whenever you create a merge request, as well as how to manually initiate reviews using available commands.
You need a Bito 10X Developer paid plan to get started. For more information about costs, please visit our Pricing Page.
Video tutorial
coming soon...
Prerequisites
Before proceeding, ensure you've completed all necessary prerequisites.
Create a GitLab Personal Access Token: For GitLab merge request code reviews, a token with API access is required. View Guide
Authorizing a GitLab Personal Access Token for use with SAML single sign-on:
If your GitLab organization enforces SAML Single Sign-On (SSO), you must authorize your Personal Access Token through your Identity Provider (IdP); otherwise, Bito's AI Code Review Agent won't function properly.
For more information, please refer to these GitLab documentation:
Installation and configuration steps
Follow the step-by-step instructions below to install the AI Code Review Agent using Bito Cloud:
Log in to Bito Cloud with a workspace subscribed to the Bito 10X Developer plan.
From the left sidebar, click on the Explore Agents menu to view all available Agents for installation.
Currently, we only offer the AI Code Review Agent. More dev agents are coming soon.
Find the Code Review Agent in the list and click the Create New Instance button.
Configure Agent:
From the Git provider dropdown menu, select GitLab (self-hosted).
Whitelist all of Bito's gateway IP addresses in your firewall to ensure Bito has access to your self-hosted repository. The Agent response can come from any of these IPs.
List of IP addresses to whitelist:
18.188.201.104
3.23.173.30
18.216.64.170
Enter your GitLab external URL.
Supported versions:
GitLab (self-hosted): 15.5 and above
Generate a Personal Access Token in your GitLab account and enter it into the GitLab Access Token input field. For guidance, refer to the instructions in the Prerequisites section.
Agent actions: This section contains all the actions that the AI Code Review Agent can perform. The Agent can execute these actions as part of a workflow or manually.
/review
command: Initiate a manual code review by commenting/review
on a merge request. It provides separate code suggestions for each detected issue below the code diffs.Additionally, you can pass an optional parameter like
/review #inline_comment=False
to get code review in a single post.
Agent instance details: In this section, you can set the name and description of your Agent instance.
Instance name: Assign a unique alphanumeric identifier for your instance. You can invoke the Agent in supported clients using
@<instance_name>
command.Instance description: Provide a brief description of the specific use case or project where this AI Code Review Agent instance will be deployed. This description will help you easily identify and manage it among multiple instances.
Filters: Exclude specific files and folders from code reviews or skip automated reviews for selected Git branches. For more information and examples, see Excluding Files, Folders, or Branches with Filters.
Files and folders: A list of files/folders that the AI Code Review Agent will not review if they are present in the diff. You can specify the files/folders to exclude from the review by name or glob/regex pattern. The Agent will automatically skip any files or folders that match the exclusion list. This filter applies to both manual reviews initiated through the
/review
command and automated reviews triggered via webhook.Source or Target branch: This filter allows users to skip automated reviews for merge requests based on the source or target branch. It is useful in scenarios where automated reviews are unnecessary or could potentially disrupt the workflow. This filter applies only to automatically triggered reviews. Users should still be able to trigger reviews manually via the
/review
command.Draft pull requests: A toggle switch that controls the automated review of merge requests based on their draft status. The default setting is enabled (turned on), which means automated review is skipped for draft merge requests.
Save configuration: Click Save & view setup instructions to complete the installation and access detailed instructions on configuring the new Agent instance with your repository using webhook.
Add Webhook:
You will be redirected to a page that provides the webhook payload URL and secret key needed to set up a webhook in GitLab, along with a detailed step-by-step guide. Follow the guide to successfully integrate the AI Code Review Agent with your repository.
We have also provided a step-by-step guide below to assist you in adding a webhook in GitLab.
Webhook setup guide
You can also consult the official GitLab documentation to learn how to create a webhook.
Login to your GitLab account.
Select the repository where the webhook needs to be configured.
On the left sidebar, select Settings > Webhooks.
Select Add new webhook.
Copy the Webhook URL from the Setup Instructions screen on Bito Cloud. Then, navigate to the webhook creation form in GitLab, and in URL input field, paste the URL of the webhook endpoint you've just copied. This unique Webhook URL, provided by Bito Cloud, is designed to receive webhook payloads.
Copy the Secret token from the Setup Instructions screen on Bito Cloud. Then, navigate to the webhook creation form in GitLab, and in Secret token input field, paste the webhook secret token you've just copied. The Secret token is used to validate payloads.
In the Trigger section, select the events to trigger the webhook. For code review select these:
Comments - for on-demand code review.
Merge request events - for automatic code review when a merge request is created.
Emoji events - So, you can share feedback on the review quality using emoji reactions.
Select Add webhook.
Using the AI Code Review Agent
After configuring the webhook, you can invoke the AI Code Review Agent in the following ways:
Note: To enhance efficiency, the AI Code Review Agent is disabled by default for merge requests involving the "main" or "master" branches. This prevents unnecessary processing and token usage, as changes to these branches are typically already reviewed in release or feature branches. To modify this default behavior and include the "main" or "master" branches, you can use the Source or Target branch filter.
The AI Code Review Agent automatically reviews code changes up to 5000 lines when a pull request is created. For larger changes, you can use the /review
command.
Automated code review: If the webhook is configured to trigger on the Merge request event, the Agent will automatically review new merge requests as soon as they are created and post the review feedback as a comment within your merge request.
Manually trigger code review: To initiate a manual review, simply type
/review
in the comment box on the merge request and submit it. If the webhook is configured to trigger on the Comments event, this action will start the code review process. The/review
command prompts the Agent to review the merge request and post its feedback directly in the merge request as a comment.Bito also offers specialized commands that are designed to provide detailed insights into specific areas of your source code, including security, performance, scalability, code structure, and optimization.
/review security
: Analyzes code to identify security vulnerabilities and ensure secure coding practices./review performance
: Evaluates code for performance issues, identifying slow or resource-heavy areas./review scalability
: Assesses the code's ability to handle increased usage and scale effectively./review codeorg
: Scans for readability and maintainability, promoting clear and efficient code organization./review codeoptimize
: Identifies optimization opportunities to enhance code efficiency and reduce resource usage.
By default, the
/review
command generates inline comments, meaning that code suggestions are inserted directly beneath the code diffs in each file. This approach provides a clearer view of the exact lines requiring improvement. However, if you prefer a code review in a single post rather than separate inline comments under the diffs, you can include the optional parameter:/review #inline_comment=False
For more details, refer to Available Commands.
It may take a few minutes to get the code review posted as a comment, depending on the size of the merge request.
Screenshots
Screenshot # 1
AI-generated merge request (MR) summary
Screenshot # 2
Changelist showing key changes and impacted files in a merge request.
Screenshot # 3
AI code review feedback posted as comments on the merge request.
Last updated