diff --git a/.github/workflows/gemini-pr-review.yml b/.github/workflows/gemini-pr-review.yml index 580b4a7..1484b62 100644 --- a/.github/workflows/gemini-pr-review.yml +++ b/.github/workflows/gemini-pr-review.yml @@ -28,24 +28,17 @@ jobs: pull-requests: write issues: write steps: - - name: Generate GitHub App Token - id: generate_token - uses: actions/create-github-app-token@v1 - with: - app-id: ${{ secrets.APP_ID }} - private-key: ${{ secrets.PRIVATE_KEY }} - - name: Checkout PR code uses: actions/checkout@v4 with: - token: ${{ steps.generate_token.outputs.token }} + token: ${{ secrets.GITHUB_TOKEN }} ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - name: Get PR details id: get_pr env: - GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then PR_NUMBER=${{ github.event.inputs.pr_number }} @@ -78,7 +71,7 @@ jobs: - name: Run Gemini PR Review uses: ./ env: - GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR_NUMBER: ${{ steps.get_pr.outputs.pr_number }} PR_DATA: ${{ steps.get_pr.outputs.pr_data }} CHANGED_FILES: ${{ steps.get_pr.outputs.changed_files }} @@ -87,8 +80,11 @@ jobs: with: version: 0.1.8-rc.0 GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }} + GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT }} + GOOGLE_CLOUD_LOCATION: ${{ secrets.GOOGLE_CLOUD_LOCATION }} OTLP_GCP_WIF_PROVIDER: ${{ secrets.OTLP_GCP_WIF_PROVIDER }} OTLP_GOOGLE_CLOUD_PROJECT: ${{ secrets.OTLP_GOOGLE_CLOUD_PROJECT }} + GOOGLE_GENAI_USE_VERTEXAI: ${{ vars.GOOGLE_GENAI_USE_VERTEXAI }} settings_json: | { "coreTools": [ diff --git a/action.yml b/action.yml index 5a99eb0..0c50835 100644 --- a/action.yml +++ b/action.yml @@ -10,6 +10,12 @@ inputs: GEMINI_API_KEY: description: 'Your Gemini API key.' required: true + GOOGLE_CLOUD_PROJECT: + description: 'The Google Cloud project.' + required: false + GOOGLE_CLOUD_LOCATION: + description: 'The Google Cloud project.' + required: false OTLP_GCP_WIF_PROVIDER: description: 'The workload identity provider for GCP authentication.' required: false @@ -81,6 +87,8 @@ runs: shell: bash env: GEMINI_API_KEY: ${{ inputs.GEMINI_API_KEY }} + GOOGLE_CLOUD_PROJECT: ${{ inputs.GOOGLE_CLOUD_PROJECT }} + GOOGLE_CLOUD_LOCATION: ${{ inputs.GOOGLE_CLOUD_LOCATION }} PROMPT: ${{ inputs.prompt }} branding: diff --git a/scripts/setup_workload_identity.sh b/scripts/setup_workload_identity.sh index b528733..77d5103 100755 --- a/scripts/setup_workload_identity.sh +++ b/scripts/setup_workload_identity.sh @@ -250,6 +250,12 @@ gcloud projects add-iam-policy-binding "${GCP_PROJECT_ID}" \ --member="${PRINCIPAL_SET}" \ --condition=None +print_info "Granting vertex permissions..." +gcloud projects add-iam-policy-binding "${GCP_PROJECT_ID}" \ + --role="roles/aiplatform.admin" \ + --member="${PRINCIPAL_SET}" \ + --condition=None + print_success "Standard permissions granted to Workload Identity Pool" # Get the full provider name for output @@ -284,5 +290,11 @@ echo "" echo "☁️ Secret Name: OTLP_GOOGLE_CLOUD_PROJECT" echo " Secret Value: ${GCP_PROJECT_ID}" echo "" +echo "☁️ Secret Name: GOOGLE_CLOUD_LOCATION" +echo " Secret Value: global" +echo "" +echo "☁️ Secret Name: GOOGLE_CLOUD_PROJECT" +echo " Secret Value: ${GCP_PROJECT_ID}" +echo "" print_success "Setup completed successfully! 🚀"