From bf1fb4acbcb2f3855017376ffa4b348c91be542e Mon Sep 17 00:00:00 2001
From: Hassan Jasim <hassanjasim1000@gmail.com>
Date: Mon, 14 Jul 2025 19:21:45 -0400
Subject: [PATCH 1/4] Adding Support for Vertex Auth

---
 .github/workflows/gemini-pr-review.yml | 18 +++++++-----------
 action.yml                             | 11 ++++++++++-
 scripts/setup_workload_identity.sh     | 12 ++++++++++++
 3 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/gemini-pr-review.yml b/.github/workflows/gemini-pr-review.yml
index 580b4a7..f2d502a 100644
--- a/.github/workflows/gemini-pr-review.yml
+++ b/.github/workflows/gemini-pr-review.yml
@@ -28,24 +28,17 @@ jobs:
       pull-requests: write
       issues: write
     steps:
-      - name: Generate GitHub App Token
-        id: generate_token
-        uses: actions/create-github-app-token@v1
-        with:
-          app-id: ${{ secrets.APP_ID }}
-          private-key: ${{ secrets.PRIVATE_KEY }}
-
       - name: Checkout PR code
         uses: actions/checkout@v4
         with:
-          token: ${{ steps.generate_token.outputs.token }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
 
       - name: Get PR details
         id: get_pr
         env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
             PR_NUMBER=${{ github.event.inputs.pr_number }}
@@ -78,7 +71,7 @@ jobs:
       - name: Run Gemini PR Review
         uses: ./
         env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ steps.get_pr.outputs.pr_number }}
           PR_DATA: ${{ steps.get_pr.outputs.pr_data }}
           CHANGED_FILES: ${{ steps.get_pr.outputs.changed_files }}
@@ -87,6 +80,8 @@ jobs:
         with:
           version: 0.1.8-rc.0
           GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+          GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT }}
+          GOOGLE_CLOUD_LOCATION: ${{ secrets.GOOGLE_CLOUD_LOCATION }}
           OTLP_GCP_WIF_PROVIDER: ${{ secrets.OTLP_GCP_WIF_PROVIDER }}
           OTLP_GOOGLE_CLOUD_PROJECT: ${{ secrets.OTLP_GOOGLE_CLOUD_PROJECT }}
           settings_json: |
@@ -106,7 +101,8 @@ jobs:
                 "enabled": true,
                 "target": "gcp"
               },
-              "sandbox": false
+              "sandbox": false,
+              "selectedAuthType": "vertex-ai"
             }
           prompt: |
             You are an expert code reviewer. You have access to shell commands to gather PR information and perform the review.
diff --git a/action.yml b/action.yml
index 5a99eb0..65b3d66 100644
--- a/action.yml
+++ b/action.yml
@@ -10,6 +10,12 @@ inputs:
   GEMINI_API_KEY:
     description: 'Your Gemini API key.'
     required: true
+  GOOGLE_CLOUD_PROJECT:
+    description: 'The Google Cloud project.'
+    required: false
+  GOOGLE_CLOUD_LOCATION:
+    description: 'The Google Cloud project.'
+    required: false
   OTLP_GCP_WIF_PROVIDER:
     description: 'The workload identity provider for GCP authentication.'
     required: false
@@ -80,7 +86,10 @@ runs:
         gemini --yolo --prompt "$PROMPT"
       shell: bash
       env:
-        GEMINI_API_KEY: ${{ inputs.GEMINI_API_KEY }}
+        # GEMINI_API_KEY: ${{ inputs.GEMINI_API_KEY }}
+        GOOGLE_GENAI_USE_VERTEXAI: true
+        GOOGLE_CLOUD_PROJECT: ${{ inputs.GOOGLE_CLOUD_PROJECT }}
+        GOOGLE_CLOUD_LOCATION: ${{ inputs.GOOGLE_CLOUD_LOCATION }}
         PROMPT: ${{ inputs.prompt }}
 
 branding:
diff --git a/scripts/setup_workload_identity.sh b/scripts/setup_workload_identity.sh
index b528733..77d5103 100755
--- a/scripts/setup_workload_identity.sh
+++ b/scripts/setup_workload_identity.sh
@@ -250,6 +250,12 @@ gcloud projects add-iam-policy-binding "${GCP_PROJECT_ID}" \
     --member="${PRINCIPAL_SET}" \
     --condition=None
 
+print_info "Granting vertex permissions..."
+gcloud projects add-iam-policy-binding "${GCP_PROJECT_ID}" \
+    --role="roles/aiplatform.admin" \
+    --member="${PRINCIPAL_SET}" \
+    --condition=None
+
 print_success "Standard permissions granted to Workload Identity Pool"
 
