-
-
Notifications
You must be signed in to change notification settings - Fork 0
405 lines (345 loc) · 18.8 KB
/
gemini-code-assistant.yml
File metadata and controls
405 lines (345 loc) · 18.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
# Gemini AI-Powered Code Analysis
# Analyzes code changes in PRs, pushes, and branches - FOCUSES ON CODE CHANGES
name: AI Code Analysis
on:
pull_request:
types: [opened, synchronize, reopened]
push:
branches: [main, develop, 'feature/*', 'bugfix/*']
workflow_dispatch:
# Cancel previous workflow runs for the same context
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
pull-requests: write
issues: write
jobs:
ai-analysis:
name: AI Analysis & Assistant
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Setup Node.js for Google AI SDK
uses: actions/setup-node@v6
with:
node-version: '20'
- name: Get Code Changes
id: get-changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
EVENT_NAME: ${{ github.event_name }}
BASE_SHA: ${{ github.event.before || '' }}
HEAD_SHA: ${{ github.sha }}
REPO_FULL_NAME: ${{ github.repository }}
run: |
echo "📋 Collecting code changes for analysis..."
echo "🔍 Debug info: BASE_SHA=$BASE_SHA, HEAD_SHA=$HEAD_SHA"
if [ "$EVENT_NAME" = "pull_request" ]; then
# For PRs, use git diff as primary method
PR_BASE_SHA="${{ github.event.pull_request.base.sha }}"
PR_HEAD_SHA="${{ github.event.pull_request.head.sha }}"
echo "🔍 PR Debug: BASE=$PR_BASE_SHA, HEAD=$PR_HEAD_SHA"
# Use git diff as PRIMARY method (more reliable)
echo "🔧 Using git diff (primary method)..."
if git diff "$PR_BASE_SHA".."$PR_HEAD_SHA" > code_changes.diff 2>git_error.log; then
echo "✅ Git diff successful - collected $(wc -l < code_changes.diff) lines"
else
echo "❌ Git diff failed, trying GitHub API as fallback..."
cat git_error.log 2>/dev/null || echo "No git error details"
# GitHub API as fallback
curl -s -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3.diff" \
"https://api.github.com/repos/$REPO_FULL_NAME/compare/$PR_BASE_SHA..$PR_HEAD_SHA" \
> code_changes.diff
if [ -s code_changes.diff ]; then
echo "✅ GitHub API fallback successful"
else
echo "❌ Both methods failed for PR"
fi
fi
elif [ "$EVENT_NAME" = "push" ]; then
# For pushes, get the diff from the previous commit
if [ -n "$BASE_SHA" ] && [ "$BASE_SHA" != "0000000000000000000000000000000000000000" ]; then
echo "🔍 Push Debug: Comparing $BASE_SHA to $HEAD_SHA"
# Use git diff as PRIMARY method (more reliable)
echo "🔧 Using git diff (primary method)..."
if git diff "$BASE_SHA".."$HEAD_SHA" > code_changes.diff 2>git_error.log; then
echo "✅ Git diff successful - collected $(wc -l < code_changes.diff) lines"
else
echo "❌ Git diff failed, trying GitHub API as fallback..."
cat git_error.log 2>/dev/null || echo "No git error details"
# GitHub API as fallback only
echo "🌐 Attempting GitHub API diff as fallback..."
echo "🔍 URL: https://api.github.com/repos/$REPO_FULL_NAME/compare/$BASE_SHA..$HEAD_SHA"
HTTP_CODE=$(curl -s -w "%{http_code}" \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3.diff" \
"https://api.github.com/repos/$REPO_FULL_NAME/compare/$BASE_SHA..$HEAD_SHA" \
-o code_changes.diff 2>api_error.log)
if [ "$HTTP_CODE" = "200" ] && [ -s code_changes.diff ]; then
echo "✅ GitHub API fallback successful"
else
echo "❌ GitHub API also failed (HTTP $HTTP_CODE)"
fi
fi
# Final fallback: git show if no diff available
if [ ! -s code_changes.diff ]; then
echo "⚠️ No diff available, showing recent commit changes..."
echo "🔧 Running: git show --stat $HEAD_SHA"
git show --stat "$HEAD_SHA" > code_changes.diff 2>>git_error.log
echo "" >> code_changes.diff
git show "$HEAD_SHA" >> code_changes.diff 2>>git_error.log
if [ -s code_changes.diff ]; then
echo "✅ Git show successful as final fallback"
else
echo "❌ All methods failed - no code changes available"
fi
fi
else
echo "📄 Initial commit or no previous commit - showing current files..."
git show --name-only $HEAD_SHA | head -10 | while read file; do
if [ -f "$file" ]; then
echo "=== $file ===" >> code_changes.diff
head -50 "$file" >> code_changes.diff
echo "" >> code_changes.diff
fi
done
fi
else
echo "No code changes available for this event type" > code_changes.diff
fi
# Check if we got changes
if [ -s code_changes.diff ]; then
echo "✅ Code changes collected: $(wc -l < code_changes.diff) lines"
echo "changes-available=true" >> $GITHUB_OUTPUT
else
echo "⚠️ No code changes found"
echo "changes-available=false" >> $GITHUB_OUTPUT
fi
- name: Install Google AI SDK and Create Analysis Script
run: |
echo "🔧 Installing Google AI SDK..."
