Run AI pull request reviews on RunsOn runners with OpenCode and Bedrock

RunsOn v3 can give runner instances Bedrock permissions, which means an AI review job can run inside your own AWS account without storing a separate model API key in GitHub.

The basic setup is:

Enable Bedrock access for your RunsOn stack:
- CloudFormation: EnableBedrock
- Terraform: enable_bedrock
Make sure the Anthropic Claude model is enabled in Bedrock:
- https://runs-on.com/tips/enable-anthropic-claude-models-on-amazon-bedrock/ ↗
Add an OpenCode review workflow that runs on a RunsOn runner.

Example:

name: AI review

on:
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]

jobs:
  ai-review:
    if: github.event.pull_request.draft == false
    permissions:
      contents: read
      pull-requests: write
      issues: write
    runs-on: runs-on=${{ github.run_id }}/runner=2cpu-linux-x64
    timeout-minutes: 10

    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: 2

      - name: OpenCode review on Bedrock
        uses: anomalyco/opencode/github@77fc88c8ade8e5a620ebbe1197f3a572d29ae91a
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          AWS_PROFILE: runs-on
        with:
          model: amazon-bedrock/us.anthropic.claude-sonnet-4-6
          use_github_token: true
          share: false

There is intentionally no prompt input here. For pull_request events, OpenCode defaults to reviewing the pull request when no prompt is provided. See the official OpenCode GitHub docs:

https://opencode.ai/docs/github/ ↗

If you want repository-specific review guidance, put it in AGENTS.md instead of hardcoding a long prompt in the workflow.

That keeps the workflow small, lets the review instructions evolve with the repo, and still runs the agent on your RunsOn runner using Bedrock credentials from the runner instance profile.

Last updated: April 30, 2026

View original discussion ↗