diff --git a/.github/workflows/auto_merge.yml b/.github/workflows/auto_merge.yml index 4e04030b..59895599 100644 --- a/.github/workflows/auto_merge.yml +++ b/.github/workflows/auto_merge.yml @@ -53,8 +53,8 @@ jobs: checks: read pull-requests: read if: | - github.actor == 'dependabot[bot]' && - inputs.azure_cloud == true && + github.actor == 'dependabot[bot]' && + inputs.azure_cloud == true && inputs.tfchecks_azure != '[]' strategy: matrix: @@ -81,8 +81,8 @@ jobs: needs: [static-checks, static-checks-azure] runs-on: ubuntu-latest if: | - always() && - github.actor == 'dependabot[bot]' && + always() && + github.actor == 'dependabot[bot]' && (needs.static-checks.result == 'success' || needs.static-checks-azure.result == 'success') steps: - name: Approve PR via GitHub Bot @@ -101,9 +101,9 @@ jobs: runs-on: ubuntu-latest needs: autoapprove if: | - always() && + always() && needs.autoapprove.result == 'success' && - github.event_name == 'pull_request' && + github.event_name == 'pull_request' && github.event.pull_request.draft == false steps: - name: Automerge @@ -115,4 +115,4 @@ jobs: MERGE_DELETE_BRANCH: "true" MERGE_LABELS: "dependencies, github_actions" MERGE_REQUIRED_APPROVALS: "" -... \ No newline at end of file +... diff --git a/.github/workflows/gemini-code-review.yml b/.github/workflows/gemini-code-review.yml new file mode 100644 index 00000000..bcdaf0bc --- /dev/null +++ b/.github/workflows/gemini-code-review.yml @@ -0,0 +1,74 @@ +--- +name: Gemini Code Review ✨ + +on: + workflow_call: + inputs: + review_prompt: + required: true + type: string + description: "πŸ“ Prompt text for the Gemini review" + gemini_model: + default: "gemini-2.5-pro" + required: false + type: string + description: "πŸ€– Gemini model to use (default: gemini-2.5-pro)" + github_token: + default: ${{ github.TOKEN }} + required: false + type: string + description: "πŸ”’ GitHub token (default: GITHUB_TOKEN)" + secrets: + GEMINI_API_KEY: + required: true + description: "πŸ”‘ API key for authenticating requests to the Gemini model used for code review." + +jobs: + review: + runs-on: ubuntu-latest + permissions: + pull-requests: write + contents: read + steps: + - name: πŸ“₯ Checkout + uses: actions/checkout@v4 + + - name: πŸ” Get PR diff + id: diff + run: | + BASE_BRANCH="${{ github.event.pull_request.base.ref }}" + PR_BRANCH="${{ github.event.pull_request.head.ref }}" + + echo "πŸ”— Base: $BASE_BRANCH, PR: $PR_BRANCH" + git fetch origin $BASE_BRANCH $PR_BRANCH + git diff origin/$BASE_BRANCH...origin/$PR_BRANCH > pr.diff + echo "diff_file=pr.diff" >> $GITHUB_OUTPUT + + - name: πŸ€– Run Gemini Review + id: gemini + uses: google-github-actions/run-gemini-cli@v0.1.12 + with: + gemini_api_key: ${{ secrets.GEMINI_API_KEY }} + gemini_model: "gemini-2.5-pro" + files: ${{ steps.diff.outputs.diff_file }} + prompt: | + ${{ inputs.review_prompt }} + + - name: πŸ’¬ Comment Review on PR + if: steps.gemini.outputs.summary != '' + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const summary = ${{ toJSON(steps.gemini.outputs.summary) }}; + const review = `### ✨ Gemini Code Review ✨\n\n${summary}`; + + const issue_number = context.payload.pull_request.number; + + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number, + body: review + }); +... diff --git a/README.md b/README.md index e29ae16d..56c58543 100644 --- a/README.md +++ b/README.md @@ -98,32 +98,33 @@ Above example is just a simple