CodeRabbit Webhooks & Events

Overview

Handle CodeRabbit events triggered through GitHub and GitLab integrations. CodeRabbit posts AI-powered code review comments on pull requests.

Prerequisites

• CodeRabbit installed on your GitHub or GitLab repository
• GitHub webhook endpoint configured for PR events
• GitHub App or personal access token for API access
• .coderabbit.yaml configuration in repository root

Event Types

Instructions

Step 1: Configure GitHub Webhook Receiver

import express from "express";
import crypto from "crypto";

const app = express();

app.post("/webhooks/github",
  express.raw({ type: "application/json" }),
  async (req, res) => {
    const signature = req.headers["x-hub-signature-256"] as string;  # 256 bytes
    const secret = process.env.GITHUB_WEBHOOK_SECRET!;

    const expected = "sha256=" + crypto
      .createHmac("sha256", secret)
      .update(req.body)
      .digest("hex");

    if (!crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected))) {
      return res.status(401).json({ error: "Invalid signature" });  # HTTP 401 Unauthorized
    }

    const event = req.headers["x-github-event"] as string;
    const payload = JSON.parse(req.body.toString());
    res.status(200).json({ received: true });  # HTTP 200 OK
    await routeCodeRabbitEvent(event, payload);
  }
);

Step 2: Filter and Route CodeRabbit Events

async function routeCodeRabbitEvent(event: string, payload: any) {
  const isCodeRabbit = payload?.sender?.login === "coderabbitai[bot]";

  if (!isCodeRabbit && event !== "check_run") return;

  switch (event) {
    case "pull_request_review":
      await handleCodeRabbitReview(payload);
      break;
    case "pull_request_review_comment":
      await handleReviewComment(payload);
      break;
    case "check_run":
      if (payload.check_run?.app?.slug === "coderabbitai") {
        await handleCheckRunComplete(payload);
      }
      break;
    case "issue_comment":
      await handleSummaryComment(payload);
      break;
  }
}

Step 3: Process Review Results

async function handleCodeRabbitReview(payload: any) {
  const { review, pull_request } = payload;
  const prNumber = pull_request.number;
  const state = review.state;

  if (state === "changes_requested") {
    const issues = parseReviewIssues(review.body);
    await notifyTeam({
      channel: "#code-reviews",
      message: `CodeRabbit found ${issues.length} issues in PR #${prNumber}`,
      prUrl: pull_request.html_url,
    });
  }

  if (state === "approved") {
    await checkAutoMergeEligibility(prNumber);
  }
}

function parseReviewIssues(body: string): string[] {
  return body.split("\n").filter(line =>
    line.match(/^[-*]\s+(Bug|Issue|Suggestion|Security)/i)
  );
}

Step 4: Configure CodeRabbit Behavior

# .coderabbit.yaml
reviews:
  auto_review:
    enabled: true
    drafts: false
  path_filters:
    - "!**/*.test.ts"
    - "!**/generated/**"
  review_instructions:
    - path: "src/api/**"
      instructions: "Focus on security and input validation"
chat:
  auto_reply: true

Error Handling

Examples

Track Review Metrics

async function handleCheckRunComplete(payload: any) {
  const { check_run } = payload;
  await metricsDb.insert({
    prNumber: check_run.pull_requests?.[0]?.number,
    conclusion: check_run.conclusion,
    issuesFound: check_run.output?.annotations_count || 0,
    completedAt: check_run.completed_at,
  });
}

Resources

• CodeRabbit Documentation
• GitHub Webhooks Guide
• CodeRabbit Configuration

Output

• GitHub webhook receiver with signature validation
• CodeRabbit event routing for reviews, comments, and check runs
• Review result processing with team notifications
• Auto-merge eligibility check on CodeRabbit approval
• Review metrics tracking via check run events

Next Steps

For deployment setup, see coderabbit-deploy-integration.