diff --git a/.github/workflows/gemini-dispatch.yml b/.github/workflows/gemini-dispatch.yml index d965d455..160eee5d 100644 --- a/.github/workflows/gemini-dispatch.yml +++ b/.github/workflows/gemini-dispatch.yml @@ -99,6 +99,8 @@ jobs: core.setOutput('additional_context', additionalContext); } else if (request.startsWith("@gemini-cli /triage")) { core.setOutput('command', 'triage'); + } else if (request.startsWith("@gemini-cli /fix")) { + core.setOutput('command', 'fix'); } else if (request.startsWith("@gemini-cli")) { core.setOutput('command', 'invoke'); const additionalContext = request.replace(/^@gemini-cli/, '').trim(); @@ -151,6 +153,18 @@ jobs: additional_context: '${{ needs.dispatch.outputs.additional_context }}' secrets: 'inherit' + fix: + needs: 'dispatch' + if: |- + ${{ needs.dispatch.outputs.command == 'fix' }} + uses: './.github/workflows/gemini-issue-fixer.yml' + permissions: + contents: 'write' + id-token: 'write' + issues: 'write' + pull-requests: 'write' + secrets: 'inherit' + invoke: needs: 'dispatch' if: |- diff --git a/.github/workflows/gemini-invoke.yml b/.github/workflows/gemini-invoke.yml index 6de9b1ae..4cef7bab 100644 --- a/.github/workflows/gemini-invoke.yml +++ b/.github/workflows/gemini-invoke.yml @@ -50,19 +50,22 @@ jobs: REPOSITORY: '${{ github.repository }}' ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}' with: - gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' - gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' - gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}' + gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' - use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' - google_api_key: '${{ secrets.GOOGLE_API_KEY }}' - use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' + gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' + gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' + gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' gemini_model: '${{ vars.GEMINI_MODEL }}' + google_api_key: '${{ secrets.GOOGLE_API_KEY }}' + use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' + use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' settings: |- { - "maxSessionTurns": 25, + "model": { + "maxSessionTurns": 25 + }, "telemetry": { "enabled": ${{ vars.GOOGLE_CLOUD_PROJECT != '' }}, "target": "gcp" @@ -106,13 +109,15 @@ jobs: } } }, - "coreTools": [ - "run_shell_command(cat)", - "run_shell_command(echo)", - "run_shell_command(grep)", - "run_shell_command(head)", - "run_shell_command(tail)" - ] + "tools": { + "core": [ + "run_shell_command(cat)", + "run_shell_command(echo)", + "run_shell_command(grep)", + "run_shell_command(head)", + "run_shell_command(tail)" + ] + } } prompt: |- ## Persona and Guiding Principles @@ -148,13 +153,22 @@ jobs: 6. **Resource Consciousness**: Be mindful of the number of operations you perform. Your plans should be efficient. Avoid proposing actions that would result in an excessive number of tool calls (e.g., > 50). + 7. **Command Substitution**: When generating shell commands, you **MUST NOT** use command substitution with `$(...)`, `<(...)`, or `>(...)`. This is a security measure to prevent unintended command execution. + ----- ## Step 1: Context Gathering & Initial Analysis Begin every task by building a complete picture of the situation. - 1. **Load Initial Variables**: Load `${TITLE}`, `${DESCRIPTION}`, `${EVENT_NAME}`, etc. + 1. **Initial Context**: + - **Title**: ${{ env.TITLE }} + - **Description**: ${{ env.DESCRIPTION }} + - **Event Name**: ${{ env.EVENT_NAME }} + - **Is Pull Request**: ${{ env.IS_PULL_REQUEST }} + - **Issue/PR Number**: ${{ env.ISSUE_NUMBER }} + - **Repository**: ${{ env.REPOSITORY }} + - **Additional Context/Request**: ${{ env.ADDITIONAL_CONTEXT }} 2. **Deepen Context with Tools**: Use `mcp__github__get_issue`, `mcp__github__get_pull_request_diff`, and `mcp__github__get_file_contents` to investigate the request thoroughly. diff --git a/.github/workflows/gemini-issue-fixer.yml b/.github/workflows/gemini-issue-fixer.yml new file mode 100644 index 00000000..c256fac3 --- /dev/null +++ b/.github/workflows/gemini-issue-fixer.yml @@ -0,0 +1,201 @@ +name: '🧙 Gemini Issue Fixer' + +on: + workflow_call: + +concurrency: + group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}-${{ github.event.issue.number }}' + cancel-in-progress: true + +defaults: + run: + shell: 'bash' + +jobs: + create-pr: + timeout-minutes: 30 + runs-on: 'ubuntu-latest' + permissions: + contents: 'write' # Enable reading and modifying code + id-token: 'write' # Enable minting an identity token + issues: 'write' # Enable updating issues, such as posting a comment + pull-requests: 'write' # Enable creating pull requests + + steps: + # Mint a token so that the comments show up as gemini-cli instead of github-actions. + - name: 'Mint identity token' + id: 'mint_identity_token' + if: |- + ${{ vars.APP_ID }} + uses: 'actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b' # ratchet:actions/create-github-app-token@v2 + with: + app-id: '${{ vars.APP_ID }}' + private-key: '${{ secrets.APP_PRIVATE_KEY }}' + permission-contents: 'write' + permission-issues: 'write' + permission-pull-requests: 'write' + + - name: 'Checkout repository' + uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # ratchet:actions/checkout@v5 + + - name: 'Run Gemini PR Create' + uses: 'google-github-actions/run-gemini-cli@main' # ratchet:exclude + id: 'gemini_pr_create' + env: + GITHUB_TOKEN: '${{ steps.mint_identity_token.outputs.token || secrets.GITHUB_TOKEN }}' + REPOSITORY: '${{ github.repository }}' + ISSUE_NUMBER: '${{ github.event.issue.number }}' + ISSUE_TITLE: '${{ github.event.issue.title }}' + ISSUE_BODY: '${{ github.event.issue.body }}' + BRANCH_NAME: 'gemini-fix-${{ github.event.issue.number }}' + with: + gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}' + gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' + gcp_service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' + gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' + gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' + gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' + gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' + gemini_model: '${{ vars.GEMINI_MODEL }}' + google_api_key: '${{ secrets.GOOGLE_API_KEY }}' + use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' + use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' + settings: |- + { + "debug": ${{ fromJSON(env.DEBUG || env.ACTIONS_STEP_DEBUG || false) }}, + "model": { + "maxSessionTurns": 200 + }, + "mcpServers": { + "github": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "GITHUB_PERSONAL_ACCESS_TOKEN", + "ghcr.io/github/github-mcp-server" + ], + "env": { + "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_TOKEN}" + } + } + }, + "telemetry": { + "enabled": ${{ vars.GOOGLE_CLOUD_PROJECT != '' }}, + "target": "gcp" + } + } + prompt: |- + + + You are an expert software engineer. Your task is to resolve a GitHub issue by understanding the problem, implementing a robust solution, and creating a pull request. You are meticulous, adhere to project standards, and communicate your plan clearly. + + + + This information is from the GitHub event that triggered your execution. Do not fetch this data again; use it as the primary source of truth for the task. + + + ${{ github.event_name }} + ${{ github.triggering_actor }} + + ${{ env.REPOSITORY }} + ${{ env.ISSUE_NUMBER }} + Codestin Search App + ${{ env.ISSUE_BODY }} + + + + + Follow these steps sequentially to resolve the issue. + + + The initial context provided to you includes a file tree. If you see a `GEMINI.md` or `CONTRIBUTING.md` file, use the GitHub MCP `get_file_contents` tool to read it first. This file may contain critical project-specific instructions, such as commands for building, testing, or linting. + + + 1. Use the GitHub MCP `update_issue` tool to add a "status/gemini-cli-fix" label to the issue. + 2. Use the `gh issue comment` CLI tool command to post an initial comment. In this comment, you must: + - State the problem in your own words. + - Briefly describe the current state of the relevant code. + - Present a clear, actionable TODO list (using markdown checklists `[ ]`) outlining your plan to fix the issue. + + + Use the `git` CLI tool to checkout a new branch for your work. Name it `${{ env.BRANCH_NAME }}`. The command should be: `git checkout -b ${{ env.BRANCH_NAME }}`. + + + Use the GitHub MCP `create_branch` tool to create a new branch for your work. Name it `${{ env.BRANCH_NAME }}`. + + + Use tools, like the GitHub MCP `search_code` and GitHub MCP `get_file_contents` tools, to explore the codebase and implement the necessary code changes. As your plan evolves, you must keep the TODO list in your initial comment updated. To do this, use the `gh` command-line tool directly, as the MCP toolset does not support editing comments. Use the following command: `gh issue comment --edit-last --body "..."