GitHub Copilot - Code Review & PRs

Radek Stolarczyk
2 days ago
7 min read

What GitHub Copilot Adds to the Review Process

Overview

Code reviews are important—but they can be:

Time-consuming
Inconsistent
Hard to follow (especially with large PRs)

GitHub Copilot helps by acting like a review assistant, not a replacement.

It:

Speeds up reviews
Improves consistency
Gives better starting points

What Copilot Actually Does in Reviews

Instead of writing everything manually, Copilot helps you:

Understand changes quickly
Spot issues (including security risks)
Write better review comments
Keep reviews consistent across teams

Key Features (Explained Simply)

1. PR Summaries

Copilot can automatically generate:

What changed
Which files were affected
Why the change was made

This saves time and removes guesswork for reviewers

2. Security Detection

Copilot can spot risky code patterns.

Example:

Instead of: “Fix security issue”

Copilot says: “Using eval() with user input can cause code injection. Consider using JSON.parse().”

It doesn’t just flag issues—it explains and suggests fixes

3. Code Explanations

If you don’t understand code:

You can highlight it and ask Copilot to explain

This is especially useful when:

Reviewing unfamiliar languages
Looking at complex logic

4. Drafting Review Comments

Copilot helps you write:

Clear
Actionable
Well-structured feedback

Instead of vague comments, you get specific guidance

5. Reviews Inside Your IDE

You don’t have to wait for GitHub PRs.

Copilot can review code before you even submit it

This helps:

Catch issues early
Reduce back-and-forth

How PRUs Fit In

PRUs (Premium Request Units) power advanced features.

What PRUs Enable

Automated PR reviews
Detailed comments
Security analysis
Context-aware suggestions

Important Idea

More advanced analysis = more PRUs used

Example (Why This Matters)

Without Copilot: “This might be unsafe”

With Copilot: “exec() introduces a code injection risk. Replace with subprocess.run(). Here's a safe alternative…”

More clarity → faster fixes → better code

5 Ways Copilot Improves Reviews

1. Suggesting Improvements

You can highlight code and ask: “Suggest a cleaner version”

Copilot gives:

Refactored code
Best practices

2. Multi-Language Support

Even if you don’t know the language:

Copilot can still:

Identify issues
Suggest improvements

3. Formatting PR Content

Copilot can fix messy content like tables.

It automatically:

Detects formatting issues
Rewrites them cleanly

4. Writing PR Summaries

Instead of writing descriptions manually:

Copilot generates a structured summary

You just refine it if needed

5. Explaining and Reviewing Code

You can:

Ask Copilot to explain changes
Let it review your PR before others

This reduces mistakes early

Important Distinction

Copilot in reviews = assistant, not author

It:

Suggests
Explains
Helps

But you still decide and approve

Best Use Case

Copilot works best when:

You want faster reviews
You need consistent feedback
You’re reviewing unfamiliar code

Common Mistake

Thinking Copilot replaces human review

It actually:

Enhances human judgment
Speeds up the process

Simple Mental Model

Copilot in reviews =“A smart reviewer that helps you review better and faster”

One-Line Summary

Copilot turns code reviews from manual and slow → guided and efficient

Exam Tips

They may ask:

What Copilot does in PR reviews
How PRUs are used
Difference between Copilot suggestions vs human review
Examples of security or formatting improvements

Using Copilot as a Reviewer in GitHub.com

Overview

GitHub Copilot can act as a review assistant directly inside pull requests (PRs).

It behaves like a teammate:

Leaves comments
Suggests improvements
Highlights issues

But importantly:

It does NOT approve or block PRs→ Humans still make the final decision

How Copilot Review Works (Simple Flow)

Step 1: Add Copilot as Reviewer

In your PR:

Go to Reviewers → Select Copilot

This is just like assigning a teammate.

