Azure DevOps pipeline task for running OpenCode AI code reviews and automation in your CI/CD pipelines.
- Automated Code Review - Run AI code reviews automatically on every PR update via build validation
- Use any Agent - Define custom OpenCode agents for specialized reviews or tasks
- Flexible Models - Use OpenAI, Anthropic, GitHub Copilot, or any OpenCode-supported provider
- Comment-Triggered Commands - Execute AI code review or any command on-demand via PR comments
Install the OpenCode Agent Azure DevOps Extension from the marketplace, then set up a pipeline.
You can use review mode as a PR build validation policy. This automatically reviews every pull request.
Secondly, you can use command mode to trigger reviews or any custom task via PR comments. You need to create custom automation to run pipeline based on comments.
# Triggered automatically by PR build validation policy
trigger: none
pool:
vmImage: ubuntu-latest
steps:
- script: |
curl -fsSL https://bun.sh/install | bash
echo "##vso[task.prependpath]$HOME/.bun/bin"
displayName: Install Bun
- script: |
curl -fsSL https://opencode.ai/install | bash
echo "##vso[task.prependpath]$HOME/.opencode/bin"
displayName: Install OpenCode
- task: OpenCodeAgent@0
displayName: Security Review
inputs:
mode: review
agent: code-review # use any available agent
pat: $(System.AccessToken)
model: opencode/claude-opus-4-5
reviewPrompt: | # optional, if not provided, default prompt is used
Focus on security vulnerabilities:
- SQL injection and XSS attacks
- Hardcoded secrets or API keys
- Insecure authentication/authorization
- Missing input validation
- Unsafe deserialization
env:
OPENCODE_API_KEY: $(AnthropicApiKey)
OPENCODE_PERMISSION: '{"bash": "deny"}'- Go to Project Settings → Repositories → Select your repo → Policies
- Under Branch Policies for your main branch, add Build validation
- Select the pipeline you created above
- Set Trigger to "Automatic"
- Set Policy requirement to "Optional" (recommended for initial testing)
The task requires a PAT with these scopes:
| Scope | Permission | Why |
|---|---|---|
| Code | Read & Write | Read PR code; commit fixes in command mode (read-only sufficient for review mode) |
| Pull Request Threads | Read & Write | Post review comments and threads |
Recommended: Use $(System.AccessToken) and grant the build service identity the required permissions:
- Go to Project Settings → Repositories → Your Repo → Security
- Find
{Project} Build Service ({Organization}) - Grant:
- Contribute: Allow (for reading code)
- Contribute to pull requests: Allow (for posting comments)
| Input | Required | Default | Description |
|---|---|---|---|
mode |
No | Auto-detect | review = code review, command = execute user command, empty = auto-detect from comment |
pat |
Yes | - | Azure DevOps PAT or $(System.AccessToken) |
model |
Yes | - | Model to use: opencode/glm-4.7-free, anthropic/claude-opus-4-5 etc. |
agent |
No | - | OpenCode agent to use |
reviewPrompt |
No | - | Custom review instructions (review mode only) |
commentUrl |
No | - | PR comment URL (command mode only) |
organization |
No | Auto-detect | Azure DevOps organization name |
project |
No | Auto-detect | Azure DevOps project name |
skipClone |
No | false |
Skip git clone (use existing workspace) |
workspacePath |
No | Auto | Custom workspace path |
- Issues: GitHub Issues
- Documentation: OpenCode Docs
- Source: GitHub Repository
MIT