npm install @google/generative-ai
echo "📦 Creating Gemini analysis script..."
cat > gemini-analyze.js << 'SCRIPT_EOF'
const { GoogleGenerativeAI } = require('@google/generative-ai');
const fs = require('fs');
async function analyzeCode() {
try {
const apiKey = process.env.GEMINI_API_KEY;
if (!apiKey) {
throw new Error('GEMINI_API_KEY environment variable not found');
}
console.log('🔑 API key configured, length:', apiKey.length);
console.log('🤖 Initializing Gemini AI...');
const genAI = new GoogleGenerativeAI(apiKey);
// Try different model names prioritizing quality first, then fallback on rate limits
// Order: 2.5 models (highest quality) -> 2.0 models (higher RPM) -> legacy
const modelNames = [
"gemini-2.5-pro", // 5 RPM, 250K TPM - Highest quality
"gemini-2.5-flash", // 10 RPM, 250K TPM - Best 2.5 balance
"gemini-2.5-flash-preview", // 10 RPM, 250K TPM - Latest 2.5 features
"gemini-2.5-flash-lite", // 15 RPM, 250K TPM - Faster 2.5
"gemini-2.5-flash-lite-preview", // 15 RPM, 250K TPM - Latest 2.5 lite
"gemini-2.0-flash", // 15 RPM, 1M TPM - Good 2.0 balance
"gemini-2.0-flash-lite", // 30 RPM, 1M TPM - Highest RPM fallback
"gemini-1.5-flash", // 15 RPM, 250K TPM - DEPRECATED fallback
"gemini-pro" // Legacy final fallback
];
let model = null;
let modelUsed = null;
for (const modelName of modelNames) {
try {
console.log('🔧 Trying model:', modelName);
model = genAI.getGenerativeModel({ model: modelName });
// Test the model with a small request to check availability/rate limits
console.log('🧪 Testing model availability...');
await model.generateContent("test");
modelUsed = modelName;
console.log('✅ Successfully initialized and tested model:', modelName);
break;
} catch (modelError) {
console.log('❌ Model', modelName, 'failed:', modelError.message);
// Check for rate limit errors specifically
if (modelError.message && (
modelError.message.includes('rate limit') ||
modelError.message.includes('quota') ||
modelError.message.includes('429') ||
modelError.status === 429
)) {
console.log('⚠️ Rate limit detected, trying next model with higher RPM...');
} else if (modelError.message && modelError.message.includes('404')) {
console.log('⚠️ Model not found, trying next available model...');
}
continue;
}
}
if (!model) {
throw new Error('No supported Gemini model could be initialized');
}
const prompt = fs.readFileSync('analysis_prompt.txt', 'utf8');
console.log('📝 Prompt loaded, size:', prompt.length, 'characters');
console.log('🚀 Generating analysis with model:', modelUsed);
const result = await model.generateContent(prompt);
const response = await result.response;
const text = response.text();
fs.writeFileSync('ai_analysis_result.txt', text);
console.log('✅ Analysis completed successfully');
console.log('📄 Result size:', text.length, 'characters');
console.log('🤖 Model used:', modelUsed);
} catch (error) {
console.error('❌ Gemini analysis failed:', error.message);
console.error('🔍 Full error details:', error);
const fallbackContent = [
'## 🤖 AI Analysis Status',
'',
'The automated AI analysis encountered an issue: ' + error.message,
'',
'This may be due to:',
'- API key configuration issues',
'- Network connectivity problems',
'- Gemini API rate limits or service issues',
'- Invalid prompt format or size',
'',
'### Manual Review Recommended',
'Please conduct a manual code review focusing on:',
'- WordPress security best practices',
'- Coding standards compliance',
'- Performance considerations',
'- Plugin-specific requirements',
'',
'The PR can still be reviewed and merged based on manual inspection.'
].join('\n');
fs.writeFileSync('ai_analysis_result.txt', fallbackContent);
process.exit(1);
}
}
analyzeCode().catch(error => {
console.error('Fatal error:', error);
process.exit(1);
});
SCRIPT_EOF
echo "✅ Analysis script created successfully"
- name: Create Analysis Prompt
env:
PR_TITLE: ${{ github.event.pull_request.title || format('Push Analysis - {0}', github.ref_name) }}
PR_AUTHOR: ${{ github.event.pull_request.user.login || github.actor }}
CHANGES_AVAILABLE: ${{ steps.get-changes.outputs.changes-available }}
run: |
echo "📝 Creating analysis prompt..."
