Automating Code Reviews with Amazon Q and GitHub Actions
Using The Amazon Q Developer CLI in your CI/CD pipeline to automate your Code Reviews
This setup has only been used in a Proof of Concept environment, If you are wanting to use this in a production setting, please ensure you have approval and from your DevOps & Security team and have the appropriate guardrails in place before attempting the below.

Turns out, by default. Not well... as we haven't authenticated the CI/CD context with Amazon Q developer.
q login
command. This opens an interactive terminal session below, which isn't the most ideal from a CI/CD perspective, as we have to provide manual actions in the terminal to authenticate.
Follow the prompts on your interactive terminal to authenticate with Q.
q chat "Hello Amazon Q!"
You should see something similar to the below.
~/.local/share/amazon-q/
I have used S3 for this example as that was the quickest. But this does contain sensitive data, so I would consider implementing additional security measures through S3 VPC endpoints (if hosting your own runners), or by using something like secrets manager or SSM parameter store.
aws s3 sync ~/.local/share/amazon-q/ s3://<amazon-q-bucket>/authentication
q chat -- "--command /<command> <prompt>"
q chat -- "--command /review Do a code review for any Critical, or High security issues in my workspace"
q chat --accept-all -- "--command /review Do a code review for any Critical, or High security issues in my workspace"


It looks like its picked all very valid issues that shouldn't be exposed to a production environment. Usually it would take weeks of product reviews and meetings to review and identify all these. And Amazon Q Developer has done this in about 3 minutes!