Step 2: Copilot Analyzes the PR

Starts automatically
Usually finishes in ~30 seconds

No waiting, no manual triggering

Step 3: Read the Feedback

Copilot leaves comments directly on code:

Bug risks
Naming issues
Formatting suggestions
Best practices

Step 4: Apply Fixes

You can:

Accept suggestions
Edit manually
Ask Copilot for a fix

Example: “Suggest a fix for this review comment”

Copilot generates a patch → you test → commit

What Copilot Comments Look Like

They behave exactly like human comments:

You can reply
React (👍 👀 etc.)
Resolve them

This keeps the workflow natural

Customizing Copilot Reviews

You can guide Copilot using:

.github/copilot-instructions.md

Why This Matters

This file tells Copilot:

What your team cares about
Coding standards
Review priorities

Result: consistent reviews across your team

What Copilot is Good At

Copilot excels at:

Catching small issues early
Suggesting improvements
Speeding up routine reviews
Providing clear explanations

Where PRUs Come In

PRUs make Copilot smarter during reviews.

They allow it to:

Understand context better
Generate higher-quality fixes
Analyze both code + comments together

Important Limitation (Very Important)

Copilot is advisory only

It does NOT:

Approve PRs
Reject PRs
Replace human reviewers

Why This Matters

You still need humans for:

Architecture decisions
Business logic
Trade-offs
Final approval

Real Example

Copilot might say: “Variable name ‘random_greetin’ looks incorrect. Did you mean ‘random_greeting’?”

Small fix → saves review time

Best Way to Use It

Think of Copilot as:

First-pass reviewer

It:

Catches obvious issues
Improves clarity
Prepares code for human review

Common Mistake

Expecting Copilot to fully review your PR

Instead:

Use it to assist
Combine with human review

Simple Mental Model

Copilot reviewer =“A fast, helpful teammate that reviews everything—but doesn’t make decisions”

One-Line Summary

Copilot speeds up PR reviews by adding smart suggestions without replacing humans

Exam Tips

They may ask:

How to add Copilot as reviewer
What Copilot can vs cannot do
Role of PRUs in reviews
Purpose of copilot-instructions.md

Catching Issues Early and Automating Reviews with Copilot

Overview

Normally, code reviews happen after you open a pull request.

With Copilot, you can shift reviews earlier and automate them.

This means:

Fewer mistakes reach PR stage
Less back-and-forth
Faster development

The Big Idea

Move from:

Late review (PR stage)➡️ slow, reactive

To:

Early + automated review➡️ fast, proactive

1. Catch Issues Early (Local Reviews in IDE)

You can run Copilot reviews directly in:

VS Code
JetBrains IDEs

Before committing code

What This Helps With

Copilot can catch:

Style issues
Security problems
Repetitive code
Missing documentation

Real Example

You write repetitive TypeScript code.

Copilot says: “This logic is repeated. Consider extracting a helper function.”

You fix it immediately→ No need for reviewer to point it out later

2. Custom Review Instructions

You can guide Copilot using:

.github/copilot-instructions.md

What You Can Define

Security rules
Documentation requirements
Coding standards

Example:

“Avoid unsafe string interpolation”
“All functions must have docstrings”

Result

Copilot reviews your code the same way your team would

3. Path-Specific Instructions (More Advanced)

You can target rules to specific files/folders.

Example

Only apply rules to TypeScript files
Different rules for backend vs frontend

This makes reviews more precise and context-aware

4. PRUs for Deeper Analysis

When using Copilot in your IDE:

PRUs unlock more powerful analysis

What You Get

Larger diff analysis
Better context understanding
Higher-quality suggestions

Key Idea

More PRUs = deeper, smarter review

5. Automating Reviews (Scaling Across Teams)

Instead of manually adding Copilot each time:

You can automate it

What Automation Does

Every PR automatically gets:

Copilot review
Consistent checks
Faster feedback

6. Combine with Rulesets (Very Important Concept)

Automation becomes powerful when combined with:

Copilot reviews
Code scanning
Tests

Typical Pipeline

Copilot → style & readability
Code scanning → security
Tests → functionality

Together = full quality check

7. Automatic Reviews (Different Levels)

Personal Level

You can enable:

Copilot reviews all your PRs automatically

Repository Level

Admins can enforce:

Copilot reviews for specific repos/branches

Organization Level

At scale:

Apply rules across multiple repositories

Why This Matters

Automation ensures:

Every PR is reviewed
Nothing is missed
Standards stay consistent

Important Limitation

Even with automation:

Copilot does NOT replace human review

Humans still handle:

Design decisions
Complex logic
Final approval

Common Mistake

Thinking automation = “no need for reviewers”

Correct mindset:

Copilot = first filter
Humans = final judgment

Simple Mental Model

Copilot reviews =“Catch problems early + review everything automatically”

One-Line Summary

Copilot helps you fix issues before PRs and ensures every PR gets reviewed automatically

Exam Tips

They may ask:

Why early reviews are useful
Role of .github/copilot-instructions.md
What PRUs improve
How rulesets automate reviews
Difference between personal vs repo vs org automation

Measuring Impact and Optimizing PRUs (Premium Request Units)

Overview

PRUs are what power Copilot’s advanced capabilities.

Without PRUs → basic suggestions

With PRUs → deep, context-aware analysis

Think of PRUs as:

“Fuel for Copilot’s most powerful features”

What PRUs Actually Do

PRUs are used when tasks require:

Large context (many files, big diffs)
Deep reasoning
Applying custom instructions
Security + style analysis

Simple Example

Small refactor → no PRUs
Reviewing 1,500 lines across files → uses PRUs

Bigger + smarter tasks = PRUs used

Why PRUs Matter

PRUs unlock Copilot’s real value at scale.

Without them:

You get quick hints

With them:

You get full reviews
Better suggestions
Team-aligned feedback

Real Impact

Instead of spending hours reviewing:

Copilot:

Scans the entire PR
Applies your rules
Flags issues
Suggests fixes

Humans focus on important decisions

How PRUs Help Teams

PRUs make Copilot useful in real-world, large projects.

1. Deeper Analysis

Copilot can:

Detect security risks
Spot duplicated logic
Check coding standards

2. Consistency

Every PR is reviewed using:

Same rules
Same standards
Same quality level

3. Handle Busy Periods

During heavy workloads:

Copilot handles routine checks

Developers focus on complex work

Measuring Impact (Very Important)

To know if PRUs are worth it, track:

1. PR Lead Time

How fast PRs get merged

Before PRUs → slower
After PRUs → faster

2. Code Quality

Fewer issues after merge

Less rework
Fewer bugs

3. Developer Experience

Do developers feel:

Faster?
More confident?
Less overwhelmed?

Real Example

Before:

PRs take 3 days
Many fixes after merge

After PRUs:

PRs take 1 day
Fewer issues

Optimizing PRU Usage

PRUs are limited → you need to use them smartly.

1. Use PRUs Where They Matter

Best for:

Large PRs
Security-sensitive code
Complex changes

Avoid using them for:

Small edits
Minor documentation changes

2. Monitor Usage

Set alerts at:

75% usage
90% usage
100% usage

Prevents running out unexpectedly

3. Improve Prompts

Bad prompts → wasted PRUs

Good prompts:

Clear
Specific
Focused

4. Adjust Your Workflow

Example:

Instead of using PRUs for everything:

Use standard Copilot for small tasks
Use PRUs for critical reviews

Saves resources

5. Scale When Needed

If your team constantly runs out:

Upgrade your plan

Common Mistake

Using PRUs for everything

Better approach:

Use them strategically
Focus on high-value tasks

Simple Mental Model

PRUs =“Extra power for deeper, smarter Copilot analysis”

One-Line Summary

PRUs turn Copilot from basic suggestions → full intelligent code reviews

Exam Tips

They may ask:

What PRUs are
When PRUs are used
How to measure impact (lead time, quality, experience)
How to optimize PRU usage
Difference between basic vs PRU-powered features