echo "You are an expert WordPress plugin developer and security consultant." > analysis_prompt.txt
echo "" >> analysis_prompt.txt
echo "CRITICAL INSTRUCTION: FOCUS ON THE CODE CHANGES AND PROVIDE SECURITY ANALYSIS." >> analysis_prompt.txt
echo "Analyze what was changed, added, or removed and review those specific modifications." >> analysis_prompt.txt
echo "" >> analysis_prompt.txt
echo "Context: $PR_TITLE by @$PR_AUTHOR" >> analysis_prompt.txt
echo "" >> analysis_prompt.txt
echo "Please analyze this WordPress plugin code for:" >> analysis_prompt.txt
echo "1. Security vulnerabilities" >> analysis_prompt.txt
echo "2. WordPress coding standards compliance" >> analysis_prompt.txt
echo "3. Performance considerations" >> analysis_prompt.txt
echo "4. Best practice recommendations" >> analysis_prompt.txt
echo "" >> analysis_prompt.txt
echo "Provide specific, actionable feedback." >> analysis_prompt.txt
echo "" >> analysis_prompt.txt
# Add the actual code changes
if [ "$CHANGES_AVAILABLE" = "true" ]; then
echo "Here are the code changes to analyze:" >> analysis_prompt.txt
echo "" >> analysis_prompt.txt
cat code_changes.diff >> analysis_prompt.txt
else
echo "No code changes were detected in this commit." >> analysis_prompt.txt
fi
- name: Run AI Analysis
id: ai-analysis
env:
GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
run: |
echo "🤖 Starting AI analysis with official Google SDK..."
echo "📝 Prompt file size: $(wc -c < analysis_prompt.txt) bytes"
if node gemini-analyze.js; then
echo "analysis-success=true" >> $GITHUB_OUTPUT
echo "✅ AI analysis completed successfully"
else
echo "analysis-success=false" >> $GITHUB_OUTPUT
echo "❌ AI analysis failed - check logs for details"
fi
- name: Output Analysis Results
env:
PR_NUMBER: ${{ github.event.number || '' }}
IS_PR: ${{ github.event_name == 'pull_request' }}
EVENT_NAME: ${{ github.event_name }}
run: |
echo "📊 Analysis Results for $EVENT_NAME event:"
echo "============================================================"
if [ -f ai_analysis_result.txt ]; then
cat ai_analysis_result.txt
else
echo "❌ Analysis result file not found"
fi
echo "============================================================"
echo "✅ Analysis output complete"
- name: Create GitHub Annotations and Summary
if: always()
env:
ANALYSIS_SUCCESS: ${{ steps.ai-analysis.outputs.analysis-success }}
EVENT_NAME: ${{ github.event_name }}
run: |
echo "📝 Creating GitHub annotations and job summary..."
# Create job summary with analysis results
echo "## 🤖 AI Code Analysis Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Event:** $EVENT_NAME" >> $GITHUB_STEP_SUMMARY
echo "**Status:** $([ "$ANALYSIS_SUCCESS" = "true" ] && echo "✅ Success" || echo "⚠️ Warning")" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [ -f ai_analysis_result.txt ]; then
# Add analysis results to job summary
echo "### Analysis Details" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
cat ai_analysis_result.txt >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
# Create GitHub annotations for key findings
echo "🔍 Creating annotations for key findings..."
# Create notice annotation with summary
echo "::notice title=AI Analysis Complete::Analysis completed for $EVENT_NAME event. Check job summary for detailed results."
# Parse analysis results for security issues and create annotations
if grep -qi "security\|vulnerability\|exploit\|xss\|sql injection\|csrf" ai_analysis_result.txt 2>/dev/null; then
echo "::warning title=Security Review Required::AI analysis detected potential security concerns. Please review the analysis details in the job summary."
fi
# Check for coding standards issues
if grep -qi "coding standard\|psr\|wordpress standard" ai_analysis_result.txt 2>/dev/null; then
echo "::notice title=Coding Standards::AI analysis found coding standards recommendations. Check job summary for details."
fi
# Check for performance issues
if grep -qi "performance\|optimization\|slow\|inefficient" ai_analysis_result.txt 2>/dev/null; then
echo "::notice title=Performance Recommendations::AI analysis found performance optimization opportunities. Check job summary for details."
fi
# Extract specific line-by-line feedback if available
if grep -E "line [0-9]+|:[0-9]+:" ai_analysis_result.txt 2>/dev/null; then
echo "::notice title=Line-Specific Feedback::AI analysis provided line-specific recommendations. See job summary for details."
fi
# Check analysis length and create appropriate annotation
ANALYSIS_SIZE=$(wc -c < ai_analysis_result.txt)
if [ "$ANALYSIS_SIZE" -gt 1000 ]; then
echo "::notice title=Detailed Analysis Available::Comprehensive AI analysis completed ($ANALYSIS_SIZE characters). Full results available in job summary."
else
echo "::notice title=Quick Analysis Complete::AI analysis completed with brief feedback. See job summary for details."
fi
else
echo "### ❌ Analysis Failed" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "The AI analysis could not be completed. This may be due to:" >> $GITHUB_STEP_SUMMARY
echo "- API configuration issues" >> $GITHUB_STEP_SUMMARY
echo "- Network connectivity problems" >> $GITHUB_STEP_SUMMARY
echo "- Service availability" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Please conduct manual code review." >> $GITHUB_STEP_SUMMARY
echo "::error title=AI Analysis Failed::Unable to complete automated analysis. Manual review required."
fi
echo "✅ GitHub annotations and summary created successfully"