The Inspiration We noticed a huge bottleneck in development: the "waiting for review" phase. While code is written in minutes, waiting for a human to spot a security flaw or a logic bug can take hours. We were inspired to build an "AI First Responder" that reviews code the second it's pushed, long before a human even opens the Merge Request.
How We Built It We built a bridge between GitLab CI/CD and Google Gemini 1.5 Pro.
The Trigger: We configured a .gitlab-ci.yml file to wake up whenever a Merge Request is created.
The Brain: We wrote a Python script that uses the google-genai SDK to "read" the code changes.
The Action: Using the python-gitlab library, our script automatically posts comments and security labels directly back onto the GitLab UI.
Challenges We Faced The biggest challenge was the "Invisible ID." Initially, our script couldn't find the Merge Request ID because it was running in a standard "Branch" mode. We had to learn how to use Environment Injection to tell GitLab to pass the CI_MERGE_REQUEST_IID directly into our Python script's memory. Moving the .gitlab-ci.yml to the root directory was the final "aha!" moment that made everything click.
What We Learned We learned that the best tools are the ones that work where developers already are. By integrating AI directly into the CI/CD pipeline, we realized we can catch bugs like hardcoded keys or logic errors automatically. We mastered how to handle API tokens securely using GitLab's "Variables" vault instead of risky local files.
Built With
- gitlab-ci/cd-(yaml)
- gitlab-cloud
- gitlab-shared-runners-(docker)
- google-gemini-1.5-pro-api
- google-genai-sdk
- python-3.9
- python-dotenv
- python-gitlab-library
Log in or sign up for Devpost to join the conversation.