example to call workflow from github shared workf 8. [Docker Workflow](./docs/08.docker.md) * [Example for scan and push docker image on Dockerhub](./docs/08.docker.md#example-for-scan-and-push-docker-image-on-dockerhub) * [Example for scan and push docker image on ECR](./docs/08.docker.md#example-for-scan-and-push-docker-image-on-ecr) -9. [Helm Workflow](./docs/09.helm.md) - * [Example for AWS cloud provider](./docs/09.helm.md#example-for-aws-cloud-provider) - * [Example for Azure cloud provider](./docs/09.helm.md) -10. [Infracost workflow](./docs/10.infracost.md) -11. [Lock Thread workflow](./docs/11.lock.md) -12. [Powerpipe workflow](./docs/12.powerpipe.md) -13. [PR Checks workflow](./docs/13.pr-checks.md) -14. [Prowler workflow](./docs/14.prowler.md) -15. [Prowler workflow (AWS)](./docs/15.prowlerAWS.md) -16. [Prowler workflow (GCP)](./docs/16.prowlerGCP.md) -17. [README Generation workflow](./docs/17.readme.md) -18. [Remote SSH Command workflow](./docs/18.RemoteSSHCommand.md) -19. [Slack Alert](./docs/19.slack.md) -20. [Smurf Docker + Helm Workflow](./docs/20.smurf-docker-helm.md) -21. [Smurf Terraform Workflow](./docs/21.smurf-terraform.md) -22. [SST Workflow](./docs/22.sst.md) -23. [Stale PR workflow](./docs/23.stale-pr.md) -24. [Tag Release workflow](./docs/24.tag-release.md) -25. [Terraform Checks Workflow](./docs/25.tf-checks.md) - * [Example for terraform checks with azure cloud](./docs/25.tf-checks.md#example-for-terraform-checks-with-azure-cloud) - * [Example for terraform checks with aws cloud](./docs/25.tf-checks.md#example-for-terraform-checks-with-aws-cloud) - * [Example for terraform checks with digitalocean cloud](./docs/25.tf-checks.md#example-for-terraform-checks-with-digitalocean-cloud) -26. [Terraform Lint Workflow](./docs/26.terraform-lint.md) -27. [Terraform Workflow](./docs/27.terraform_workflow.md) -28. [Terraform Module Tag Release Workflow (Shared)](./docs/28.tf-monorepo-tag-release.md) -29. [Terraform PR Plan Diff workflow](./docs/29.tf-pr-checks.md) +9. [Gemini Code Review Workflow](./docs/09.gemini-code-review.md) +10. [Helm Workflow](./docs/10.helm.md) + * [Example for AWS cloud provider](./docs/10.helm.md#example-for-aws-cloud-provider) + * [Example for Azure cloud provider](./docs/10.helm.md) +11. [Infracost workflow](./docs/11.infracost.md) +12. [Lock Thread workflow](./docs/12.lock.md) +13. [Powerpipe workflow](./docs/13.powerpipe.md) +14. [PR Checks workflow](./docs/14.pr-checks.md) +15. [Prowler workflow](./docs/15.prowler.md) +16. [Prowler workflow (AWS)](./docs/16.prowlerAWS.md) +17. [Prowler workflow (GCP)](./docs/17.prowlerGCP.md) +18. [README Generation workflow](./docs/18.readme.md) +19. [Remote SSH Command workflow](./docs/19.RemoteSSHCommand.md) +20. [Slack Alert](./docs/20.slack.md) +21. [Smurf Docker + Helm Workflow](./docs/21.smurf-docker-helm.md) +22. [Smurf Terraform Workflow](./docs/22.smurf-terraform.md) +23. [SST Workflow](./docs/23.sst.md) +24. [Stale PR workflow](./docs/24.stale-pr.md) +25. [Tag Release workflow](./docs/25.tag-release.md) +26. [Terraform Checks Workflow](./docs/26.tf-checks.md) + * [Example for terraform checks with azure cloud](./docs/26.tf-checks.md#example-for-terraform-checks-with-azure-cloud) + * [Example for terraform checks with aws cloud](./docs/26.tf-checks.md#example-for-terraform-checks-with-aws-cloud) + * [Example for terraform checks with digitalocean