The comprehensive guide shows you how to implement an AI-powered code review system that provides both line-by-line feedback and architectural analysis for your iOS/Swift projects.
Workflows with Claude and OpenAI
Automated inline code reviews on every pull request
Architectural analysis with security, performance, and accessibility insights
iOS-specific feedback covering SwiftUI, UIKit, memory management, and App Store compliance
Rate-limited, production-ready GitHub Actions workflow
iOS project hosted on GitHub
Basic knowledge of GitHub Actions
OpenAI API access (GPT-4 recommended)
Before exploring the GitHub Actions Workflow for the Pull Request using Claude AI or OpenAI, we should understand what are API Keys and where to store GitHub Secrets
GitHub Secrets are stored in your repository settings and are encrypted. They're accessible to your GitHub Actions workflows but never visible in logs or to unauthorized users.
Go to platform.openai.com
Sign up or log in
Click → API Keys
or API keys
Click Create new secret key
Name it (e.g., "OPENAI_API_KEY")
Copy the key immediately (you won't see it again)
Add billing method if required
OpenAI API Key
Go to console.anthropic.com
Sign up or log in
Click API Keys
in the sidebar
Click CREATE Key
Name it (e.g., "iOS-PR-Review")
Copy the key immediately
Add credits/billing if required
Anthropic API Key
GitHub automatically provides GITHUB_TOKEN
No manual setup required for this secret
Navigate to Repository Settings
Go to your GitHub repository
Click on "Settings" tab (top navigation)
In the left sidebar, click "Secrets and variables”
Click "Actions"
Path ⇒ GitHub Repository → Settings → Secrets and variables → Actions
Add Repository Secrets
New Secret
Click the "New repository secret" button for each secret:
Required Secrets for iOS AI Workflow:
Secret Name: OPENAI_API_KEY
Value: Your OpenAI API key (starts with sk- )
Description: Used for GPT-4 code analysis
Secret Name: ANTHROPIC_API_KEY
Value: Your OpenAI API key (starts with sk-ant- )
Description: Used for Claude code analysis
Secret Name: IOS_SCHEME_NAME
Value: Your project name
Description: Used for GPT-4 code analysis
After adding necessary secrets, you will find in the list of repository secrets
Repository Secrets
In your workflow files, reference secrets like this:
- name: Run AI Review
env:
OPENAI_API_KEY: '${{ secrets.OPENAI_API_KEY }}'
ANTHROPIC_API_KEY: '${{ secrets.ANTHROPIC_API_KEY }}'
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
run: node scripts/ios-ai-reviewer.js
Secrets in Workflow
Let’s continue with Workflow for Pull Request by using the Claude AI and OpenAI API Keys.
Workflow Project structure
# In your project root
mkdir -p scripts
mkdir -p .github/workflows
workflow creation
Create scripts/ai-code-reviewer.py
This file defines the GitHub Actions automation that triggers AI-powered code reviews for our iOS project.
name: AI Code Review
on:
pull_request:
types: [opened, reopened, synchronize]
branches: ['**']
permissions:
contents: read
pull-requests: write
jobs:
ai_code_review:
name: "AI Code Review"
runs-on: ubuntu-latest
steps:
- name: Checkout repository code
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install Python dependencies
run: pip install openai requests
- name: Run comprehensive AI code reviewer
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
OPENAI_MODEL: gpt-4o
PR_NUMBER: ${{ github.event.pull_request.number }}
PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
GITHUB_REPOSITORY: ${{ github.repository }}
run: python scripts/ai-code-reviewer.py
ai code reviewer script
Trigger Point: Runs on pull request events (opened, reopened, synchronize) across all branches.
Permissions: Grant read access for the contents and write access for PR Comments
Workflow Steps:
Dependencies: Installs required Python packages (openai, requests).