 # Get the full provider name for output
@@ -284,5 +290,11 @@ echo ""
 echo "☁️  Secret Name: OTLP_GOOGLE_CLOUD_PROJECT"
 echo "   Secret Value: ${GCP_PROJECT_ID}"
 echo ""
+echo "☁️ Secret Name: GOOGLE_CLOUD_LOCATION"
+echo "   Secret Value: global"
+echo ""
+echo "☁️  Secret Name: GOOGLE_CLOUD_PROJECT"
+echo "   Secret Value: ${GCP_PROJECT_ID}"
+echo ""
 
 print_success "Setup completed successfully! 🚀"

From eeff3f59c342cbfbb9aedf4a871ce7b40b4b3c8c Mon Sep 17 00:00:00 2001
From: Hassan Jasim <hassanjasim1000@gmail.com>
Date: Wed, 16 Jul 2025 15:52:42 -0400
Subject: [PATCH 2/4] using gemini api key

---
 .github/workflows/gemini-pr-review.yml | 3 +--
 action.yml                             | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/gemini-pr-review.yml b/.github/workflows/gemini-pr-review.yml
index f2d502a..3b91089 100644
--- a/.github/workflows/gemini-pr-review.yml
+++ b/.github/workflows/gemini-pr-review.yml
@@ -101,8 +101,7 @@ jobs:
                 "enabled": true,
                 "target": "gcp"
               },
-              "sandbox": false,
-              "selectedAuthType": "vertex-ai"
+              "sandbox": false
             }
           prompt: |
             You are an expert code reviewer. You have access to shell commands to gather PR information and perform the review.
diff --git a/action.yml b/action.yml
index 65b3d66..b8612c2 100644
--- a/action.yml
+++ b/action.yml
@@ -86,8 +86,8 @@ runs:
         gemini --yolo --prompt "$PROMPT"
       shell: bash
       env:
-        # GEMINI_API_KEY: ${{ inputs.GEMINI_API_KEY }}
-        GOOGLE_GENAI_USE_VERTEXAI: true
+        GEMINI_API_KEY: ${{ inputs.GEMINI_API_KEY }}
+        # GOOGLE_GENAI_USE_VERTEXAI: true
         GOOGLE_CLOUD_PROJECT: ${{ inputs.GOOGLE_CLOUD_PROJECT }}
         GOOGLE_CLOUD_LOCATION: ${{ inputs.GOOGLE_CLOUD_LOCATION }}
         PROMPT: ${{ inputs.prompt }}

From 1fc2eec1107b55cc7ef073fbd65cbcb3bf85f30e Mon Sep 17 00:00:00 2001
From: Hassan Jasim <hassanjasim1000@gmail.com>
Date: Fri, 18 Jul 2025 12:14:27 -0400
Subject: [PATCH 3/4] using api

---
 action.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/action.yml b/action.yml
index b8612c2..0c50835 100644
--- a/action.yml
+++ b/action.yml
@@ -87,7 +87,6 @@ runs:
       shell: bash
       env:
         GEMINI_API_KEY: ${{ inputs.GEMINI_API_KEY }}
-        # GOOGLE_GENAI_USE_VERTEXAI: true
         GOOGLE_CLOUD_PROJECT: ${{ inputs.GOOGLE_CLOUD_PROJECT }}
         GOOGLE_CLOUD_LOCATION: ${{ inputs.GOOGLE_CLOUD_LOCATION }}
         PROMPT: ${{ inputs.prompt }}

From 6f504fd4bcf7d3c76607a0948bb1696d7694f2bb Mon Sep 17 00:00:00 2001
From: Hassan Jasim <hassanjasim1000@gmail.com>
Date: Fri, 18 Jul 2025 13:00:23 -0400
Subject: [PATCH 4/4] api

---
 .github/workflows/gemini-pr-review.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/gemini-pr-review.yml b/.github/workflows/gemini-pr-review.yml
index 3b91089..1484b62 100644
--- a/.github/workflows/gemini-pr-review.yml
+++ b/.github/workflows/gemini-pr-review.yml
@@ -84,6 +84,7 @@ jobs:
           GOOGLE_CLOUD_LOCATION: ${{ secrets.GOOGLE_CLOUD_LOCATION }}
           OTLP_GCP_WIF_PROVIDER: ${{ secrets.OTLP_GCP_WIF_PROVIDER }}
           OTLP_GOOGLE_CLOUD_PROJECT: ${{ secrets.OTLP_GOOGLE_CLOUD_PROJECT }}
+          GOOGLE_GENAI_USE_VERTEXAI: ${{ vars.GOOGLE_GENAI_USE_VERTEXAI }}
           settings_json: |
             {
               "coreTools": [