cloud](./docs/26.tf-checks.md#example-for-terraform-checks-with-digitalocean-cloud) +27. [Terraform Lint Workflow](./docs/27.terraform-lint.md) +28. [Terraform Workflow](./docs/28.terraform_workflow.md) +29. [Terraform Module Tag Release Workflow (Shared)](./docs/29.tf-monorepo-tag-release.md) +30. [Terraform PR Plan Diff workflow](./docs/30.tf-pr-checks.md) ## Feedback If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/github-shared-workflows/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). diff --git a/docs/09.gemini-code-review.md b/docs/09.gemini-code-review.md new file mode 100644 index 00000000..044ba31a --- /dev/null +++ b/docs/09.gemini-code-review.md @@ -0,0 +1,91 @@ +# πŸ“– Gemini Code Review Workflow Guide + +## 🎯 Objective +Automate AI-powered code reviews for every Pull Request using Google’s Gemini model. +This ensures consistent, high-quality review feedback on style, correctness, performance, and best practices. + +--- + +## ✨ Features +- πŸš€ **Auto Review** β€” Runs automatically on PR open, update, or reopen. +- πŸ€– **AI Suggestions** β€” Uses Google Gemini (`gemini-2.5-pro`) for detailed review. +- πŸ“‚ **Diff Based** β€” Reviews only the code changes in the PR. +- πŸ”„ **Reusable Workflow** β€” Centralized workflow callable from multiple repos. +- πŸ”‘ **Configurable** β€” Supports overriding model or GitHub token if needed. + +--- + +## ❓ Why use this? +- βœ… Catch issues early without waiting for human reviewers. +- βœ… Standardize review quality across repos. +- βœ… Reduce review time for repetitive issues (formatting, common bugs, performance hints). +- βœ… Easy to integrate and maintain via a reusable workflow. + +--- + +## πŸ”‘ Setup: Google API Key +The Gemini CLI requires a Google API key. + +1. Visit **[Google AI Studio](https://aistudio.google.com/)** +2. Click **Create API Key** +3. Copy the key and add it to your repo’s GitHub secrets: + - Navigate to **Settings β†’ Secrets and variables β†’ Actions** + - Add a new secret: + - **Name:** `GEMINI_API_KEY` + - **Value:** *(your API key from Google AI Studio)* + +--- + +## ✍️ Customizing the Review Prompt + +The **review prompt** controls *how Gemini reviews your code*. +By default, a general-purpose prompt is used, but you can override it in the caller workflow. + +### πŸ”Ή Example +```yaml +with: + review_prompt: | + πŸ§‘β€πŸ’» You are an AI code reviewer. Review the provided **git diff** in pr.diff. + Focus on: + - πŸ“‚ Mentioning the file name and line number + - ⚠️ Describing the issue clearly + - ❓ Explaining why it is problematic + - πŸ›  Suggesting a fix + If multiple issues exist, list them separately. +``` +--- + +## ▢️ Example Caller File + +```yaml +--- +name: PR Gemini Review πŸš€ + +on: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + call-gemini-review: + name: πŸ€– Run Gemini Code Review + uses: clouddrove/github-shared-workflows/.github/workflows/gemini-code-review.yml@master + with: + gemini_model: "gemini-2.5-pro" # ✨ optional, default already set + github_token: ${{ github.TOKEN }} # πŸ”‘ optional override + review_prompt: | + πŸ§‘β€πŸ’» You are an AI code reviewer. Review the provided **git diff** in pr.diff. + For each issue you find: + - πŸ“‚ Mention the file name and line number + - ⚠️ Describe the issue + - ❓ Explain why it is problematic + - πŸ›  Suggest a fix + If multiple issues exist, list them separately. + secrets: + GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }} +``` + +## πŸ“Œ Notes + +- Default GitHub token (github.TOKEN) is used unless overridden. +- You can change the model via with.gemini_model. +- Works best on small to medium PRs β€” large diffs may exceed token limits. \ No newline at end of file diff --git a/docs/09.helm.md b/docs/10.helm.md similarity index 100% rename from docs/09.helm.md rename to docs/10.helm.md diff --git a/docs/10.infracost.md b/docs/11.infracost.md similarity index 100% rename from docs/10.infracost.md rename to docs/11.infracost.md diff --git a/docs/11.lock.md b/docs/12.lock.md similarity index 100% rename from docs/11.lock.md rename to docs/12.lock.md diff --git a/docs/12.powerpipe.md b/docs/13.powerpipe.md similarity index 100% rename from docs/12.powerpipe.md rename to docs/13.powerpipe.md diff --git a/docs/13.pr-checks.md b/docs/14.pr-checks.md similarity index 100% rename from docs/13.pr-checks.md rename to docs/14.pr-checks.md diff --git a/docs/14.prowler.md b/docs/15.prowler.md similarity index 100% rename from docs/14.prowler.md rename to docs/15.prowler.md diff --git a/docs/15.prowlerAWS.md b/docs/16.prowlerAWS.md similarity index 100% rename from docs/15.prowlerAWS.md rename to docs/16.prowlerAWS.md diff --git a/docs/16.prowlerGCP.md b/docs/17.prowlerGCP.md similarity index 100% rename from docs/16.prowlerGCP.md rename to docs/17.prowlerGCP.md diff --git a/docs/17.readme.md b/docs/18.readme.md similarity index 100% rename from docs/17.readme.md rename to docs/18.readme.md diff --git a/docs/18.RemoteSSHCommand.md b/docs/19.RemoteSSHCommand.md similarity index 100% rename from docs/18.RemoteSSHCommand.md rename to docs/19.RemoteSSHCommand.md diff --git a/docs/19.slack.md b/docs/20.slack.md similarity index 100% rename from docs/19.slack.md rename to docs/20.slack.md diff --git a/docs/20.smurf-docker-helm.md b/docs/21.smurf-docker-helm.md similarity index 100% rename from docs/20.smurf-docker-helm.md rename to docs/21.smurf-docker-helm.md diff --git a/docs/21.smurf-terraform.md b/docs/22.smurf-terraform.md similarity index 100% rename from docs/21.smurf-terraform.md rename to docs/22.smurf-terraform.md diff --git a/docs/22.sst.md b/docs/23.sst.md similarity index 100% rename from docs/22.sst.md rename to docs/23.sst.md diff --git a/docs/23.stale-pr.md b/docs/24.stale-pr.md similarity index 100% rename from docs/23.stale-pr.md rename to docs/24.stale-pr.md diff --git a/docs/24.tag-release.md b/docs/25.tag-release.md similarity index 100% rename from docs/24.tag-release.md rename to docs/25.tag-release.md diff --git a/docs/25.tf-checks.md b/docs/26.tf-checks.md similarity index 100% rename from docs/25.tf-checks.md rename to docs/26.tf-checks.md diff --git a/docs/26.terraform-lint.md b/docs/27.terraform-lint.md similarity index 100% rename from docs/26.terraform-lint.md rename to docs/27.terraform-lint.md diff --git a/docs/27.terraform_workflow.md b/docs/28.terraform_workflow.md similarity index 100% rename from docs/27.terraform_workflow.md rename to docs/28.terraform_workflow.md diff --git a/docs/28.tf-monorepo-tag-release.md b/docs/29.tf-monorepo-tag-release.md similarity index 100% rename from docs/28.tf-monorepo-tag-release.md rename to docs/29.tf-monorepo-tag-release.md diff --git a/docs/29.tf-pr-checks.md b/docs/30.tf-pr-checks.md similarity index 100% rename from docs/29.tf-pr-checks.md rename to docs/30.tf-pr-checks.md