` + + + Follow the project-specific instructions from `GEMINI.md` or `CONTRIBUTING.md` to run builds, linters, and tests. Ensure your changes have not introduced any regressions. + + + Commit the changes to the branch `${{ env.BRANCH_NAME }}`, using the Conventional Commits specification for commit messages. Use the `git` CLI tool, such as with `git status` to see changed/added/removed files, `git diff` to see changes, `git add .` to stage all changes files, and `git commit -m ''`. + + + Once the solution is fully implemented and verified, use the GitHub MCP `create_pull_request` tool to open a PR. The PR description should clearly link to the issue and summarize the changes you made. + + + Once you have created a pull request, use the GitHub MCP `list_pull_requests` tool to get the pull request number. + + + Use the `gh issue comment --edit-last` CLI tool command to edit your initial comment. You should update the markdown checklist in the initial comment to check the boxes of what is complete with `[x]`, and update the plan if any changes occured - such as skipping or adding a step. Also, suffix a link to your pull request, but just mentioning `#`, and GitHub will automatically link it. + + + + + Be Respectful: Your communication should always be constructive and professional. + Be Actionable: Your feedback and code should be specific and clear. + Follow Conventions: Adhere strictly to the existing coding style and patterns in the repository. + Use Tools: Rely on the provided tools for all interactions with the repository. Do not guess file contents or state. + Handle Shell Variables Safely: When defining or using variables in shell commands, ensure they are properly quoted to prevent errors. + If something prevents you from fixing the issue, such as a permissions issue, inform the user in your comment on the issue why you cannot complete the task. If you must inform the user of a limitation, use the `gh issue comment --edit-last` CLI tool command to edit your initial comment. Only create a pull request if it will fix the issue. + Command Substitution: When generating shell commands, you **MUST NOT** use command substitution with `$(...)`, `<(...)`, or `>(...)`. This is a security measure to prevent unintended command execution. + + + + This is an example of the desired thought process and the initial comment you should post to the GitHub issue. + + + Create Mortgage Paydown Calculator Page + + We need a new page for a mortgage paydown calculator. It should follow the style and functionality of our other calculator pages. + + + + + 1. **Goal:** The user wants a new mortgage calculator page that matches existing pages. + 2. **Action: Add Label:** First, I must label the issue as in-progress. `update_issue(add_label: "status/gemini-cli-fix")`. + 3. **Initial Context:** The file tree shows `CreditPaydown.tsx` and `StudentLoan.tsx`. This suggests a component-based frontend structure, likely React. There is also a `GEMINI.md`. + 4. **Action: Read `GEMINI.md`:** `get_file_contents('GEMINI.md')`. The file says to use `npm install`, `npm run test`, and `npm run build`. + 5. **Action: Investigate existing code:** `get_file_contents('CreditPaydown.tsx')`. I see it uses React, TypeScript, and Tailwind CSS. The logic is self-contained. + 6. **Plan Formation:** I will create a new file, `MortgageCalculator.tsx`, based on the structure of the existing calculator components. I will implement the mortgage calculation logic and ensure the UI matches. Then I will add a unit test and verify the project builds. + 7. **Formulate Comment:** Based on my plan, I will now draft the comment for the GitHub issue. + + + Hello! I'm here to help with the new Mortgage Paydown Calculator page. + + **Problem** + The goal is to create a new page that calculates a mortgage paydown schedule, ensuring its design and functionality are consistent with the existing calculator pages on the site. + + **Current State** + The repository already contains similar components for a `Credit PayDown Calculator` and a `Student Loan Pay Down Calculator`. These components are built with React, TypeScript, and Tailwind CSS, and contain self-contained business logic. + + **My Plan** + - [ ] Create a new file `src/pages/MortgageCalculator.tsx` modeled after the existing calculator components. + - [ ] Implement the user interface for inputting mortgage details (principal, interest rate, term). + - [ ] Implement the backend logic for the paydown calculation. + - [ ] Add a new unit test file to validate the calculation logic. + - [ ] Ensure the entire project builds successfully with `npm run build`. + - [ ] Ensure all tests pass with `npm run test`. + - [ ] Commit the changes to my feature branch. + - [ ] Create the final pull request for review. + + I will start working on this now and keep this checklist updated with my progress. + + + + diff --git a/.github/workflows/gemini-review.yml b/.github/workflows/gemini-review.yml index f3cc8b8b..5c99f0c8 100644 --- a/.github/workflows/gemini-review.yml +++ b/.github/workflows/gemini-review.yml @@ -52,19 +52,22 @@ jobs: REPOSITORY: '${{ github.repository }}' ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}' with: - gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' - gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' - gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}' + gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' + gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' - use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' + gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' + gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' + gemini_model: '${{ vars.GEMINI_MODEL }}' google_api_key: '${{ secrets.GOOGLE_API_KEY }}' use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' - gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' + use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' settings: |- { - "maxSessionTurns": 25, + "model": { + "maxSessionTurns": 25 + }, "telemetry": { "enabled": ${{ vars.GOOGLE_CLOUD_PROJECT != '' }}, "target": "gcp" @@ -93,13 +96,15 @@ jobs: } } }, - "coreTools": [ - "run_shell_command(cat)", - "run_shell_command(echo)", - "run_shell_command(grep)", - "run_shell_command(head)", - "run_shell_command(tail)" - ] + "tools": { + "core": [ + "run_shell_command(cat)", + "run_shell_command(echo)", + "run_shell_command(grep)", + "run_shell_command(head)", + "run_shell_command(tail)" + ] + } } prompt: |- ## Role @@ -128,12 +133,14 @@ jobs: 6. **Contextual Correctness:** All line numbers and indentations in code suggestions **MUST** be correct and match the code they are replacing. Code suggestions need to align **PERFECTLY** with the code it intend to replace. Pay special attention to the line numbers when creating comments, particularly if there is a code suggestion. + 7. **Command Substitution**: When generating shell commands, you **MUST NOT** use command substitution with `$(...)`, `<(...)`, or `>(...)`. This is a security measure to prevent unintended command execution. + ## Input Data - - Retrieve the GitHub repository name from the environment variable "${REPOSITORY}". - - Retrieve the GitHub pull request number from the environment variable "${PULL_REQUEST_NUMBER}". - - Retrieve the additional user instructions and context from the environment variable "${ADDITIONAL_CONTEXT}". + - **GitHub Repository**: ${{ env.REPOSITORY }} + - **Pull Request Number**: ${{ env.PULL_REQUEST_NUMBER }} + - **Additional User Instructions**: ${{ env.ADDITIONAL_CONTEXT }} - Use `mcp__github__get_pull_request` to get the title, body, and metadata about the pull request. - Use `mcp__github__get_pull_request_files` to get the list of files that were added, removed, and changed in the pull request. - Use `mcp__github__get_pull_request_diff` to get the diff from the pull request. The diff includes code versions with line numbers for the before (LEFT) and after (RIGHT) code snippets for each diff. @@ -251,7 +258,7 @@ jobs: {{SEVERITY}} {{COMMENT_TEXT}} - 3. **Submit Final Review:** Call `mcp__github__submit_pending_pull_request_review` with a summary comment. **DO NOT** approve the pull request. **DO NOT** request changes. The summary comment **MUST** use this exact markdown format: + 3. **Submit Final Review:** Call `mcp__github__submit_pending_pull_request_review` with a summary comment and event type "COMMENT". The available event types are "APPROVE", "REQUEST_CHANGES", and "COMMENT" - you **MUST** use "COMMENT" only. **DO NOT** use "APPROVE" or "REQUEST_CHANGES" event types. The summary comment **MUST** use this exact markdown format: ## 📋 Review Summary diff --git a/.github/workflows/gemini-scheduled-triage.yml b/.github/workflows/gemini-scheduled-triage.yml index cc13c18a..4623dcfd 100644 --- a/.github/workflows/gemini-scheduled-triage.yml +++ b/.github/workflows/gemini-scheduled-triage.yml @@ -92,29 +92,33 @@ jobs: REPOSITORY: '${{ github.repository }}' AVAILABLE_LABELS: '${{ steps.get_labels.outputs.available_labels }}' with: - gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' - gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' - gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}' + gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' + gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' - use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' - google_api_key: '${{ secrets.GOOGLE_API_KEY }}' - use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' + gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' gemini_model: '${{ vars.GEMINI_MODEL }}' + google_api_key: '${{ secrets.GOOGLE_API_KEY }}' + use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' + use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' settings: |- { - "maxSessionTurns": 25, + "model": { + "maxSessionTurns": 25 + }, "telemetry": { "enabled": ${{ vars.GOOGLE_CLOUD_PROJECT != '' }}, "target": "gcp" }, - "coreTools": [ - "run_shell_command(echo)", - "run_shell_command(jq)", - "run_shell_command(printenv)" - ] + "tools": { + "core": [ + "run_shell_command(echo)", + "run_shell_command(jq)", + "run_shell_command(printenv)" + ] + } } prompt: |- ## Role @@ -137,33 +141,39 @@ jobs: 4. **Variable Handling:** Reference all shell variables as `"${VAR}"` (with quotes and braces) to prevent word splitting and globbing issues. - ## Input Data Description - - You will work with the following environment variables: + 5. **Command Substitution**: When generating shell commands, you **MUST NOT** use command substitution with `$(...)`, `<(...)`, or `>(...)`. This is a security measure to prevent unintended command execution. - - **`AVAILABLE_LABELS`**: Contains a single, comma-separated string of all available label names (e.g., `"kind/bug,priority/p1,docs"`). + ## Input Data - - **`ISSUES_TO_TRIAGE`**: Contains a string of a JSON array, where each object has `"number"`, `"title"`, and `"body"` keys. + The following data is provided for your analysis: - - **`GITHUB_ENV`**: Contains the file path where your final JSON output must be written. - - ## Execution Workflow + **Available Labels** (single, comma-separated string of all available label names): + ``` + ${{ env.AVAILABLE_LABELS }} + ``` - Follow this five-step process sequentially. + **Issues to Triage** (JSON array where each object has `"number"`, `"title"`, and `"body"` keys): + ``` + ${{ env.ISSUES_TO_TRIAGE }} + ``` - ## Step 1: Retrieve Input Data + **Output File Path** where your final JSON output must be written: + ``` + ${{ env.GITHUB_ENV }} + ``` - First, retrieve all necessary information from the environment by executing the following shell commands. You will use the resulting shell variables in the subsequent steps. + ## Execution Workflow - 1. `Run: LABELS_DATA=$(echo "${AVAILABLE_LABELS}")` - 2. `Run: ISSUES_DATA=$(echo "${ISSUES_TO_TRIAGE}")` - 3. `Run: OUTPUT_PATH=$(echo "${GITHUB_ENV}")` + Follow this four-step process sequentially: - ## Step 2: Parse Inputs + ## Step 1: Parse Input Data - Parse the content of the `LABELS_DATA` shell variable into a list of strings. Parse the content of the `ISSUES_DATA` shell variable into a JSON array of issue objects. + Parse the provided data above: + - Split the available labels by comma to get the list of valid labels + - Parse the JSON array of issues to analyze + - Note the output file path where you will write your results - ## Step 3: Analyze Label Semantics + ## Step 2: Analyze Label Semantics Before reviewing the issues, create an internal map of the semantic purpose of each available label based on its name. For example: @@ -177,7 +187,7 @@ jobs: This semantic map will serve as your classification criteria. - ## Step 4: Triage Issues + ## Step 3: Triage Issues Iterate through each issue object you parsed in Step 2. For each issue: @@ -189,11 +199,11 @@ jobs: 4. If no available labels are a clear and confident match for an issue, exclude that issue from the final output. - ## Step 5: Construct and Write Output + ## Step 4: Construct and Write Output Assemble the results into a single JSON array, formatted as a string, according to the **Output Specification** below. Finally, execute the command to write this string to the output file, ensuring the JSON is enclosed in single quotes to prevent shell interpretation. - - `Run: echo 'TRIAGED_ISSUES=...' > "${OUTPUT_PATH}"`. (Replace `...` with the final, minified JSON array string). + - Use the shell command to write: `echo 'TRIAGED_ISSUES=...' > "$GITHUB_ENV"` (Replace `...` with the final, minified JSON array string). ## Output Specification diff --git a/.github/workflows/gemini-triage.yml b/.github/workflows/gemini-triage.yml index ddb328d0..a6d49642 100644 --- a/.github/workflows/gemini-triage.yml +++ b/.github/workflows/gemini-triage.yml @@ -62,26 +62,31 @@ jobs: ISSUE_BODY: '${{ github.event.issue.body }}' AVAILABLE_LABELS: '${{ steps.get_labels.outputs.available_labels }}' with: - gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' - gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' - gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}' + gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' + gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' - use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' + gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' + gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' + gemini_model: '${{ vars.GEMINI_MODEL }}' google_api_key: '${{ secrets.GOOGLE_API_KEY }}' use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' - gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' + use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' settings: |- { - "maxSessionTurns": 25, + "model": { + "maxSessionTurns": 25 + }, "telemetry": { "enabled": ${{ vars.GOOGLE_CLOUD_PROJECT != '' }}, "target": "gcp" }, - "coreTools": [ - "run_shell_command(echo)" - ] + "tools": { + "core": [ + "run_shell_command(echo)" + ] + } } # For reasons beyond my understanding, Gemini CLI cannot set the # GitHub Outputs, but it CAN set the GitHub Env. @@ -92,28 +97,41 @@ jobs: ## Guidelines - - Retrieve the value for environment variables using the "echo" shell command. - - Environment variables are specified in the format "${VARIABLE}" (with quotes and braces). - Only use labels that are from the list of available labels. - You can choose multiple labels to apply. + - When generating shell commands, you **MUST NOT** use command substitution with `$(...)`, `<(...)`, or `>(...)`. This is a security measure to prevent unintended command execution. - ## Steps + ## Input Data + + **Available Labels** (comma-separated): + ``` + ${{ env.AVAILABLE_LABELS }} + ``` - 1. Retrieve the available labels from the environment variable: "${AVAILABLE_LABELS}". + **Issue Title**: + ``` + ${{ env.ISSUE_TITLE }} + ``` - 2. Retrieve the issue title from the environment variable: "${ISSUE_TITLE}". + **Issue Body**: + ``` + ${{ env.ISSUE_BODY }} + ``` - 3. Retrieve the issue body from the environment variable: "${ISSUE_BODY}". + **Output File Path**: + ``` + ${{ env.GITHUB_ENV }} + ``` - 4. Review the issue title, issue body, and available labels. + ## Steps - 5. Based on the issue title and issue body, classify the issue and choose all appropriate labels from the list of available labels. + 1. Review the issue title, issue body, and available labels provided above. - 5. Classify the issue by identifying the appropriate labels from the list of available labels. + 2. Based on the issue title and issue body, classify the issue and choose all appropriate labels from the list of available labels. - 6. Convert the list of appropriate labels into a comma-separated list (CSV). If there are no appropriate labels, use the empty string. + 3. Convert the list of appropriate labels into a comma-separated list (CSV). If there are no appropriate labels, use the empty string. - 7. Use the "echo" shell command to append the CSV labels into the filepath referenced by the environment variable "${GITHUB_ENV}": + 4. Use the "echo" shell command to append the CSV labels to the output file path provided above: ``` echo "SELECTED_LABELS=[APPROPRIATE_LABELS_AS_CSV]" >> "[filepath_for_env]" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bea71623..529a0308 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -65,6 +65,7 @@ Before contributing, ensure you have: ```sh npm run docs ``` + - If you update workflow files in `/.gemini/workflows/`, run `./scripts/generate-examples.sh` to auto-generate the examples. 