Skip to main content
HashnodeThe LLM GapThe LLM Gap

Command Palette

Search for a command to run...

Beyond Code Review: 5 GitHub Automation Tasks You Can Hand to an LLM Today

Updated
12 min read
Beyond Code Review: 5 GitHub Automation Tasks You Can Hand to an LLM Today
D
Daan Hoekstra
Backend and AI engineer. Spent 15 years as a product designer and five of them at VALK, where I worked across fintech infrastructure serving 70+ banks. Now I build AI agents and open-source tools, mostly focused on the gap between what LLM documentation promises and what actually holds up in production. I write about backend architecture, AI engineering patterns, and what it takes to build systems that survive contact with real financial data. Most of what I publish comes from things that broke, surprised me, or took longer than they should have.

If you have already set up an AI-powered code reviewer on your pull requests, you have seen something important: the model does not just catch bugs. It reads context, infers intent, and writes prose that makes sense to a human. That is not a narrow skill. It is a general capability that applies to a dozen other things your team is doing by hand every single day.

The problem is that most teams stop at code review. They build the GitHub Action, watch it post its first comment, and move on. The pipeline stays there. The rest of the workflow does not change.

This article is about changing that. Below are five GitHub automation tasks where an LLM adds real value, with enough detail on the setup to get you moving today.

Why GitHub automation is finally worth the effort

Before getting into the list, it is worth understanding the scale of the problem these automations are solving.

An IDC report published in early 2025 found that actual application development accounted for just 16% of developers' time in 2024. The remaining 84% went to operational and supportive tasks: CI/CD processes, performance monitoring, security work, documentation, and deployment. The largest single-year shift in that survey was security, which jumped from 8% to 13% of developers' time in one year alone.

GitLab's 2026 Global DevSecOps report painted a similar picture. Productivity barriers from tool sprawl cost teams nearly a full workday per team member each week, even as 82% of organizations now deploy to production at least weekly. The bottleneck is not the code. It is everything around the code.

LLMs close a meaningful portion of that gap because they excel at exactly the tasks that fill developers' non-coding hours: reading text, summarising change sets, classifying intent, generating structured prose, and explaining decisions. None of that requires a model to reason about correctness in the way a compiler does. It requires pattern recognition over natural language, and that is what these models do best.

1. Pull request summaries

Code review tools tell you what changed. A good PR summary tells you why it changed, what the intended behaviour is, and what a reviewer should focus on. Those are different things, and most pull requests do not include a human-written version of the second kind.

The setup is almost identical to an AI code reviewer. When a PR is opened, a GitHub Action fetches the diff and posts to the Anthropic API. The difference is in the prompt. Instead of asking for a code review, you ask for a structured summary.

name: PR Summary
 
on:
  pull_request:
    types: [opened]
 
jobs:
  summarize:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18'
      - name: Install dependencies
        run: npm install @anthropic-ai/sdk
      - name: Generate Summary
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_NUMBER: ${{ github.event.pull_request.number }}
          REPO: ${{ github.repository }}
        run: node summarize.js

The script fetches the diff and sends it with a prompt like this:

content: `You are a senior engineer helping teammates understand a pull request.
Given the diff below, write a brief summary with three sections:
1. What changed (one paragraph, plain English)
2. Why this change likely exists (inferred from the code)
3. What a reviewer should pay attention to
 
Keep the total length under 200 words. Write for a developer who has not seen this code before.
 
${diff}`

The result is a comment that lives at the top of every PR before any human has looked at it. Reviewers know what they are walking into. Context is no longer something they have to reconstruct from commit messages and filenames.

For teams using the AI-powered code reviewer approach described on DevDojo, this is a natural companion. The reviewer catches problems. The summary provides orientation.

2. Release notes generation

Release notes are one of the most consistently bad pieces of developer writing. They are either missing entirely, or they are a paste of commit messages that means nothing to someone who was not in the room. The engineers who know what changed are the least motivated to explain it clearly, because they already understand it.

