Postil

GitLab

Postil speaks GitLab through the same review engine it uses for GitHub. It posts inline discussion notes on the merge request and reports the gate verdict through its exit code, which a CI job fails on.

1. Create a project access token

In your project, create a project (or group) access token with the api scope and at least Developer role so it can read the MR diff and post discussion notes. Store it as a masked CI/CD variable named GITLAB_TOKEN. Add your inference key (for example OPENROUTER_API_KEY) the same way.

2. Add the CI job

postil:
  image: debian:bookworm-slim
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  before_script:
    - apt-get update && apt-get install -y curl ca-certificates
    - curl -fsSL https://postil.dev/install.sh | sh
    - export PATH="$HOME/.local/bin:$PATH"
  script:
    - postil review --forge gitlab
        --repo $CI_PROJECT_PATH
        --pr $CI_MERGE_REQUEST_IID
  variables:
    GITLAB_TOKEN: $GITLAB_TOKEN
    OPENROUTER_API_KEY: $OPENROUTER_API_KEY

The job runs only on merge-request pipelines. A gate-failing review exits 1 and fails the job; a clean review exits 0 and posts nothing. To make the gate binding, mark the job required to merge in the project's merge-request settings (or require a green pipeline).

3. Self-managed instances

For GitLab Self-Managed, point the CLI at your instance with the GITLAB_API_URL environment variable:

export GITLAB_TOKEN=glpat-...
export GITLAB_API_URL=https://gitlab.example.com/api/v4
postil review --forge gitlab \
  --repo $CI_PROJECT_PATH --pr $CI_MERGE_REQUEST_IID

The token, scopes, and gate semantics are identical to GitLab.com. No outbound connection is made to Postil; the review runs entirely inside your CI with your inference key.

Local review against a GitLab MR

You do not need CI to try it. With GITLAB_TOKEN set locally:

export GITLAB_TOKEN=glpat-...
postil review --forge gitlab --repo group/project --pr 88
# self-managed:
export GITLAB_API_URL=https://gitlab.example.com/api/v4
postil review --forge gitlab --repo group/project --pr 88

Parity and limits

  • Same gate thresholds, envelope schema, and exit codes as GitHub — see the CLI reference.
  • Inline notes are posted on the MR diff; the gate is enforced via the CI job result rather than a named external check-run.
  • The hosted Postil app is GitHub-only today; on GitLab you run the CLI in CI. The CLI's interactive bot does work on GitLab: postil respond replies to an @postil mention on a GitLab merge request or issue (--forge gitlab with --pr or --issue). See the CLI reference.
  • Bitbucket and Azure DevOps are supported through the same forge abstraction (--forge bitbucket, --forge azure). Both are early: shipped and covered by tests, but not yet validated against live instances.