关于 GitHub Copilot 代码评审

Introduction

Copilot code review reviews code written in any language, and provides feedback. It reviews your code from multiple angles to identify issues and suggest fixes. You can apply suggested changes with a couple of clicks.

This article provides an overview of Copilot code review. To learn how to request a code review from Copilot, see Using GitHub Copilot code review.

Availability

Copilot code review is supported in:

• GitHub.com
• GitHub Mobile
• VS Code
• Visual Studio
• Xcode
• JetBrains IDEs

Copilot code review is a premium feature available with these plans:

• Copilot Pro
• Copilot Pro+
• Copilot Business
• Copilot Enterprise

See Copilot plans.

If you receive Copilot from an organization, your organization must enable the Copilot code review option in the Copilot policy settings. This applies to reviews on GitHub.com or in GitHub Mobile. See Managing policies and features for GitHub Copilot in your organization.

Copilot code review without a Copilot license

Organization members without a Copilot license can use Copilot code review on GitHub.com. An enterprise administrator or organization owner must enable it. This capability is available to organizations on Copilot Business and Copilot Enterprise plans.

Enabling code review for users without a license

To allow organization members without a Copilot license to use Copilot code review, you must enable two policies:

1. Premium request paid usage. Enable this policy first. It allows the enterprise or organization to incur charges for Copilot code review premium request usage.
2. Allow members without a Copilot license to use Copilot code review in GitHub.com. This sub-policy enables Copilot code review for users without a license.

The second policy has these characteristics:

• It is disabled by default.
• Once this policy is set it at the enterprise level, it becomes visible, but not editable at the organization level.
• The policy is most restrictive. Copilot code review is only available in repositories where you explicitly enable the policy.

How it works for users without a license

When both policies are enabled, users without a Copilot license can request a review from Copilot code review on their pull requests in the organization's repositories.

In repositories where automatic code review is enabled, Copilot automatically reviews all pull requests. This happens regardless of whether the author has a Copilot license.

Copilot code review for users without a license is not available in IDEs.

Excluded files

Some file types are excluded from Copilot code review:

• Dependency management files, such as package.json and Gemfile.lock
• Log files
• SVG files

If you include these file types in a pull request, Copilot code review will not review the file.

For more information, see Files excluded from GitHub Copilot code review.

New tools (public preview) in GitHub Copilot code review

If you get a Copilot subscription from an organization, you can only participate in the public preview on the GitHub website if an owner of your organization or enterprise has enabled using preview features. See Managing policies and features for GitHub Copilot in your organization and Managing policies and features for GitHub Copilot in your enterprise.

These new tools are enabled automatically for Copilot Pro or Copilot Pro+ plans.

• Full project context gathering. This provides more specific, accurate, and contextually aware code reviews.
• Support for static analysis tools like CodeQL, ESLint, and PMD. This delivers more high-signal, consistent findings for security and quality.
• The ability to pass suggestions to Copilot coding agent. This automates creation of a new pull request against your branch with the suggested fixes applied.

You do not need to have code scanning and GitHub Actions enabled in your organization or enterprise to use the new tools in Copilot code review.

If GitHub Actions is unavailable or if Actions workflows used by Copilot code review fail, reviews will still be generated. However, they will not include the additional features provided by the new tools in Copilot code review.

Code review monthly quota

Each time Copilot reviews a pull request or reviews code in your IDE, your monthly quota of Copilot premium requests is reduced by one.

If a repository is configured to automatically request a code review from Copilot for all new pull requests, the premium request usage is applied to the pull request author's quota.

If a pull request is created by GitHub Actions or by a bot, the usage will apply to:

• The user who triggered the workflow, if that user can be identified.
• A designated billing owner.

What happens when you reach your quota

When you reach your monthly quota, you will not be able to get a code review from Copilot until your quota resets. To continue to use code reviews before your quota resets, you will need to upgrade your Copilot plan or enable additional premium requests.

Quota for users without a Copilot license

Users without a Copilot license do not have a monthly premium request quota. When Copilot code review is enabled for these users, any premium requests they generate are billed directly to the organization or enterprise as paid overage usage. This applies to both manually requested reviews and automatic code reviews.

Premium requests generated by users without a license are not attributed to any Copilot plan quota. They appear as overage usage in billing reports and premium request analytics. Users with a Copilot license continue to consume premium requests from their assigned plan quota.

Model usage

Copilot code review is a purpose-built product that uses a carefully tuned mix of models, prompts, and system behaviors to deliver consistent, high-quality feedback across a wide range of codebases. Model switching is not supported, as changing the model is likely to compromise reliability, user experience, and the quality of review comments.

Validating Copilot code reviews

Copilot is not guaranteed to spot all problems or issues in a pull request. Sometimes it will make mistakes. Always validate Copilot's feedback carefully. Supplement Copilot's feedback with a human review.

For more information, see Responsible use of GitHub Copilot code review.

Enhancing Copilot's knowledge of a repository

The more Copilot knows about the code in your repository, the tools you use, and your coding standards and practices, the more accurate and useful its reviews will become. You can enhance Copilot's knowledge of your repositories in two ways.

Custom instructions

These are short, natural-language statements that you write and store as one or more files in a repository. If you are the owner of an organization on GitHub, you can also define custom instructions in the settings for your organization. For more information, see About customizing GitHub Copilot responses.

Copilot Memory (public preview)

If you have a Copilot Pro or Copilot Pro+ plan, you can enable Copilot Memory. This allows Copilot to store useful details it has learned about a repository. Copilot can then use this information when it reviews pull requests in that repository. For more information, see About agentic memory for GitHub Copilot.

About automatic pull request reviews

By default, Copilot only reviews a pull request if you assign it to the pull request. However, you can configure automatic reviews.

• Individual users on the Copilot Pro or Copilot Pro+ plan can configure Copilot to automatically review all pull requests they create.
• Repository owners can configure Copilot to automatically review all pull requests in the repository that are created by people with access to Copilot.
• Organization owners can configure Copilot to automatically review all pull requests in some or all of the repositories in the organization where the pull request is created by a Copilot user.

Triggering an automatic pull request review

The triggers for automatic code review depend on the configuration settings.

• Basic setting:
  • When you create a pull request as an "Open" pull request.
  • The first time you switch a "Draft" pull request to "Open".
• Review new pushes:
  • Every time you push a new commit to the pull request.
• Review draft pull requests:
  • Pull requests are automatically reviewed while they are still drafts, before you switch them to "Open".

For full instructions, see Configuring automatic code review by GitHub Copilot.

About static analysis tools

Enable static analysis tools in Copilot code review to enhance its ability to identify and fix issues. Available tools include:

• CodeQL: A code analysis engine that identifies security vulnerabilities. For more information, see About CodeQL.
• ESLint: A linter designed specifically for JavaScript. See Core Concepts in the the ESLint documentation.
• PMD: A static code analyzer that focuses on Java and Apex. It also supports many other languages. See the PMD documentation.

If you have access to new tools in Copilot code review, CodeQL is enabled by default. ESLint and PMD are disabled. If you have access to rulesets, you can change your selected tools. See Managing static analysis tools in Copilot code review.

Getting detailed code quality feedback for your whole repository

GitHub Copilot code review reviews your code in pull requests and provides feedback. If you want actionable feedback on the reliability and maintainability of your whole repository, enable GitHub Code Quality. See About GitHub Code Quality.

Further reading

• Using GitHub Copilot code review