An LLM fixes this by sitting between the raw commit history and the published release. The workflow triggers on a new tag push, pulls the commits since the last release, and generates readable release notes split into meaningful categories.

const commits = await getCommitsSinceLastTag();
 
const message = await client.messages.create({
  model: 'claude-sonnet-4-20250514',
  max_tokens: 1024,
  messages: [
    {
      role: 'user',
      content: `You are writing release notes for a developer audience. 
Given the following commit messages, produce clean release notes with sections for:
- New Features
- Improvements
- Bug Fixes
- Breaking Changes (if any)
 
Write in plain English. One bullet per item. Do not include internal refactors or dependency bumps unless they affect users. If a commit message is unclear, infer what the change does from its wording.
 
Commits:
${commits}`
    }
  ]
});

GitHub's own auto-generated release notes handle the raw list of merged PRs and contributors. What they do not do is turn that list into something a user or an internal stakeholder can read and act on. That translation is what the model does well.

A production implementation of this pipeline from Vertesia uses what they call a Memory Pack: all relevant context from GitHub Issues, PRs, and the version control history is bundled together before the LLM generates the final notes. Their process includes a human review step before publication, which is the right call. The model produces a strong draft; a release manager reviews and adjusts before it goes out.

For large repositories with many changed files across a release window, tools like the open source LLM Release Action on the GitHub Marketplace handle token limits by chunking commits in parallel and deduplicating the results.

3. Issue triage and labelling

Every active repository has an issue backlog problem. Issues come in without labels, without priority, and without enough information to act on. Someone on the team has to read them, decide what kind of issue they are, assign a severity, and either respond or route them. For busy projects, that backlog grows faster than it can be processed.

An LLM can handle the classification step automatically. The workflow triggers when a new issue is opened and calls the API with the issue title and body.

const issue = await getIssue(issueNumber);
 
const classification = await client.messages.create({
  model: 'claude-sonnet-4-20250514',
  max_tokens: 256,
  messages: [
    {
      role: 'user',
      content: `You are triaging GitHub issues for a software project.
Given the following issue, respond ONLY with a JSON object containing:
- type: one of "bug", "feature", "question", "documentation", "performance"
- priority: one of "critical", "high", "medium", "low"
- needs_more_info: true or false
- suggested_labels: array of label strings
 
Issue title: ${issue.title}
Issue body: ${issue.body}`
    }
  ]
});
 
const labels = JSON.parse(classification.content[0].text).suggested_labels;
await addLabels(issueNumber, labels);

If needs_more_info is true, the action can post a templated comment asking for reproduction steps, environment details, or whatever is missing. The issue does not stay in limbo.

Research into LLM-based triage published on GitHub found that GPT-4 performed best for classification tasks, with Llama 3 and Mistral achieving competitively similar results. The practical takeaway: the gap between models is smaller than the gap between having automation and not having it. Start with whatever model you have API access to.

Google took this approach internally with Gemini CLI GitHub Actions, released in beta in August 2025. Their system runs asynchronously on new issues and PRs, applying labels and priorities without human intervention. The more significant insight from that release was the framing: they built it because they needed it for their own repository. It was not an external product first. It was internal infrastructure that became general enough to open-source.

4. Automated test stub generation

The research on LLM-generated tests is more nuanced than most of the coverage suggests, and it is worth being precise about what works and what does not.

A Springer study evaluating 100 GitHub issues found that LLMs can effectively generate tests for simpler code with fewer dependencies, but success rates drop as code complexity increases. A 2025 empirical study from Virginia Tech went further, finding that LLM-generated tests rely heavily on surface-level cues and struggle to maintain regression awareness as the code evolves. Models produce tests that pass today but do not necessarily catch mutations in future versions.

None of that is an argument against using LLMs for tests. It is an argument for using them correctly. The practical use case is generating test stubs on new PRs that add untested functions. The model writes the structure; a developer fills in the assertions.

const newFunctions = await extractNewFunctions(diff);
 
const stubs = await client.messages.create({
  model: 'claude-sonnet-4-20250514',
  max_tokens: 1024,
  messages: [
    {
      role: 'user',
      content: `You are a developer writing unit test stubs. 
For each of the following new functions, write a test stub using Jest.
Include:
- A describe block with the function name
- One test case for the expected happy path
- One test case for an expected edge case or error condition
- TODO comments where the developer needs to fill in assertions
 
Do not write full assertions. Write stubs with placeholder expectations.
 