3. **Commit Your Changes** - Commit with a descriptive message following [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) diff --git a/README.md b/README.md index 0c55b3ca..47663cdd 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Use it to perform GitHub pull request reviews, triage issues, perform code analy - [Issue Triage](#issue-triage) - [Pull Request Review](#pull-request-review) - [Gemini CLI Assistant](#gemini-cli-assistant) + - [Configuration](#configuration) - [Inputs](#inputs) - [Outputs](#outputs) - [Repository Variables](#repository-variables) @@ -28,6 +29,8 @@ Use it to perform GitHub pull request reviews, triage issues, perform code analy - [Google Authentication](#google-authentication) - [GitHub Authentication](#github-authentication) - [Observability](#observability) + - [Extensions](#extensions) + - [Best Practices](#best-practices) - [Customization](#customization) - [Contributing](#contributing) @@ -89,7 +92,7 @@ You have two options to set up a workflow: **Option B: Manually copy workflows** -1. Copy the pre-built workflows from the [`examples/workflows`](./examples/workflows) directory to your repository's `.github/workflows` directory. +1. Copy the pre-built workflows from the [`examples/workflows`](./examples/workflows) directory to your repository's `.github/workflows` directory. Note: the `gemini-dispatch.yml` workflow must also be copied, which triggers the workflows to run. ### 5. Try it out! @@ -136,8 +139,6 @@ This action can be used to automatically review pull requests when they are opened. For a detailed guide on how to set up the pull request review system, go to the [GitHub PR Review workflow documentation](./examples/workflows/pr-review). - - ### Gemini CLI Assistant This type of action can be used to invoke a general-purpose, conversational Gemini @@ -145,36 +146,42 @@ AI assistant within the pull requests and issues to perform a wide range of tasks. For a detailed guide on how to set up the general-purpose Gemini CLI workflow, go to the [Gemini Assistant workflow documentation](./examples/workflows/gemini-assistant). +## Configuration + ### Inputs -- prompt: _(Optional, default: `You are a helpful assistant.`)_ A string passed to the Gemini CLI's [`--prompt` argument](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/configuration.md#command-line-arguments). +- gcp_location: _(Optional)_ The Google Cloud location. -- settings: _(Optional)_ A JSON string written to `.gemini/settings.json` to configure the CLI's _project_ settings. - For more details, see the documentation on [settings files](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/configuration.md#settings-files). +- gcp_project_id: _(Optional)_ The Google Cloud project ID. -- gemini_api_key: _(Optional)_ The API key for the Gemini API. +- gcp_service_account: _(Optional)_ The Google Cloud service account email. -- gcp_project_id: _(Optional)_ The Google Cloud project ID. +- gcp_workload_identity_provider: _(Optional)_ The Google Cloud Workload Identity Provider. -- gcp_location: _(Optional)_ The Google Cloud location. +- gemini_api_key: _(Optional)_ The API key for the Gemini API. -- gcp_workload_identity_provider: _(Optional)_ The Google Cloud Workload Identity Provider. +- gemini_cli_version: _(Optional, default: `latest`)_ The version of the Gemini CLI to install. Can be "latest", "preview", "nightly", a specific version number, or a git branch, tag, or commit. For more information, see [Gemini CLI releases](https://github.com/google-gemini/gemini-cli/blob/main/docs/releases.md). -- gcp_service_account: _(Optional)_ The Google Cloud service account email. +- gemini_debug: _(Optional)_ Enable debug logging and output streaming. -- use_vertex_ai: _(Optional, default: `false`)_ A flag to indicate if Vertex AI should be used. +- gemini_model: _(Optional)_ The model to use with Gemini. -- use_gemini_code_assist: _(Optional, default: `false`)_ A flag to indicate if Gemini Code Assist should be used. +- google_api_key: _(Optional)_ The Vertex AI API key to use with Gemini. -- gemini_cli_version: _(Optional, default: `latest`)_ The version of the Gemini CLI to install. +- prompt: _(Optional, default: `You are a helpful assistant.`)_ A string passed to the Gemini CLI's [`--prompt` argument](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/configuration.md#command-line-arguments). -- google_api_key: _(Optional)_ The Vertex AI API key to use with Gemini. +- settings: _(Optional)_ A JSON string written to `.gemini/settings.json` to configure the CLI's _project_ settings. + For more details, see the documentation on [settings files](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/configuration.md#settings-files). -- gemini_debug: _(Optional)_ Enable debug logging and output streaming. +- use_gemini_code_assist: _(Optional, default: `false`)_ Whether to use Code Assist for Gemini model access instead of the default Gemini API key. + For more information, see the [Gemini CLI documentation](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/authentication.md). -- gemini_model: _(Optional)_ The model to use with Gemini. +- use_vertex_ai: _(Optional, default: `false`)_ Whether to use Vertex AI for Gemini model access instead of the default Gemini API key. + For more information, see the [Gemini CLI documentation](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/authentication.md). + +- extensions: _(Optional)_ A list of Gemini CLI extensions to install. @@ -183,9 +190,9 @@ go to the [Gemini Assistant workflow documentation](./examples/workflows/gemini- -- `summary`: The summarized output from the Gemini CLI execution. +- summary: The summarized output from the Gemini CLI execution. -- `error`: The error output from the Gemini CLI execution, if any. +- error: The error output from the Gemini CLI execution, if any. @@ -266,6 +273,14 @@ for debugging and optimization. For detailed instructions on how to set up and configure observability, go to the [Observability documentation](./docs/observability.md). +## Extensions + +The Gemini CLI can be extended with additional functionality through extensions. +These extensions are installed from source from their GitHub repositories. + +For detailed instructions on how to set up and configure extensions, go to the +[Extensions documentation](./docs/extensions.md). + ## Best Practices To ensure the security, reliability, and efficiency of your automated workflows, we strongly recommend following our best practices. These guidelines cover key areas such as repository security, workflow configuration, and monitoring. diff --git a/action.yml b/action.yml index e02a3be2..a45930e9 100644 --- a/action.yml +++ b/action.yml @@ -18,52 +18,59 @@ description: |- Invoke the Gemini CLI from a GitHub Action. inputs: - prompt: - description: |- - A string passed to the Gemini CLI's [`--prompt` argument](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/configuration.md#command-line-arguments). - required: false - default: 'You are a helpful assistant.' - settings: - description: |- - A JSON string written to `.gemini/settings.json` to configure the CLI's _project_ settings. - For more details, see the documentation on [settings files](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/configuration.md#settings-files). - required: false - gemini_api_key: - description: 'The API key for the Gemini API.' - required: false - gcp_project_id: - description: 'The Google Cloud project ID.' - required: false gcp_location: description: 'The Google Cloud location.' required: false - gcp_workload_identity_provider: - description: 'The Google Cloud Workload Identity Provider.' + gcp_project_id: + description: 'The Google Cloud project ID.' required: false gcp_service_account: description: 'The Google Cloud service account email.' required: false - use_vertex_ai: - description: 'A flag to indicate if Vertex AI should be used.' + gcp_workload_identity_provider: + description: 'The Google Cloud Workload Identity Provider.' required: false - default: 'false' - use_gemini_code_assist: - description: 'A flag to indicate if Gemini Code Assist should be used.' + gemini_api_key: + description: 'The API key for the Gemini API.' required: false - default: 'false' gemini_cli_version: - description: 'The version of the Gemini CLI to install.' + description: 'The version of the Gemini CLI to install. Can be "latest", "preview", "nightly", a specific version number, or a git branch, tag, or commit. For more information, see [Gemini CLI releases](https://github.com/google-gemini/gemini-cli/blob/main/docs/releases.md).' required: false default: 'latest' - google_api_key: - description: 'The Vertex AI API key to use with Gemini.' - required: false gemini_debug: description: 'Enable debug logging and output streaming.' required: false gemini_model: description: 'The model to use with Gemini.' required: false + google_api_key: + description: 'The Vertex AI API key to use with Gemini.' + required: false + prompt: + description: |- + A string passed to the Gemini CLI's [`--prompt` argument](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/configuration.md#command-line-arguments). + required: false + default: 'You are a helpful assistant.' + settings: + description: |- + A JSON string written to `.gemini/settings.json` to configure the CLI's _project_ settings. + For more details, see the documentation on [settings files](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/configuration.md#settings-files). + required: false + use_gemini_code_assist: + description: |- + Whether to use Code Assist for Gemini model access instead of the default Gemini API key. + For more information, see the [Gemini CLI documentation](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/authentication.md). + required: false + default: 'false' + use_vertex_ai: + description: |- + Whether to use Vertex AI for Gemini model access instead of the default Gemini API key. + For more information, see the [Gemini CLI documentation](https://github.com/google-gemini/gemini-cli/blob/main/docs/cli/authentication.md). + required: false + default: 'false' + extensions: + description: 'A list of Gemini CLI extensions to install.' + required: false outputs: summary: @@ -76,6 +83,75 @@ outputs: runs: using: 'composite' steps: + - name: 'Validate Inputs' + id: 'validate_inputs' + shell: 'bash' + run: |- + set -exuo pipefail + + # Emit a clear warning in three places without failing the step + warn() { + local msg="$1" + echo "WARNING: ${msg}" >&2 + echo "::warning title=Input validation::${msg}" + if [[ -n "${GITHUB_STEP_SUMMARY:-}" ]]; then + { + echo "### Input validation warnings" + echo + echo "- ${msg}" + } >> "${GITHUB_STEP_SUMMARY}" + fi + } + + # Validate the count of authentication methods + auth_methods=0 + if [[ "${INPUT_GEMINI_API_KEY_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi + if [[ "${INPUT_GOOGLE_API_KEY_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi + if [[ "${INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi + + if [[ ${auth_methods} -eq 0 ]]; then + warn "No authentication method provided. Please provide one of 'gemini_api_key', 'google_api_key', or 'gcp_workload_identity_provider'." + fi + + if [[ ${auth_methods} -gt 1 ]]; then + warn "Multiple authentication methods provided. Please use only one of 'gemini_api_key', 'google_api_key', or 'gcp_workload_identity_provider'." + fi + + # Validate Workload Identity Federation inputs + if [[ "${INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT:-false}" == "true" ]]; then + if [[ "${INPUT_GCP_PROJECT_ID_PRESENT:-false}" != "true" || "${INPUT_GCP_SERVICE_ACCOUNT_PRESENT:-false}" != "true" ]]; then + warn "When using Workload Identity Federation ('gcp_workload_identity_provider'), you must also provide 'gcp_project_id' and 'gcp_service_account'." + fi + if [[ "${INPUT_USE_VERTEX_AI:-false}" == "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" ]]; then + warn "When using Workload Identity Federation, you must set exactly one of 'use_vertex_ai' or 'use_gemini_code_assist' to 'true'." + fi + fi + + # Validate Vertex AI API Key + if [[ "${INPUT_GOOGLE_API_KEY_PRESENT:-false}" == "true" ]]; then + if [[ "${INPUT_USE_VERTEX_AI:-false}" != "true" ]]; then + warn "When using 'google_api_key', you must set 'use_vertex_ai' to 'true'." + fi + if [[ "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" == "true" ]]; then + warn "When using 'google_api_key', 'use_gemini_code_assist' cannot be 'true'." + fi + fi + + # Validate Gemini API Key + if [[ "${INPUT_GEMINI_API_KEY_PRESENT:-false}" == "true" ]]; then + if [[ "${INPUT_USE_VERTEX_AI:-false}" == "true" || "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" == "true" ]]; then + warn "When using 'gemini_api_key', both 'use_vertex_ai' and 'use_gemini_code_assist' must be 'false'." + fi + fi + env: + INPUT_GEMINI_API_KEY_PRESENT: "${{ inputs.gemini_api_key != '' }}" + INPUT_GOOGLE_API_KEY_PRESENT: "${{ inputs.google_api_key != '' }}" + INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT: "${{ inputs.gcp_workload_identity_provider != '' }}" + INPUT_GCP_PROJECT_ID_PRESENT: "${{ inputs.gcp_project_id != '' }}" + INPUT_GCP_SERVICE_ACCOUNT_PRESENT: "${{ inputs.gcp_service_account != '' }}" + INPUT_USE_VERTEX_AI: '${{ inputs.use_vertex_ai }}' + INPUT_USE_GEMINI_CODE_ASSIST: '${{ inputs.use_gemini_code_assist }}' + - name: 'Configure Gemini CLI' if: |- ${{ inputs.settings != '' }} @@ -122,13 +198,14 @@ runs: id: 'install' env: GEMINI_CLI_VERSION: '${{ inputs.gemini_cli_version }}' + EXTENSIONS: '${{ inputs.extensions }}' shell: 'bash' run: |- set -euo pipefail VERSION_INPUT="${GEMINI_CLI_VERSION:-latest}" - if [[ "${VERSION_INPUT}" == "latest" || "${VERSION_INPUT}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9\.-]+)?(\+[a-zA-Z0-9\.-]+)?$ ]]; then + if [[ "${VERSION_INPUT}" == "latest" || "${VERSION_INPUT}" == "preview" || "${VERSION_INPUT}" == "nightly" || "${VERSION_INPUT}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9\.-]+)?(\+[a-zA-Z0-9\.-]+)?$ ]]; then echo "Installing Gemini CLI from npm: @google/gemini-cli@${VERSION_INPUT}" npm install --silent --no-audit --prefer-offline --global @google/gemini-cli@"${VERSION_INPUT}" else @@ -147,6 +224,16 @@ runs: echo "Error: Gemini CLI not found in PATH" exit 1 fi + if [[ -n "${EXTENSIONS}" ]]; then + echo "Installing Gemini CLI extensions:" + echo "${EXTENSIONS}" | jq -r '.[]' | while IFS= read -r extension; do + extension=$(echo "${extension}" | xargs) + if [[ -n "${extension}" ]]; then + echo "Installing ${extension}..." + echo "Y" | gemini extensions install "${extension}" + fi + done + fi - name: 'Run Gemini CLI' id: 'gemini_run' @@ -154,11 +241,6 @@ runs: run: |- set -euo pipefail - # Unset GEMINI_API_KEY if empty - if [ -z "${GEMINI_API_KEY}" ]; then - unset GEMINI_API_KEY - fi - # Create a temporary directory for storing the output, and ensure it's # cleaned up later TEMP_STDOUT="$(mktemp -p "${RUNNER_TEMP}" gemini-out.XXXXXXXXXX)" diff --git a/docs/extensions.md b/docs/extensions.md new file mode 100644 index 00000000..3992c9ab --- /dev/null +++ b/docs/extensions.md @@ -0,0 +1,34 @@ +# Extensions + +Gemini CLI can be extended with additional functionality through extensions. +These extensions are installed from source from their GitHub repositories. + +For more information on creating and using extensions, see [documentation]. + +[documentation]: https://github.com/google-gemini/gemini-cli/blob/main/docs/extensions/index.md + +## Configuration + +To use extensions in your GitHub workflow, provide a JSON array of GitHub +repositories to the `extensions` input of the `run-gemini-cli` action. + +### Example + +Here is an example of how to configure a workflow to install and use extensions: + +```yaml +jobs: + main: + runs-on: ubuntu-latest + steps: + - id: gemini + uses: google-github-actions/run-gemini-cli@v0 + with: + gemini_api_key: ${{ secrets.GEMINI_API_KEY }} + prompt: "/security:analyze" + extensions: | + [ + "https://github.com/gemini-cli-extensions/security", + "https://github.com/gemini-cli-extensions/code-review" + ] +``` diff --git a/examples/workflows/CONFIGURATION.md b/examples/workflows/CONFIGURATION.md index 55108ffd..2b22a3db 100644 --- a/examples/workflows/CONFIGURATION.md +++ b/examples/workflows/CONFIGURATION.md @@ -5,8 +5,8 @@ This guide covers how to customize and configure Gemini CLI workflows to meet yo - [Configuring Gemini CLI Workflows](#configuring-gemini-cli-workflows) - [How to Configure Gemini CLI](#how-to-configure-gemini-cli) - [Key Settings](#key-settings) - - [Conversation Length (`maxSessionTurns`)](#conversation-length-maxsessionturns) - - [Allowlist Tools (`coreTools`)](#allowlist-tools-coretools) + - [Conversation Length (`model.maxSessionTurns`)](#conversation-length-modelmaxsessionturns) + - [Allowlist Tools (`tools.core`)](#allowlist-tools-toolscore) - [MCP Servers (`mcpServers`)](#mcp-servers-mcpservers) - [Custom Context and Guidance (`GEMINI.md`)](#custom-context-and-guidance-geminimd) - [GitHub Actions Workflow Settings](#github-actions-workflow-settings) @@ -21,17 +21,17 @@ Gemini CLI supports many settings that control how it operates. For a complete l ### Key Settings -#### Conversation Length (`maxSessionTurns`) +#### Conversation Length (`model.maxSessionTurns`) This setting controls the maximum number of conversational turns (messages exchanged) allowed during a workflow run. **Default values by workflow:** -| Workflow | Default `maxSessionTurns` | -| ------------------------------------ | ------------------------- | -| [Issue Triage](./issue-triage) | 25 | -| [Pull Request Review](./pr-review) | 20 | -| [Gemini CLI Assistant](./gemini-cli) | 50 | +| Workflow | Default `model.maxSessionTurns` | +| ------------------------------------ | ------------------------------- | +| [Issue Triage](./issue-triage) | 25 | +| [Pull Request Review](./pr-review) | 20 | +| [Gemini CLI Assistant](./gemini-cli) | 50 | **How to override:** @@ -41,11 +41,13 @@ Add the following to your workflow YAML file to set a custom value: with: settings: |- { - "maxSessionTurns": 10 + "model": { + "maxSessionTurns": 10 + } } ``` -#### Allowlist Tools (`coreTools`) +#### Allowlist Tools (`tools.core`) Allows you to specify a list of [built-in tools] that