gemini-pr-review.yml
1 name: Gemini PR Review 2 3 on: 4 # issue_comment: 5 # types: [created] 6 workflow_dispatch: 7 inputs: 8 pr_number: 9 description: 'PR number to review' 10 required: true 11 type: number 12 13 jobs: 14 review-pr: 15 if: > 16 github.event_name == 'workflow_dispatch' || 17 (github.event_name == 'issue_comment' && 18 github.event.issue.pull_request && 19 contains(github.event.comment.body, '@gemini') && 20 (github.event.comment.author_association == 'OWNER' || 21 github.event.comment.author_association == 'MEMBER' || 22 github.event.comment.author_association == 'COLLABORATOR')) 23 timeout-minutes: 15 24 runs-on: ubuntu-latest 25 permissions: 26 contents: read 27 id-token: write 28 pull-requests: write 29 issues: write 30 steps: 31 - name: Generate GitHub App Token 32 id: generate_token 33 uses: actions/create-github-app-token@v1 34 with: 35 app-id: ${{ secrets.APP_ID }} 36 private-key: ${{ secrets.PRIVATE_KEY }} 37 38 - name: Determine checkout ref 39 id: checkout_ref 40 run: | 41 if [ "${{ github.event_name }}" = "issue_comment" ]; then 42 echo "ref=refs/pull/${{ github.event.issue.number }}/head" >> "$GITHUB_OUTPUT" 43 else 44 echo "ref=${{ github.event.pull_request.head.sha }}" >> "$GITHUB_OUTPUT" 45 fi 46 47 - name: Checkout PR code 48 uses: actions/checkout@v4 49 with: 50 persist-credentials: false 51 with: 52 persist-credentials: false 53 with: 54 token: ${{ steps.generate_token.outputs.token }} 55 ref: ${{ steps.checkout_ref.outputs.ref }} 56 fetch-depth: 0 57 58 - name: Get PR details 59 id: get_pr 60 env: 61 GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} 62 # Pass user-controlled inputs via environment variables to prevent script injection (GHSL-2025-093) 63 EVENT_NAME: ${{ github.event_name }} 64 EVENT_INPUTS_PR_NUMBER: ${{ github.event.inputs.pr_number }} 65 EVENT_ISSUE_NUMBER: ${{ github.event.issue.number }} 66 EVENT_PR_NUMBER: ${{ github.event.pull_request.number }} 67 EVENT_COMMENT_BODY: ${{ github.event.comment.body }} 68 run: | 69 if [ "$EVENT_NAME" = "workflow_dispatch" ]; then 70 PR_NUMBER=$EVENT_INPUTS_PR_NUMBER 71 elif [ "$EVENT_NAME" = "issue_comment" ]; then 72 PR_NUMBER=$EVENT_ISSUE_NUMBER 73 else 74 PR_NUMBER=$EVENT_PR_NUMBER 75 fi 76 77 echo "pr_number=$PR_NUMBER" >> "$GITHUB_OUTPUT" 78 79 # Extract additional instructions from comment (if triggered by comment) 80 ADDITIONAL_INSTRUCTIONS="" 81 if [ "$EVENT_NAME" = "issue_comment" ]; then 82 COMMENT_BODY="$EVENT_COMMENT_BODY" 83 ADDITIONAL_INSTRUCTIONS=$(echo "$COMMENT_BODY" | sed 's/.*@gemini//' | xargs) 84 fi 85 echo "additional_instructions=$ADDITIONAL_INSTRUCTIONS" >> "$GITHUB_OUTPUT" 86 87 # Get PR details 88 PR_DATA=$(gh pr view $PR_NUMBER --json title,body,additions,deletions,changedFiles,baseRefName,headRefName) 89 echo "pr_data=$PR_DATA" >> "$GITHUB_OUTPUT" 90 91 # Get file changes 92 CHANGED_FILES=$(gh pr diff $PR_NUMBER --name-only) 93 echo "changed_files<<EOF" >> "$GITHUB_OUTPUT" 94 echo "$CHANGED_FILES" >> "$GITHUB_OUTPUT" 95 echo "EOF" >> "$GITHUB_OUTPUT" 96 97 - name: Run Gemini PR Review 98 uses: ./.github/actions/gemini 99 env: 100 GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} 101 PR_NUMBER: ${{ steps.get_pr.outputs.pr_number }} 102 PR_DATA: ${{ steps.get_pr.outputs.pr_data }} 103 CHANGED_FILES: ${{ steps.get_pr.outputs.changed_files }} 104 ADDITIONAL_INSTRUCTIONS: ${{ steps.get_pr.outputs.additional_instructions }} 105 REPOSITORY: ${{ github.repository }} 106 with: 107 version: 0.1.8-rc.0 108 GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }} 109 OTLP_GCP_WIF_PROVIDER: ${{ secrets.OTLP_GCP_WIF_PROVIDER }} 110 OTLP_GOOGLE_CLOUD_PROJECT: ${{ secrets.OTLP_GOOGLE_CLOUD_PROJECT }} 111 settings_json: | 112 { 113 "coreTools": [ 114 "run_shell_command(echo)", 115 "run_shell_command(gh pr view)", 116 "run_shell_command(gh pr diff)", 117 "run_shell_command(gh pr comment)", 118 "run_shell_command(gh pr list)", 119 "run_shell_command(cat)", 120 "run_shell_command(head)", 121 "run_shell_command(tail)", 122 "run_shell_command(grep)", 123 "run_shell_command(find)", 124 "run_shell_command(git checkout)", 125 "run_shell_command(git add)", 126 "run_shell_command(git commit)", 127 "run_shell_command(git push)", 128 "run_shell_command(git status)", 129 "run_shell_command(git branch)", 130 "run_shell_command(git fetch)", 131 "list_directory", 132 "read_file", 133 "read_many_files", 134 "write_file", 135 "replace", 136 "glob", 137 "search_file_content", 138 "web_fetch", 139 "google_web_search", 140 "save_memory" 141 ], 142 "telemetry": { 143 "enabled": false, 144 "target": "gcp" 145 }, 146 "sandbox": false 147 } 148 prompt: | 149 You are an expert code reviewer and AI assistant for Pull Requests. You can review code AND make modifications to improve the PR. 150 151 **PR Details:** 152 - PR Number: #$PR_NUMBER 153 - Repository: $REPOSITORY 154 - Additional Instructions: $ADDITIONAL_INSTRUCTIONS 155 156 **CRITICAL: When making code modifications, follow this EXACT workflow:** 157 158 **STEP 1: Analyze the PR** 159 - Use: `echo "$PR_DATA"` to get PR details (JSON format) 160 - Use: `echo "$CHANGED_FILES"` to get changed files list 161 - Use: `gh pr diff ${PR_NUMBER}` to see the full diff 162 - Use: `gh pr view ${PR_NUMBER} --json title,body,headRefName` to get PR info 163 - Analyze the code changes thoroughly 164 165 **STEP 2: If Code Improvements Are Needed** 166 MANDATORY FIRST STEP: Before writing any code, you MUST use `read_file` to carefully read "src/praisonai-agents/AGENTS.md". You must honor this repository's extremely specific Architecture, Protocol-First design rules, and Agent-Centric Philosophy! 