Environment variables
GITHUB_TOKEN (for authentication)
OPENAI_API_KEY (for OpenAI API access)
OPENAI_MODEL (GPT-4 or GPT-4o-mini)
PR_NUMBER, PR_HEAD_SHA, GITHUB_REPOSITORY (context for the pull request)
Connects GitHub PRs with the AI analysis logic in the Python script(ai-code-reviewer.py).
This script is the engine that does the actual AI-powered code review. Here’s what it handles:
Fetch PR Diff Files
Analyze Code with AI - Targets Swift/SwiftUI best practices, memory leaks, state management, security (e.g., Keychain), and accessibility issues.
line-by-line comments
PR Summary
iOS-Specific Checks - SwiftUI, UIKit, Security, Accessibility
API call throttling
GITHUB_TOKEN = os.getenv('GITHUB_TOKEN')
OPENAI_API_KEY = os.getenv('OPENAI_API_KEY')
MODEL_INLINE = os.getenv('OPENAI_MODEL', 'gpt-4o') # For inline reviews
MODEL_SUMMARY = 'gpt-4o-mini' # For architectural summary (cheaper model)
PR_NUMBER = os.getenv('PR_NUMBER')
REPO = os.getenv('GITHUB_REPOSITORY')
Environment Setup
def fetch_pr_files():
url = f"https://api.github.com/repos/{OWNER}/{REPO_NAME}/pulls/{PR_NUMBER}/files"
response = requests.get(url, headers=HEADERS)
...
Fetch PR Diff
MODEL_INLINE (e.g., gpt-4o): For line-by-line comments (e.g., flagging a missing @MainActor or a potential memory leak).
MODEL_SUMMARY (e.g., gpt-4o-mini): For overall architectural analysis (e.g., is MVVM properly applied? Are state management patterns correct?).
# In your workflow, choose the right model:
OPENAI_MODEL: gpt-4o # Best quality, higher cost# or
OPENAI_MODEL: gpt-4o-mini# Good quality, lower cost
OpenAI Model Difference in cost
This separation balances quality and cost.
SwiftUI State Management Analysis
Proper Usage of @StateObject vs @Observable and other property wrappers such as @State, @Binding and @Environment
Navigation Patterns with NavigationStack
Memory Management & Performance
Retain Cycle, weak reference usage, Modern Swift Concurrency usage such as async/await or @MainActor
Security & Privacy Compliance
Accessibility & Inclusivity
After analysis, the script uses the GitHub API to post feedback:
def post_comment(file_path, line_number, comment_text):
...
response = requests.post(..., json=comment_data, headers=HEADERS)
post review comment
# Adjust these values based on your needs
API_DELAY=2.0# Seconds between API calls
MAX_COMMENTS_PER_FILE=5# Limit comments per file
Rate limiting configuration
Make a code change in your iOS project
Create a new branch and commit your changes
Open a pull request to trigger the workflow
Inline Comments: Specific feedback on changed lines
Architectural Summary: High-level analysis with scores and recommendations
Action Items: Categorized by priority (Critical, Important, Enhancement)
Suggestion: Dependency Injection
Code Review 1 - Dependency Injection is must
Potential Issue: Runtime issues
Code Review 2 - Runtime issues
Deprecated: NavigationView Usage
Code Review 3 - Deprecated
Improper Usage: Force casting
Code Review 4 - Force casting
Swift 6 Concurrency: @MainActor
Code Review 5 - @MainActor
SPONSOR
The Unique iOS Swift Conference in the UK
SwiftLeeds is a premier iOS conference taking place on October 7-8 this year. If you’re looking to stay updated on the latest trends in iOS development and connect with like-minded professionals, this event is a must-attend! Don’t miss out—book your tickets now!
Get your tickets!AI powered workflow and code review combines the efficiency of automated review with deep Swift/SwiftUI expertise, helping your team maintain high code quality standards.
This is a free third party commenting service we are using for you, which needs you to sign in to post a comment, but the good bit is you can stay anonymous while commenting.