should be made available to the model. You can also use this to allowlist commands for shell tool. @@ -59,11 +61,13 @@ Add the following to your workflow YAML file to specify core tools: with: settings: |- { - "coreTools": [ - "read_file" - "run_shell_command(echo)", - "run_shell_command(gh label list)" - ] + "tools": { + "core": [ + "read_file", + "run_shell_command(echo)", + "run_shell_command(gh label list)" + ] + } } ``` diff --git a/examples/workflows/gemini-assistant/README.md b/examples/workflows/gemini-assistant/README.md index a9420eba..62413669 100644 --- a/examples/workflows/gemini-assistant/README.md +++ b/examples/workflows/gemini-assistant/README.md @@ -8,6 +8,7 @@ In this guide you will learn how to use the Gemini CLI Assistant via GitHub Acti - [Setup](#setup) - [Prerequisites](#prerequisites) - [Setup Methods](#setup-methods) + - [Dependencies](#dependencies) - [Usage](#usage) - [Supported Triggers](#supported-triggers) - [How to Invoke the Gemini CLI Workflow](#how-to-invoke-the-gemini-cli-workflow) @@ -58,6 +59,10 @@ curl -o .github/workflows/gemini-dispatch.yml https://raw.githubusercontent.com/ curl -o .github/workflows/gemini-invoke.yml https://raw.githubusercontent.com/google-github-actions/run-gemini-cli/main/examples/workflows/gemini-assistant/gemini-invoke.yml ``` +> **Note:** The `gemini-dispatch.yml` workflow is designed to call multiple +> workflows. If you are only setting up `gemini-invoke.yml`, you should comment out or +> remove the other jobs in your copy of `gemini-dispatch.yml`. + ## Dependencies This workflow relies on the [gemini-dispatch.yml](../gemini-dispatch/gemini-dispatch.yml) workflow to route requests to the appropriate workflow. diff --git a/examples/workflows/gemini-assistant/gemini-invoke.yml b/examples/workflows/gemini-assistant/gemini-invoke.yml index c752a952..302616ca 100644 --- a/examples/workflows/gemini-assistant/gemini-invoke.yml +++ b/examples/workflows/gemini-assistant/gemini-invoke.yml @@ -50,19 +50,22 @@ jobs: REPOSITORY: '${{ github.repository }}' ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}' with: - gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' - gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' - gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}' + gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' - use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' - google_api_key: '${{ secrets.GOOGLE_API_KEY }}' - use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' + gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' + gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' + gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' gemini_model: '${{ vars.GEMINI_MODEL }}' + google_api_key: '${{ secrets.GOOGLE_API_KEY }}' + use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' + use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' settings: |- { - "maxSessionTurns": 25, + "model": { + "maxSessionTurns": 25 + }, "telemetry": { "enabled": ${{ vars.GOOGLE_CLOUD_PROJECT != '' }}, "target": "gcp" @@ -106,13 +109,15 @@ jobs: } } }, - "coreTools": [ - "run_shell_command(cat)", - "run_shell_command(echo)", - "run_shell_command(grep)", - "run_shell_command(head)", - "run_shell_command(tail)" - ] + "tools": { + "core": [ + "run_shell_command(cat)", + "run_shell_command(echo)", + "run_shell_command(grep)", + "run_shell_command(head)", + "run_shell_command(tail)" + ] + } } prompt: |- ## Persona and Guiding Principles @@ -148,13 +153,22 @@ jobs: 6. **Resource Consciousness**: Be mindful of the number of operations you perform. Your plans should be efficient. Avoid proposing actions that would result in an excessive number of tool calls (e.g., > 50). + 7. **Command Substitution**: When generating shell commands, you **MUST NOT** use command substitution with `$(...)`, `<(...)`, or `>(...)`. This is a security measure to prevent unintended command execution. + ----- ## Step 1: Context Gathering & Initial Analysis Begin every task by building a complete picture of the situation. - 1. **Load Initial Variables**: Load `${TITLE}`, `${DESCRIPTION}`, `${EVENT_NAME}`, etc. + 1. **Initial Context**: + - **Title**: ${{ env.TITLE }} + - **Description**: ${{ env.DESCRIPTION }} + - **Event Name**: ${{ env.EVENT_NAME }} + - **Is Pull Request**: ${{ env.IS_PULL_REQUEST }} + - **Issue/PR Number**: ${{ env.ISSUE_NUMBER }} + - **Repository**: ${{ env.REPOSITORY }} + - **Additional Context/Request**: ${{ env.ADDITIONAL_CONTEXT }} 2. **Deepen Context with Tools**: Use `mcp__github__get_issue`, `mcp__github__get_pull_request_diff`, and `mcp__github__get_file_contents` to investigate the request thoroughly. diff --git a/examples/workflows/issue-triage/README.md b/examples/workflows/issue-triage/README.md index 5f75c90a..98dccc69 100644 --- a/examples/workflows/issue-triage/README.md +++ b/examples/workflows/issue-triage/README.md @@ -8,6 +8,7 @@ This document describes a comprehensive system for triaging GitHub issues using - [Setup](#setup) - [Prerequisites](#prerequisites) - [Setup Methods](#setup-methods) + - [Dependencies](#dependencies) - [Usage](#usage) - [Supported Triggers](#supported-triggers) - [Real-Time Issue Triage](#real-time-issue-triage) @@ -62,6 +63,10 @@ curl -o .github/workflows/gemini-triage.yml https://raw.githubusercontent.com/go curl -o .github/workflows/gemini-scheduled-triage.yml https://raw.githubusercontent.com/google-github-actions/run-gemini-cli/main/examples/workflows/issue-triage/gemini-scheduled-triage.yml ``` +> **Note:** The `gemini-dispatch.yml` workflow is designed to call multiple +> workflows. If you are only setting up `gemini-triage.yml`, you should comment out or +> remove the other jobs in your copy of `gemini-dispatch.yml`. + You can customize the prompts and settings in the workflow files to suit your specific needs. For example, you can change the triage logic, the labels that are applied, or the schedule of the scheduled triage. ## Dependencies diff --git a/examples/workflows/issue-triage/gemini-scheduled-triage.yml b/examples/workflows/issue-triage/gemini-scheduled-triage.yml index 7d8e3b1f..847cfb2a 100644 --- a/examples/workflows/issue-triage/gemini-scheduled-triage.yml +++ b/examples/workflows/issue-triage/gemini-scheduled-triage.yml @@ -92,29 +92,33 @@ jobs: REPOSITORY: '${{ github.repository }}' AVAILABLE_LABELS: '${{ steps.get_labels.outputs.available_labels }}' with: - gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' - gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' - gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}' + gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' + gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' - use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' - google_api_key: '${{ secrets.GOOGLE_API_KEY }}' - use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' + gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' gemini_model: '${{ vars.GEMINI_MODEL }}' + google_api_key: '${{ secrets.GOOGLE_API_KEY }}' + use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' + use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' settings: |- { - "maxSessionTurns": 25, + "model": { + "maxSessionTurns": 25 + }, "telemetry": { "enabled": ${{ vars.GOOGLE_CLOUD_PROJECT != '' }}, "target": "gcp" }, - "coreTools": [ - "run_shell_command(echo)", - "run_shell_command(jq)", - "run_shell_command(printenv)" - ] + "tools": { + "core": [ + "run_shell_command(echo)", + "run_shell_command(jq)", + "run_shell_command(printenv)" + ] + } } prompt: |- ## Role @@ -137,33 +141,39 @@ jobs: 4. **Variable Handling:** Reference all shell variables as `"${VAR}"` (with quotes and braces) to prevent word splitting and globbing issues. - ## Input Data Description - - You will work with the following environment variables: + 5. **Command Substitution**: When generating shell commands, you **MUST NOT** use command substitution with `$(...)`, `<(...)`, or `>(...)