Gollora is an automated code review system that integrates with GitHub to provide real-time feedback on pull requests. It combines traditional static analysis with AI-powered insights to help developers improve code quality, security, and maintainability.
- Git Integration:
Seamlessly integrates with GitHub pull requests. - Static Analysis:
Uses industry-standard tools likegolangci-lint
. - AI-Powered Reviews:
Leverages Google's Gemini API for intelligent code analysis (Vertex is paid). - Customizable Configuration:
Supports custom configurations for both the server and analysis tools. - Clear Feedback:
Posts actionable comments directly to GitHub PRs.
Gollora uses a modular, webhook-based architecture that enables flexible integration with GitHub.
flowchart TD
subgraph "Gollora System Architecture"
A[Webhook Receiver] --> B[Code Fetcher]
B --> C[Analysis Orchestrator]
C --> D[Analysis Modules]
D --> E[Result Aggregator]
E --> F[Response Handler]
subgraph "Analysis Modules"
D1[Go Analyzer]
D2[AI Analyzer]
D3[Other Analyzers]
end
C --> D1
C --> D2
C --> D3
D1 --> E
D2 --> E
D3 --> E
end
subgraph "External Systems"
G[GitHub] <--> A
F --> G
D2 <--> H[Gemini AI API]
end
- Go 1.22 or later
- Git
- GitHub Account (for webhook integration)
- Google Gemini API key (for AI-powered analysis)
go install github.com/EuclidStellar/gollora@latest
# Clone the repository
git clone https://github.com/EuclidStellar/gollora.git
cd gollora
# Build the application
go build -o gollora ./cmd
# Run with your configuration
./gollora -server -config ./configs/config.yaml -tools ./configs/analysis_tools.yaml
Gollora uses two main configuration files:
# Server Configuration
server:
host: "0.0.0.0" # Listen on all interfaces
port: 8080 # Port to listen on
timeout: 60 # Request timeout in seconds
log_level: "info" # Logging level (debug, info, warn, error)
# GitHub Integration
github:
webhook_secret: "" # Set via environment variable GITHUB_WEBHOOK_SECRET
api_token: "" # Set via environment variable GITHUB_API_TOKEN
# AI Configuration
ai:
enabled: true
provider: "gemini" # options: gemini, vertexai, openai
api_key: "" # Set via environment variable AI_API_KEY
model: "gemini-1.5-flash"
# Export Configuration
export:
formats: ["json", "markdown", "pdf"]
# Language-specific configuration
languages:
go:
enabled: true
tools:
- name: "golangci-lint"
command: "golangci-lint"
args: ["run", "-v"]
enabled: true
- name: "staticcheck"
command: "staticcheck"
args: ["-f", "json"]
enabled: true
- name: "gosec"
command: "gosec"
args: ["-fmt=json", "-quiet", "./..."]
enabled: true
To run Gollora as a server that listens for GitHub webhooks:
./gollora -server -config ./configs/config.yaml -tools ./configs/analysis_tools.yaml
To analyze a local repository without running as a server:
./gollora -analyze -repo-path /path/to/repo -base-commit <base-sha> -head-commit <head-sha>
# Sign up at https://ngrok.com/ to get your authtoken
# Configure Ngrok with your authtoken
ngrok config add-authtoken YOUR_NGROK_AUTHTOKEN
# Verify Ngrok is working
ngrok -v
- Navigate to your GitHub account settings
- Go to Developer Settings > GitHub Apps
- Click on New GitHub App
# Start Ngrok to expose the local server
ngrok http 8080
- Copy the Forwarding URL (e.g., http://1234.ngrok.io)
- Set the Webhook URL to the Ngrok URL (e.g., http://1234.ngrok.io/webhook/github)
- Webhook Secret: Set the same secret as in the
config.yaml
file
# Generate a secure webhook secret
openssl rand -hex 20
# Example output: 7a54adaa5b3f0ed74fd2c10a9af4e1a3446ed46d
- Set the Webhook Secret in the GitHub App settings
- Permissions: Read & Write access to Pull Requests , Read access to Repository Contents and Read access to Metadata
- Subscribe to Pull Request events ie Pull Request and Pull Request Review
- Install the GitHub App on your repository
- Go to your repository settings
- Click on GitHub Apps
- Install the Gollora GitHub App
./gollora -server -config ./configs/config.yaml -tools ./configs/analysis_tools.yaml
- Create a new pull request on your repository
- Check the Ngrok logs for incoming requests
- Gollora should analyze the pull request and post comments on GitHub
gollora/
│
├── cmd/
│ ├── main.go # Application entry point
│ ├── webhook.go # Webhook handling
│ ├── fetcher.go # Code fetching logic
│ ├── review_engine.go # Analysis orchestration
│ ├── aggregator.go # Result aggregation
│ └── response_handler.go # GitHub response handling
│
├── internal/
│ ├── analyzers/ # Code analysis modules
│ ├── models/ # Data models
│ └── utils/ # Utility functions
│
├── configs/
│ ├── config.yaml # Main configuration
│ └── analysis_tools.yaml # Tools configuration
│
├── docs/ # Documentation
└── go.mod, go.sum # Go module files