cline/docs/cline-cli/samples/github-pr-review.mdx

---
title: "GitHub PR Review"
description: "Automatically review Pull Requests with AI using Cline CLI in GitHub Actions."
---

Automate code review for every Pull Request. Detailed analysis, security checks, and code suggestions provided by Cline running autonomously in GitHub Actions.

## The Workflow

When a PR is opened or marked ready for review, this workflow:
1.  **Checks out** the code.
2.  **Installs** Node.js and Cline CLI.
3.  **Configures** authentication (e.g., Anthropic, OpenAI).
4.  **Runs Cline** with a comprehensive system prompt to analyze the diff, context, and related issues using GitHub CLI (`gh`).
5.  **Posts** a detailed review comment with inline code suggestions.

## Prerequisites

-   **GitHub repository** with Actions enabled.
-   **AI Provider API Key** (e.g., Anthropic, OpenRouter) added as a repository secret (e.g., `ANTHROPIC_API_KEY`).
-   **GitHub Token** (automatically provided by Actions as `GITHUB_TOKEN`).

## Setup

### 1. Create the Workflow File

Create a file named `.github/workflows/cline-pr-review.yml` in your repository:

```yaml
name: Cline PR Code Review

on:
  pull_request:
    types: [opened, ready_for_review]
  workflow_dispatch:
    inputs:
      pr_number:
        description: "PR number to review"
        required: true
        type: string

concurrency:
  group: pr-review-${{ github.event.pull_request.number || inputs.pr_number }}
  cancel-in-progress: true

jobs:
  cline-pr-review:
    if: |
      (github.event_name == 'pull_request' && github.event.pull_request.draft == false) ||
      github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest
    timeout-minutes: 60

    permissions:
      contents: read
      pull-requests: write
      issues: read

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 22
          cache: "npm"

      - name: Install Cline CLI
        run: npm install -g cline

      - name: Configure Cline Authentication
        # Replace 'anthropic' with your provider of choice (openai, openrouter, etc.)
        # and ensure the corresponding secret is set in your repo settings.
        run: |
          cline auth --provider anthropic \
            --apikey "${{ secrets.ANTHROPIC_API_KEY }}" \
            --modelid claude-opus-4-5-20251101

      - name: Get PR number
        id: pr
        run: |
          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
            echo "number=${{ inputs.pr_number }}" >> $GITHUB_OUTPUT
          else
            echo "number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
          fi

      - name: Review PR with Cline
        env:
          PR_NUMBER: ${{ steps.pr.outputs.number }}
          GITHUB_REPO: ${{ github.repository }}
          GH_TOKEN: ${{ github.token }}
          # Restrict Cline to only safe, read-only GitHub CLI commands
          CLINE_COMMAND_PERMISSIONS: |
            {
              "allow": [
                "gh pr diff *",
                "gh pr view *",
                "gh pr checks *",
                "gh pr list *",
                "gh issue list *",
                "gh issue view *",
                "git log *",
                "gh pr comment ${{ steps.pr.outputs.number }} *",
                "gh api repos/${{ github.repository }}/pulls/${{ steps.pr.outputs.number }}/comments *",
                "gh api repos/${{ github.repository }}/pulls/${{ steps.pr.outputs.number }}/reviews *"
              ]
            }
        run: |
          cline --yolo 'You are a GitHub PR reviewer for this repository. Your goal is to give the PR author helpful feedback and give maintainers the context they need to review efficiently.

          PR: #'"${PR_NUMBER}"'

          ## Gather context
          Use `gh` commands to fetch the PR diff, details, and checks.
          
          ```bash
          # Get full PR details
          gh pr view '"${PR_NUMBER}"' --json number,title,body,author,createdAt,updatedAt,isDraft,labels,commits,files,additions,deletions,changedFiles,baseRefName,headRefName,mergeable,reviewDecision

          # Get the diff
          gh pr diff '"${PR_NUMBER}"'

          # Check CI status
          gh pr checks '"${PR_NUMBER}"'
          ```

          ## Deep code review
          Analyze the code changes. Look for:
          - Logic errors and edge cases
          - Security vulnerabilities
          - Performance issues
          - adherence to patterns in the codebase

          ## Submit Review
          Post a single comprehensive comment summarizing your review.
          
          If you have specific code suggestions, use the GitHub API to post inline comments:
          
          ```bash
          gh api repos/'"${GITHUB_REPO}"'/pulls/'"${PR_NUMBER}"'/reviews \
            -X POST \
            -f event="COMMENT" \
            -f body="" \
            -F comments='[{"path": "src/file.ts", "line": 10, "body": "Suggestion: ..."}]'
          ```
          
          Start your main comment with "Reviewed by Cline".'
```

### 2. Configure Secrets

1.  Go to your repository settings -> **Secrets and variables** -> **Actions**.
2.  Add a **New repository secret**.
3.  Name: `ANTHROPIC_API_KEY` (or match the key used in your workflow).
4.  Value: Your actual API key.

## Key Components Explained

### Permissions
```yaml
permissions:
  contents: read
  pull-requests: write
  issues: read
```
We grant `pull-requests: write` so Cline can post comments and inline reviews. `contents: read` ensures it can analyze the code but **cannot push changes directly**, providing a security boundary.

### Authentication
```bash
cline auth --provider anthropic --apikey "..."
```
The `auth` command configures Cline in the CI environment without interactive prompts. You can switch providers (e.g., `openai`, `openrouter`) by changing the flags.

### Autonomous Mode (`--yolo`)
```bash
cline --yolo '...'
```
The `--yolo` flag tells Cline to run autonomously, executing commands without waiting for user approval. This is essential for CI/CD workflows.

### Command Permissions
We explicitly restrict what commands Cline can run using `CLINE_COMMAND_PERMISSIONS`. This ensures Cline can only use `gh` and `git` commands relevant to reviewing, preventing any accidental or malicious system modifications.

## Customizing the Reviewer

The "System Prompt" passed to Cline in the final step is fully customizable. You can modify it to:
-   Enforce specific style guides.
-   Focus on security vs. performance.
-   Ask for specific types of feedback (e.g., "Roast my code" vs. "Be gentle").