`. This is a security measure to prevent unintended command execution. - - **`AVAILABLE_LABELS`**: Contains a single, comma-separated string of all available label names (e.g., `"kind/bug,priority/p1,docs"`). + ## Input Data - - **`ISSUES_TO_TRIAGE`**: Contains a string of a JSON array, where each object has `"number"`, `"title"`, and `"body"` keys. + The following data is provided for your analysis: - - **`GITHUB_ENV`**: Contains the file path where your final JSON output must be written. - - ## Execution Workflow + **Available Labels** (single, comma-separated string of all available label names): + ``` + ${{ env.AVAILABLE_LABELS }} + ``` - Follow this five-step process sequentially. + **Issues to Triage** (JSON array where each object has `"number"`, `"title"`, and `"body"` keys): + ``` + ${{ env.ISSUES_TO_TRIAGE }} + ``` - ## Step 1: Retrieve Input Data + **Output File Path** where your final JSON output must be written: + ``` + ${{ env.GITHUB_ENV }} + ``` - First, retrieve all necessary information from the environment by executing the following shell commands. You will use the resulting shell variables in the subsequent steps. + ## Execution Workflow - 1. `Run: LABELS_DATA=$(echo "${AVAILABLE_LABELS}")` - 2. `Run: ISSUES_DATA=$(echo "${ISSUES_TO_TRIAGE}")` - 3. `Run: OUTPUT_PATH=$(echo "${GITHUB_ENV}")` + Follow this four-step process sequentially: - ## Step 2: Parse Inputs + ## Step 1: Parse Input Data - Parse the content of the `LABELS_DATA` shell variable into a list of strings. Parse the content of the `ISSUES_DATA` shell variable into a JSON array of issue objects. + Parse the provided data above: + - Split the available labels by comma to get the list of valid labels + - Parse the JSON array of issues to analyze + - Note the output file path where you will write your results - ## Step 3: Analyze Label Semantics + ## Step 2: Analyze Label Semantics Before reviewing the issues, create an internal map of the semantic purpose of each available label based on its name. For example: @@ -177,7 +187,7 @@ jobs: This semantic map will serve as your classification criteria. - ## Step 4: Triage Issues + ## Step 3: Triage Issues Iterate through each issue object you parsed in Step 2. For each issue: @@ -189,11 +199,11 @@ jobs: 4. If no available labels are a clear and confident match for an issue, exclude that issue from the final output. - ## Step 5: Construct and Write Output + ## Step 4: Construct and Write Output Assemble the results into a single JSON array, formatted as a string, according to the **Output Specification** below. Finally, execute the command to write this string to the output file, ensuring the JSON is enclosed in single quotes to prevent shell interpretation. - - `Run: echo 'TRIAGED_ISSUES=...' > "${OUTPUT_PATH}"`. (Replace `...` with the final, minified JSON array string). + - Use the shell command to write: `echo 'TRIAGED_ISSUES=...' > "$GITHUB_ENV"` (Replace `...` with the final, minified JSON array string). ## Output Specification diff --git a/examples/workflows/issue-triage/gemini-triage.yml b/examples/workflows/issue-triage/gemini-triage.yml index 525f2a3b..151bfdde 100644 --- a/examples/workflows/issue-triage/gemini-triage.yml +++ b/examples/workflows/issue-triage/gemini-triage.yml @@ -62,26 +62,31 @@ jobs: ISSUE_BODY: '${{ github.event.issue.body }}' AVAILABLE_LABELS: '${{ steps.get_labels.outputs.available_labels }}' with: - gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' - gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' - gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}' + gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' + gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' - use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' + gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' + gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' + gemini_model: '${{ vars.GEMINI_MODEL }}' google_api_key: '${{ secrets.GOOGLE_API_KEY }}' use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' - gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' + use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' settings: |- { - "maxSessionTurns": 25, + "model": { + "maxSessionTurns": 25 + }, "telemetry": { "enabled": ${{ vars.GOOGLE_CLOUD_PROJECT != '' }}, "target": "gcp" }, - "coreTools": [ - "run_shell_command(echo)" - ] + "tools": { + "core": [ + "run_shell_command(echo)" + ] + } } # For reasons beyond my understanding, Gemini CLI cannot set the # GitHub Outputs, but it CAN set the GitHub Env. @@ -92,28 +97,41 @@ jobs: ## Guidelines - - Retrieve the value for environment variables using the "echo" shell command. - - Environment variables are specified in the format "${VARIABLE}" (with quotes and braces). - Only use labels that are from the list of available labels. - You can choose multiple labels to apply. + - When generating shell commands, you **MUST NOT** use command substitution with `$(...)`, `<(...)`, or `>(...)`. This is a security measure to prevent unintended command execution. - ## Steps + ## Input Data + + **Available Labels** (comma-separated): + ``` + ${{ env.AVAILABLE_LABELS }} + ``` - 1. Retrieve the available labels from the environment variable: "${AVAILABLE_LABELS}". + **Issue Title**: + ``` + ${{ env.ISSUE_TITLE }} + ``` - 2. Retrieve the issue title from the environment variable: "${ISSUE_TITLE}". + **Issue Body**: + ``` + ${{ env.ISSUE_BODY }} + ``` - 3. Retrieve the issue body from the environment variable: "${ISSUE_BODY}". + **Output File Path**: + ``` + ${{ env.GITHUB_ENV }} + ``` - 4. Review the issue title, issue body, and available labels. + ## Steps - 5. Based on the issue title and issue body, classify the issue and choose all appropriate labels from the list of available labels. + 1. Review the issue title, issue body, and available labels provided above. - 5. Classify the issue by identifying the appropriate labels from the list of available labels. + 2. Based on the issue title and issue body, classify the issue and choose all appropriate labels from the list of available labels. - 6. Convert the list of appropriate labels into a comma-separated list (CSV). If there are no appropriate labels, use the empty string. + 3. Convert the list of appropriate labels into a comma-separated list (CSV). If there are no appropriate labels, use the empty string. - 7. Use the "echo" shell command to append the CSV labels into the filepath referenced by the environment variable "${GITHUB_ENV}": + 4. Use the "echo" shell command to append the CSV labels to the output file path provided above: ``` echo "SELECTED_LABELS=[APPROPRIATE_LABELS_AS_CSV]" >> "[filepath_for_env]" diff --git a/examples/workflows/pr-review/README.md b/examples/workflows/pr-review/README.md index 9f1c6551..4f3f22cb 100644 --- a/examples/workflows/pr-review/README.md +++ b/examples/workflows/pr-review/README.md @@ -8,6 +8,7 @@ This document explains how to use the Gemini CLI on GitHub to automatically revi - [Setup](#setup) - [Prerequisites](#prerequisites) - [Setup Methods](#setup-methods) + - [Dependencies](#dependencies) - [Usage](#usage) - [Supported Triggers](#supported-triggers) - [Interaction Flow](#interaction-flow) @@ -27,6 +28,9 @@ This document explains how to use the Gemini CLI on GitHub to automatically revi - [Security-Focused Review](#security-focused-review) - [Performance Review](#performance-review) - [Breaking Changes Check](#breaking-changes-check) + - [Extending to Support Forks](#extending-to-support-forks) + - [1. Simple Fork Support](#1-simple-fork-support) + - [2. Using `pull_request_target` Event](#2-using-pull_request_target-event) ## Overview @@ -70,6 +74,10 @@ curl -o .github/workflows/gemini-dispatch.yml https://raw.githubusercontent.com/ curl -o .github/workflows/gemini-review.yml https://raw.githubusercontent.com/google-github-actions/run-gemini-cli/main/examples/workflows/pr-review/gemini-review.yml ``` +> **Note:** The `gemini-dispatch.yml` workflow is designed to call multiple +> workflows. If you are only setting up `gemini-review.yml`, you should comment out or +> remove the other jobs in your copy of `gemini-dispatch.yml`. + ## Dependencies This workflow relies on the [gemini-dispatch.yml](../gemini-dispatch/gemini-dispatch.yml) workflow to route requests to the appropriate workflow. @@ -232,3 +240,63 @@ The AI prompt can be customized to: ``` @gemini-cli /review look for potential breaking changes and API compatibility ``` + +## Extending to Support Forks + +By default, this workflow is configured to work with pull requests from branches +within the same repository, and does not allow the `pr-review` workflow to be +triggered for pull requests from branches from forks. This is done because forks +can be created from bad actors, and enabling this workflow to run on branches +from forks could enable bad actors to access secrets. + +This behavior may not be ideal for all use cases - such as private repositories. +To enable the `pr-review` workflow to run on branches in forks, there are several +approaches depending on your authentication setup and security requirements. +Please refer to the GitHub documentation links provided below for +the security and access considerations of doing so. + +Depending on your security requirements and use case, you can choose from these +approaches: + +#### 1. Simple Fork Support + +This could work for repositories where contributors can provide their own Google +authentication in their forks. + +**How it works**: If forks have their own Google authentication configured, you +can enable fork support by simply removing the fork restriction condition in the +dispatch workflow. + +**Implementation**: +1. Remove the fork restriction in `gemini-dispatch.yml`: + ```yaml + # Change this condition to remove the fork check + if: |- + ( + github.event_name == 'pull_request' + # Remove this line: && github.event.pull_request.head.repo.fork == false + ) || ( + # ... rest of