GitHub Action that auto-reviews Pull Requests using Google Gemini with DeepSeek fallback.
-
Evaluate Diff & Check PR Size — Fetches the PR diff and skips if it's empty or exceeds line/file limits.
-
AI Review — Sends the diff to the primary Gemini model with a structured prompt covering:
- Critical issues (security, data loss, unhandled exceptions)
- Performance & scalability (N+1 queries, blocking I/O, inefficient algorithms)
- Maintainability (SRP violations, debug leftovers, cascading impact)
If the primary model fails (rate limited, unavailable), it falls back through: Primary Gemini → Fallback Gemini → DeepSeek
-
Post Comment — Publishes the review as a formatted PR comment.
name: AI Code Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: javedquadri/code-review@main
with:
gemini_api_key: ${{ secrets.GEMINI_API_KEY }}- uses: javedquadri/code-review@main
with:
gemini_api_key: ${{ secrets.GEMINI_API_KEY }}
deepseek_api_key: ${{ secrets.DEEPSEEK_API_KEY }}- uses: javedquadri/code-review@main
with:
gemini_api_key: ${{ secrets.GEMINI_API_KEY }}
model: gemini-2.5-pro
fallback_gemini_model: gemini-2.5-flash
deepseek_model: deepseek-chat| Input | Required | Default | Description |
|---|---|---|---|
gemini_api_key |
Yes | — | Gemini API key from Google AI Studio |
deepseek_api_key |
No | '' |
DeepSeek API key for fallback |
model |
No | gemini-3.5-flash |
Primary Gemini model |
fallback_gemini_model |
No | gemini-2.5-flash |
Fallback Gemini model if primary fails |
deepseek_model |
No | deepseek-v4-flash |
DeepSeek model for final fallback |
tech_stack |
No | '' |
Tech stack description (e.g. Python/Django). Leave blank for auto-detection |
max_changed_lines |
No | 3000 |
Skip review if total changed lines exceeds this |
max_changed_files |
No | 60 |
Skip review if changed files exceeds this |
- Primary Gemini (
model) — first attempt - Fallback Gemini (
fallback_gemini_model) — tried if primary fails (rate limits with 5s pause, 500/503, or other errors) - DeepSeek (
deepseek_model) — final attempt, only ifdeepseek_api_keyis provided
If all providers fail, a message is posted asking reviewers to proceed manually.
The action needs these permissions in your workflow:
permissions:
contents: read # To fetch the PR diff
pull-requests: write # To post review commentsactions/checkout@v4withfetch-depth: 0(needs full git history to diff)- Triggered by
pull_requestevents (opened,synchronize)