AI-Powered Pull Requests: Building Smarter Workflows with Claude & OpenAI

Introduction

The comprehensive guide shows you how to implement an AI-powered code review system that provides both line-by-line feedback and architectural analysis for your iOS/Swift projects.

What You'll Build

• Automated inline code reviews on every pull request

• Architectural analysis with security, performance, and accessibility insights

• iOS-specific feedback covering SwiftUI, UIKit, memory management, and App Store compliance

• Rate-limited, production-ready GitHub Actions workflow

Prerequisites

• iOS project hosted on GitHub

• Basic knowledge of GitHub Actions

• OpenAI API access (GPT-4 recommended)

GitHub Secrets Setup Guide

Before exploring the GitHub Actions Workflow for the Pull Request using Claude AI or OpenAI, we should understand what are API Keys and where to store GitHub Secrets

Where to store GitHub Secrets

GitHub Secrets are stored in your repository settings and are encrypted. They're accessible to your GitHub Actions workflows but never visible in logs or to unauthorized users.

How to Get API Keys

Getting OpenAI API Key

• Go to platform.openai.com

• Sign up or log in

• Click → API Keys or API keys

• Click Create new secret key

• Name it (e.g., "OPENAI_API_KEY")

• Copy the key immediately (you won't see it again)

• Add billing method if required

Getting Anthropic API Key

• Go to console.anthropic.com

• Sign up or log in

• Click API Keys in the sidebar

• Click CREATE Key

• Name it (e.g., "iOS-PR-Review")

• Copy the key immediately

• Add credits/billing if required

Verify GITHUB_TOKEN

• GitHub automatically provides GITHUB_TOKEN

• No manual setup required for this secret

Step-by-Step Setup

Navigate to Repository Settings

• Go to your GitHub repository

• Click on "Settings" tab (top navigation)

• In the left sidebar, click "Secrets and variables”

• Click "Actions"

Path ⇒ GitHub Repository → Settings → Secrets and variables → Actions

Add Repository Secrets

Click the "New repository secret" button for each secret:

• Required Secrets for iOS AI Workflow:

Secret Name: OPENAI_API_KEY

• Value: Your OpenAI API key (starts with sk- )

• Description: Used for GPT-4 code analysis

Secret Name: ANTHROPIC_API_KEY

• Value: Your OpenAI API key (starts with sk-ant- )

• Description: Used for Claude code analysis

Secret Name: IOS_SCHEME_NAME

• Value: Your project name

• Description: Used for GPT-4 code analysis

After adding necessary secrets, you will find in the list of repository secrets

Using Secrets in Workflows

In your workflow files, reference secrets like this:

- name: Run AI Review
  env:
    OPENAI_API_KEY: '${{ secrets.OPENAI_API_KEY }}'
    ANTHROPIC_API_KEY: '${{ secrets.ANTHROPIC_API_KEY }}'
    GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
  run: node scripts/ios-ai-reviewer.js

Secrets in Workflow

---

Let’s continue with Workflow for Pull Request by using the Claude AI and OpenAI API Keys.

Project Setup

Repository Structure for iOS Projects

Creating the Scripts Directory

# In your project root
mkdir -p scripts
mkdir -p .github/workflows

workflow creation

Implementation

AI Code Reviewer Script

Create scripts/ai-code-reviewer.py

This file defines the GitHub Actions automation that triggers AI-powered code reviews for our iOS project.

name: AI Code Review

on:
  pull_request:
    types: [opened, reopened, synchronize]
    branches: ['**']

permissions:
  contents: read
  pull-requests: write

jobs:
  ai_code_review:
    name: "AI Code Review"
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository code
        uses: actions/checkout@v4

      - name: Setup Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'

      - name: Install Python dependencies
        run: pip install openai requests

      - name: Run comprehensive AI code reviewer
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
          OPENAI_MODEL: gpt-4o
          PR_NUMBER: ${{ github.event.pull_request.number }}
          PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
          GITHUB_REPOSITORY: ${{ github.repository }}
        run: python scripts/ai-code-reviewer.py

ai code reviewer script

Trigger Point: Runs on pull request events (opened, reopened, synchronize) across all branches.