Functions:
${newFunctions}`
    }
  ]
});

The comment the bot posts is not "here are your tests." It is "here are the tests you need to write, with the structure already in place." That removes the blank page problem. A developer opens the PR, sees the stubs, and fills them in rather than starting from scratch.

A separate finding from a 2025 study on prompt strategy is relevant here: chain-of-thought prompting applied to test generation achieved up to 96.3% branch coverage and a 57% average mutation score in their evaluation set. Including docstrings in the prompt notably improved adequacy. If your functions have docstrings, send them. If they do not, the test stubs are one more reason to write them.

5. Inline documentation generation

Documentation debt compounds silently. A function gets written, gets used, gets modified, and six months later nobody can remember what the edge cases are. The developer who wrote it no longer works there. The docstring was never added.

An LLM can generate draft docstrings on every PR that touches undocumented functions. The workflow is similar to test stub generation: extract the functions modified in the diff, check which ones are missing documentation, and post a comment with suggested docstrings.

const undocumentedFunctions = await findUndocumentedFunctions(diff);
 
if (undocumentedFunctions.length === 0) return;
 
const docs = await client.messages.create({
  model: 'claude-sonnet-4-20250514',
  max_tokens: 1024,
  messages: [
    {
      role: 'user',
      content: `You are a developer writing documentation for a codebase.
For each of the following functions, write a JSDoc comment (or appropriate docstring for the language) that includes:
- A one-sentence description of what the function does
- @param descriptions for each parameter
- @returns description
- @throws if any error cases are visible in the code
 
Write only the docstrings. Do not modify the function bodies.
 
Functions:
${undocumentedFunctions}`
    }
  ]
});

The output is a comment on the PR with ready-to-paste docstrings. The developer reviews them, adjusts anything that is wrong, and pastes them in. The friction is low enough that it actually happens, which is the entire point.

Amazon Q Developer shipped this capability in late 2024, with their internal framing that developers report spending an average of just one hour per day on actual coding. The rest goes to learning codebases, writing documentation, testing, and managing deployments. Automated documentation generation addresses one part of that. It does not solve the problem entirely, but it means the person merging the PR does not have to also be the person writing the docs from scratch.

Stack Overflow's coverage of this space made a point worth keeping: documentation is infrastructure. Remove it and products cease to exist in any meaningful transferable sense. The AI-generated draft is not the documentation. The reviewed, merged, maintained docstring is. The model just removes the blank page.

Putting it together

These five automations share a structure. A GitHub event triggers a workflow. The workflow fetches context from the GitHub API. That context goes to an LLM. The model responds with structured prose. The prose goes back to GitHub as a comment, label, or release body.

The implementation differences are in the prompt and in what event triggers the workflow. Once you have one working, the others are faster to build.

A few things that apply across all of them:

Gate on draft status. Do not run expensive API calls on every push to every branch. Add a condition that checks whether the PR is marked ready for review before triggering. Most teams already use draft PRs to signal work in progress.

Watch token costs on large diffs. A pull request that touches 40 files will generate a lot of tokens. Set a file cap in your diff-fetching script and either truncate to the most significant changes or run the analysis per file with a reduced context window.

Human review stays in the loop. The research on LLM-generated tests is a useful reminder of a general principle: the model produces drafts, not decisions. The code reviewer suggests; a developer approves. The release notes draft; a release manager publishes. The test stubs scaffold; a developer completes. Every automation in this list has a human at the end of it.

The GitHub Action you built to review code is not a code review tool. It is an LLM with access to your repository events. That is a more general thing, and it is worth using it that way.

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

T

The LLM Gap

3 posts

A developer-focused blog on practical LLM applications: GitHub automation, code review, prompt engineering, and the workflows where AI actually earns its place. Updated regularly with research-backed guides.