conditions + ) + ``` + +2. Document for contributors that they need to configure Google authentication + in their fork as described in the + [Authentication documentation](../../../docs/authentication.md). + + +#### 2. Using `pull_request_target` Event + +This could work for private repositories where you want to provide API access +centrally. + +**Important Security Note**: Using `pull_request_target` can introduce security +vulnerabilities if not handled with extreme care. Because it runs in the context +of the base repository, it has access to secrets and other sensitive data. +Always ensure you are following security best practices, such as those outlined +in the linked resources, to prevent unauthorized access or code execution. + +- **Resources**: + - [GitHub Docs: Using pull_request_target](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target). + - [Security Best Practices for pull_request_target](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). + - [Safe Workflows for Forked Repositories](https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/). diff --git a/examples/workflows/pr-review/gemini-review.yml b/examples/workflows/pr-review/gemini-review.yml index 9d1b992c..faf18c59 100644 --- a/examples/workflows/pr-review/gemini-review.yml +++ b/examples/workflows/pr-review/gemini-review.yml @@ -52,19 +52,22 @@ jobs: REPOSITORY: '${{ github.repository }}' ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}' with: - gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' - gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' - gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}' + gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}' gcp_service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' + gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}' gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' - use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' + gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}' + gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' + gemini_model: '${{ vars.GEMINI_MODEL }}' google_api_key: '${{ secrets.GOOGLE_API_KEY }}' use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}' - gemini_debug: '${{ fromJSON(vars.DEBUG || vars.ACTIONS_STEP_DEBUG || false) }}' + use_vertex_ai: '${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}' settings: |- { - "maxSessionTurns": 25, + "model": { + "maxSessionTurns": 25 + }, "telemetry": { "enabled": ${{ vars.GOOGLE_CLOUD_PROJECT != '' }}, "target": "gcp" @@ -93,13 +96,15 @@ jobs: } } }, - "coreTools": [ - "run_shell_command(cat)", - "run_shell_command(echo)", - "run_shell_command(grep)", - "run_shell_command(head)", - "run_shell_command(tail)" - ] + "tools": { + "core": [ + "run_shell_command(cat)", + "run_shell_command(echo)", + "run_shell_command(grep)", + "run_shell_command(head)", + "run_shell_command(tail)" + ] + } } prompt: |- ## Role @@ -128,12 +133,14 @@ jobs: 6. **Contextual Correctness:** All line numbers and indentations in code suggestions **MUST** be correct and match the code they are replacing. Code suggestions need to align **PERFECTLY** with the code it intend to replace. Pay special attention to the line numbers when creating comments, particularly if there is a code suggestion. + 7. **Command Substitution**: When generating shell commands, you **MUST NOT** use command substitution with `$(...)`, `<(...)`, or `>(...)`. This is a security measure to prevent unintended command execution. + ## Input Data - - Retrieve the GitHub repository name from the environment variable "${REPOSITORY}". - - Retrieve the GitHub pull request number from the environment variable "${PULL_REQUEST_NUMBER}". - - Retrieve the additional user instructions and context from the environment variable "${ADDITIONAL_CONTEXT}". + - **GitHub Repository**: ${{ env.REPOSITORY }} + - **Pull Request Number**: ${{ env.PULL_REQUEST_NUMBER }} + - **Additional User Instructions**: ${{ env.ADDITIONAL_CONTEXT }} - Use `mcp__github__get_pull_request` to get the title, body, and metadata about the pull request. - Use `mcp__github__get_pull_request_files` to get the list of files that were added, removed, and changed in the pull request. - Use `mcp__github__get_pull_request_diff` to get the diff from the pull request. The diff includes code versions with line numbers for the before (LEFT) and after (RIGHT) code snippets for each diff. @@ -251,7 +258,7 @@ jobs: {{SEVERITY}} {{COMMENT_TEXT}} - 3. **Submit Final Review:** Call `mcp__github__submit_pending_pull_request_review` with a summary comment. **DO NOT** approve the pull request. **DO NOT** request changes. The summary comment **MUST** use this exact markdown format: + 3. **Submit Final Review:** Call `mcp__github__submit_pending_pull_request_review` with a summary comment and event type "COMMENT". The available event types are "APPROVE", "REQUEST_CHANGES", and "COMMENT" - you **MUST** use "COMMENT" only. **DO NOT** use "APPROVE" or "REQUEST_CHANGES" event types. The summary comment **MUST** use this exact markdown format: ## 📋 Review Summary diff --git a/package-lock.json b/package-lock.json index 061bf104..6ff2a415 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,29 +1,29 @@ { "name": "run-gemini-cli", - "version": "0.1.12", + "version": "0.1.13", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "run-gemini-cli", - "version": "0.1.12", + "version": "0.1.13", "license": "Apache-2.0", "devDependencies": { - "@google-github-actions/actions-utils": "^0.8.8" + "@google-github-actions/actions-utils": "^0.8.10" }, "engines": { - "node": "20.x", - "npm": "> 10.x" + "node": ">= 20.x", + "npm": ">= 10.x" } }, "node_modules/@google-github-actions/actions-utils": { - "version": "0.8.8", - "resolved": "https://registry.npmjs.org/@google-github-actions/actions-utils/-/actions-utils-0.8.8.tgz", - "integrity": "sha512-5HhmjH1Lwloiav7bqsSUSntKX/2cywilHFgnqR/G+KBaVDgbA1Kue+e+u0/KzR2q6iC6LWUs/3fLaAL3AJAu0A==", + "version": "0.8.10", + "resolved": "https://registry.npmjs.org/@google-github-actions/actions-utils/-/actions-utils-0.8.10.tgz", + "integrity": "sha512-NLmKwQgPj0cQyDjbtQIGUYBdPtFIywLbH10RPRuhF6tO7qlO19N76SsaDEiZ7iKlXA9Yfj8TS3lK6wfdJyE+hw==", "dev": true, "license": "Apache-2.0", "dependencies": { - "yaml": "^2.8.0" + "yaml": "^2.8.1" }, "bin": { "actions-gen-readme": "bin/actions-gen-readme.mjs" @@ -34,9 +34,9 @@ } }, "node_modules/yaml": { - "version": "2.8.0", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.0.tgz", - "integrity": "sha512-4lLa/EcQCB0cJkyts+FpIRx5G/llPxfP6VQU5KByHEhLxY3IJCH0f0Hy1MHI8sClTvsIb8qwRJ6R/ZdlDJ/leQ==", + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.1.tgz", + "integrity": "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==", "dev": true, "license": "ISC", "bin": { diff --git a/package.json b/package.json index cda7397f..cb1e614e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "run-gemini-cli", - "version": "0.1.12", + "version": "0.1.13", "description": "This works with our versioning tools, this is NOT an NPM repo", "scripts": { "build": "echo \"No build required for composite action\"", @@ -8,7 +8,7 @@ "test": "echo \"Error: no test specified\" && exit 1" }, "engines": { - "node": "20.x", + "node": ">= 20.x", "npm": ">= 10.x" }, "repository": { @@ -26,6 +26,6 @@ }, "homepage": "https://github.com/google-github-actions/run-gemini-cli#readme", "devDependencies": { - "@google-github-actions/actions-utils": "^0.8.8" + "@google-github-actions/actions-utils": "^0.8.10" } } diff --git a/scripts/generate-examples.sh b/scripts/generate-examples.sh new file mode 100755 index 00000000..1a0964a9 --- /dev/null +++ b/scripts/generate-examples.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)" + +WORKFLOWS_DIR="${REPO_ROOT}/.github/workflows" +EXAMPLES_DIR="${REPO_ROOT}/examples/workflows" + +for workflow_file in "${WORKFLOWS_DIR}"/*.yml; do + workflow_name="$(basename "${workflow_file}")" + example_dir="" + example_filename="" + + # Add case for each file that should exist in /examples/ + case "${workflow_name}" in + "gemini-invoke.yml") + example_dir="${EXAMPLES_DIR}/gemini-assistant" + example_filename="gemini-invoke.yml" + ;; + "gemini-triage.yml") + example_dir="${EXAMPLES_DIR}/issue-triage" + example_filename="gemini-triage.yml" + ;; + "gemini-scheduled-triage.yml") + example_dir="${EXAMPLES_DIR}/issue-triage" + example_filename="gemini-scheduled-triage.yml" + ;; + "gemini-review.yml") + example_dir="${EXAMPLES_DIR}/pr-review" + example_filename="gemini-review.yml" + ;; + *) + echo "Skipping ${workflow_name}" + continue + ;; + esac + + example_file="${example_dir}/${example_filename}" + echo "Generating ${example_file}" + + # Update lines that are different in the /examples/, such as the version of the action + sed \ + -e "s|uses: 'google-github-actions/run-gemini-cli@main'|uses: 'google-github-actions/run-gemini-cli@v0'|g" \ + "${workflow_file}" > "${example_file}" +done \ No newline at end of file