Permissions: Grant read access for the contents and write access for PR Comments

Workflow Steps:

Dependencies: Installs required Python packages (openai, requests).

Environment variables

• GITHUB_TOKEN (for authentication)

• OPENAI_API_KEY (for OpenAI API access)

• OPENAI_MODEL (GPT-4 or GPT-4o-mini)

• PR_NUMBER, PR_HEAD_SHA, GITHUB_REPOSITORY (context for the pull request)

Connects GitHub PRs with the AI analysis logic in the Python script(ai-code-reviewer.py).

Python AI Reviewer Script

This script is the engine that does the actual AI-powered code review. Here’s what it handles:

• Fetch PR Diff Files

• Analyze Code with AI - Targets Swift/SwiftUI best practices, memory leaks, state management, security (e.g., Keychain), and accessibility issues.

• line-by-line comments

• PR Summary

• iOS-Specific Checks - SwiftUI, UIKit, Security, Accessibility

• API call throttling

Environment Setup: The Power of Secrets

GITHUB_TOKEN = os.getenv('GITHUB_TOKEN')
OPENAI_API_KEY = os.getenv('OPENAI_API_KEY')
MODEL_INLINE = os.getenv('OPENAI_MODEL', 'gpt-4o')  # For inline reviews
MODEL_SUMMARY = 'gpt-4o-mini'  # For architectural summary (cheaper model)
PR_NUMBER = os.getenv('PR_NUMBER')
REPO = os.getenv('GITHUB_REPOSITORY')

Environment Setup

Fetch PR Diff Files

def fetch_pr_files():
    url = f"https://api.github.com/repos/{OWNER}/{REPO_NAME}/pulls/{PR_NUMBER}/files"
    response = requests.get(url, headers=HEADERS)
    ...

Fetch PR Diff

AI-Powered Code Analysis

MODEL_INLINE (e.g., gpt-4o): For line-by-line comments (e.g., flagging a missing @MainActor or a potential memory leak).

MODEL_SUMMARY (e.g., gpt-4o-mini): For overall architectural analysis (e.g., is MVVM properly applied? Are state management patterns correct?).

# In your workflow, choose the right model:
OPENAI_MODEL: gpt-4o # Best quality, higher cost# or
OPENAI_MODEL: gpt-4o-mini# Good quality, lower cost

OpenAI Model Difference in cost

This separation balances quality and cost.

iOS-Specific Review Features

SwiftUI State Management Analysis

• Proper Usage of @StateObject vs @Observable and other property wrappers such as @State, @Binding and @Environment

• Navigation Patterns with NavigationStack

Memory Management & Performance

• Retain Cycle, weak reference usage, Modern Swift Concurrency usage such as async/await or @MainActor

Security & Privacy Compliance

Accessibility & Inclusivity

Posting AI Review Comments

After analysis, the script uses the GitHub API to post feedback:

def post_comment(file_path, line_number, comment_text):
    ...
    response = requests.post(..., json=comment_data, headers=HEADERS)

post review comment

Rate Limiting Configuration

# Adjust these values based on your needs
API_DELAY=2.0# Seconds between API calls
MAX_COMMENTS_PER_FILE=5# Limit comments per file

Rate limiting configuration

Testing the Workflow

Create a Test Pull Request

• Make a code change in your iOS project

• Create a new branch and commit your changes

• Open a pull request to trigger the workflow

Expected Results

• Inline Comments: Specific feedback on changed lines

• Architectural Summary: High-level analysis with scores and recommendations

• Action Items: Categorized by priority (Critical, Important, Enhancement)

Code Review Examples

Suggestion: Dependency Injection

Potential Issue: Runtime issues

Deprecated: NavigationView Usage

Improper Usage: Force casting

Swift 6 Concurrency: @MainActor

---

Final Thoughts

AI powered workflow and code review combines the efficiency of automated review with deep Swift/SwiftUI expertise, helping your team maintain high code quality standards.