Getting Started
Platforms
Merlin AI Code Review auto-detects the VCS platform from CI environment variables. No manual config needed.
| Platform | Auto-detected env var | Token env var | Comments appear as |
|---|---|---|---|
| GitHub | GITHUB_ACTIONS=true | GITHUB_TOKEN | github-actions[bot] |
| GitLab | GITLAB_CI=true | GITLAB_TOKEN | GitLab project bot |
| Bitbucket | BITBUCKET_PIPELINE_UUID | BITBUCKET_TOKEN | Pipelines build service |
| Azure DevOps | TF_BUILD=True | AZURE_DEVOPS_TOKEN | Project Collection Build Service |
| Gitea | GITEA_ACTIONS=true | GITEA_TOKEN | gitea-actions[bot] |
GitHub Actions
Option A — Docker container (simplest, recommended):
.github/workflows/merlin-review.yml
yamlname: Merlin AI Code Reviewon:pull_request:types: [opened, synchronize, reopened]permissions:contents: readpull-requests: writejobs:merlin-review:runs-on: ubuntu-latestcontainer:image: ghcr.io/arunachalamkalimuthu/merlin-ai-code-review:lateststeps:- uses: actions/checkout@v4with:fetch-depth: 0- name: Run Merlin Reviewenv:ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}PR_NUMBER: ${{ github.event.pull_request.number }}REPO: ${{ github.repository }}run: merlin review
Option B — Binary install (with RAG index caching):
.github/workflows/merlin-review.yml
yamlname: Merlin AI Code Reviewon:pull_request:types: [opened, synchronize, reopened]permissions:contents: readpull-requests: writejobs:merlin-review:runs-on: ubuntu-lateststeps:- uses: actions/checkout@v4with:fetch-depth: 0- name: Cache RAG indexuses: actions/cache@v4with:path: merlin-rag.jsonlkey: merlin-rag-${{ hashFiles('src/**', 'lib/**') }}restore-keys: merlin-rag-- name: Install Merlinrun: |curl -fsSL \https://github.com/Arunachalamkalimuthu/merlin-ai-code-review/releases/latest/download/install.sh \| sh- name: Build RAG index (first run only)run: test -f merlin-rag.jsonl || merlin rag index .env:OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}- name: Run Merlin Reviewenv:GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}run: merlin review
Webhook bot mode (GitHub)
Allow PR commenters to trigger commands by mentioning @merlin.
.github/workflows/merlin-bot.yml
yamlon:issue_comment:types: [created]jobs:merlin-bot:runs-on: ubuntu-latestpermissions:contents: readpull-requests: writesteps:- uses: actions/checkout@v4- run: merlin webhook --port 8080env:GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}MERLIN_GITHUB_SECRET: ${{ secrets.MERLIN_GITHUB_SECRET }}
GitLab CI
Docker image (simplest):
.gitlab-ci.yml
yamlmerlin-review:image: ghcr.io/arunachalamkalimuthu/merlin-ai-code-review:lateststage: reviewrules:- if: $CI_PIPELINE_SOURCE == "merge_request_event"variables:GITLAB_TOKEN: $CI_JOB_TOKENANTHROPIC_API_KEY: $ANTHROPIC_API_KEYscript:- merlin review
With RAG index caching:
.gitlab-ci.yml
yamlmerlin-review:image: ghcr.io/arunachalamkalimuthu/merlin-ai-code-review:lateststage: reviewrules:- if: $CI_PIPELINE_SOURCE == "merge_request_event"cache:key: merlin-rag-$CI_DEFAULT_BRANCHpaths:- merlin-rag.jsonlvariables:GITLAB_TOKEN: $CI_JOB_TOKENANTHROPIC_API_KEY: $ANTHROPIC_API_KEYOPENAI_API_KEY: $OPENAI_API_KEYscript:- test -f merlin-rag.jsonl || merlin rag index .- merlin review
Bitbucket Pipelines
bitbucket-pipelines.yml
yamlpipelines:pull-requests:'**':- step:name: Merlin AI Reviewimage: ghcr.io/arunachalamkalimuthu/merlin-ai-code-review:latestcaches:- merlin-ragscript:- test -f merlin-rag.jsonl || merlin rag index .- merlin reviewvariables:BITBUCKET_TOKEN: $BITBUCKET_STEP_TOKENANTHROPIC_API_KEY: $ANTHROPIC_API_KEYOPENAI_API_KEY: $OPENAI_API_KEYdefinitions:caches:merlin-rag:key:files:- src/**path: merlin-rag.jsonl
Azure DevOps
One-time setup
In the Azure DevOps pipeline editor, click … → Triggers → YAML → Get sources and tick "Allow scripts to access the OAuth token".
azure-pipelines.yml
yamltrigger: nonepr:branches:include:- '*'pool:vmImage: ubuntu-latestcontainer:image: ghcr.io/arunachalamkalimuthu/merlin-ai-code-review:lateststeps:- checkout: selffetchDepth: 0- script: merlin reviewdisplayName: Merlin AI Reviewenv:AZURE_DEVOPS_TOKEN: $(System.AccessToken)ANTHROPIC_API_KEY: $(ANTHROPIC_API_KEY)SYSTEM_TEAMFOUNDATIONCOLLECTIONURI: $(System.TeamFoundationCollectionUri)SYSTEM_TEAMPROJECT: $(System.TeamProject)BUILD_REPOSITORY_NAME: $(Build.Repository.Name)BUILD_SOURCEBRANCH: $(Build.SourceBranch)SYSTEM_PULLREQUEST_PULLREQUESTID: $(System.PullRequest.PullRequestId)
Gitea Actions
.gitea/workflows/merlin-review.yml
yamlname: Merlin AI Code Reviewon:pull_request:types: [opened, synchronize, reopened]jobs:merlin-review:runs-on: ubuntu-latestcontainer:image: ghcr.io/arunachalamkalimuthu/merlin-ai-code-review:lateststeps:- uses: actions/checkout@v4with:fetch-depth: 0- name: Run Merlin Reviewenv:GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}PR_NUMBER: ${{ github.event.pull_request.number }}REPO: ${{ github.repository }}run: merlin review
Docker (local or self-hosted CI)
shell
docker run --rm \-e GITHUB_TOKEN=... \-e ANTHROPIC_API_KEY=... \-e GITHUB_ACTIONS=true \-e GITHUB_REPOSITORY=owner/repo \-e PR_NUMBER=42 \-e REPO=owner/repo \ghcr.io/arunachalamkalimuthu/merlin-ai-code-review:latest merlin review
Running as a persistent webhook service:
docker-compose.yml
yamlservices:merlin:image: ghcr.io/arunachalamkalimuthu/merlin-ai-code-review:latestcommand: webhook --port 8080ports:- "8080:8080"environment:GITHUB_TOKEN: your-tokenANTHROPIC_API_KEY: your-keyMERLIN_GITHUB_SECRET: your-secretrestart: unless-stopped