167 168 **IMPORTANT:** DO NOT create a new branch! Work on the EXISTING PR branch. 169 - Use: `git fetch origin` to get latest changes 170 - Get PR branch name: `gh pr view ${PR_NUMBER} --json headRefName` 171 - Switch to PR branch: `git checkout BRANCH_NAME` (use actual branch name from PR) 172 - Use: `git pull origin BRANCH_NAME` to get latest PR changes 173 174 **STEP 3: Make Code Modifications** 175 - Use `read_file` to examine existing code 176 - Use `write_file` or `replace` to make improvements 177 - Use `search_file_content` to find related code 178 - Make focused, targeted improvements to the PR 179 180 **STEP 4: Test Changes (if applicable)** 181 - Run relevant tests if test files exist 182 - Use `run_shell_command` to execute test commands 183 184 **STEP 5: Commit and Push Changes to EXISTING PR Branch** 185 - Use: `git add .` (or specific files) 186 - Use: `git commit -m "Gemini: [PR #${PR_NUMBER}] Brief description of improvements"` 187 - Use: `git push origin BRANCH_NAME` (push to EXISTING PR branch) 188 189 **STEP 6: Review and Comment on PR** 190 Write comprehensive review and post comment with your analysis and any improvements made. 191 Use: `gh pr comment ${PR_NUMBER} -b "MESSAGE"` 192 193 Review Guidelines: 194 - Focus on code quality, security, performance, and maintainability 195 - Check for common issues: potential bugs, security vulnerabilities, performance bottlenecks 196 - Verify error handling and edge cases 197 - Look for code style and best practices 198 - Comment on architecture and design decisions if significant 199 - Be constructive and specific in feedback 200 - Highlight both issues and positive aspects 201 - Suggest improvements with examples when possible 202 203 Review Areas: 204 - **Security**: Authentication, authorization, input validation, data sanitization 205 - **Performance**: Algorithms, database queries, caching, resource usage 206 - **Reliability**: Error handling, logging, testing coverage, edge cases 207 - **Maintainability**: Code structure, documentation, naming conventions 208 - **Functionality**: Logic correctness, requirements fulfillment 209 210 Output Format: 211 Structure your review using this exact format with markdown: 212 213 ## 📋 Review Summary 214 Provide a brief 2-3 sentence overview of the PR and overall assessment. 215 216 ## 🔍 General Feedback 217 - List general observations about code quality 218 - Mention overall patterns or architectural decisions 219 - Highlight positive aspects of the implementation 220 - Note any recurring themes across files 221 222 ## 🎯 Specific Feedback 223 Only include sections below that have actual issues. If there are no issues in a priority category, omit that entire section. 224 225 ### 🔴 Critical 226 (Only include this section if there are critical issues) 227 Issues that must be addressed before merging (security vulnerabilities, breaking changes, major bugs): 228 - **File: `filename:line`** - Description of critical issue with specific recommendation 229 230 ### 🟡 High 231 (Only include this section if there are high priority issues) 232 Important issues that should be addressed (performance problems, design flaws, significant bugs): 233 - **File: `filename:line`** - Description of high priority issue with suggested fix 234 235 ### 🟢 Medium 236 (Only include this section if there are medium priority issues) 237 Improvements that would enhance code quality (style issues, minor optimizations, better practices): 238 - **File: `filename:line`** - Description of medium priority improvement 239 240 ### 🔵 Low 241 (Only include this section if there are suggestions) 242 Nice-to-have improvements and suggestions (documentation, naming, minor refactoring): 243 - **File: `filename:line`** - Description of suggestion or enhancement 244 245 **Note**: If no specific issues are found in any category, simply state "No specific issues identified in this review." 246 247 ## ✅ Highlights 248 (Only include this section if there are positive aspects to highlight) 249 - Mention specific good practices or implementations 250 - Acknowledge well-written code sections 251 - Note improvements from previous versions 252 253 --- 254 *Review completed by Gemini CLI*