Skip to content

ci(iam): migrate to new CI #4007

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
glasnt wants to merge 2 commits into from
Closed

ci(iam): migrate to new CI #4007

glasnt wants to merge 2 commits into from

Conversation

@glasnt
Copy link
Contributor

@glasnt glasnt commented Mar 4, 2025

Description

Fixes #

Note: Before submitting a pull request, please open an issue for discussion if you are not associated with Google.

Checklist

  • I have followed guidelines from CONTRIBUTING.MD and Samples Style Guide
  • Tests pass: npm test (see Testing)
  • Lint pass: npm run lint (see Style)
  • These samples need a new API enabled in testing projects to pass (let us know which ones)
  • These samples need a new/updated env vars in testing projects set to pass (let us know which ones)
  • This pull request is from a branch created directly off of GoogleCloudPlatform/nodejs-docs-samples. Not a fork.
  • This sample adds a new sample directory, and I updated the CODEOWNERS file with the codeowners for this sample
  • This sample adds a new sample directory, and I created GitHub Actions workflow for this sample
  • This sample adds a new Product API, and I updated the Blunderbuss issue/PR auto-assigner with the codeowners for this sample
  • Please merge this PR for me once it is approved

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 4, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @glasnt, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

This pull request migrates the IAM deny samples to a new CI configuration. The changes involve updating the CI configuration files to include the iam/deny sample in the development environment and exclude it from the production environment. Additionally, the test file for the IAM deny sample is modified to retrieve the project ID from the environment variables instead of using the IAM client.

Highlights

  • CI Configuration Update: The pull request updates the .github/config/nodejs-dev.jsonc file to include the iam/deny sample in the development environment.
  • CI Configuration Adjustment: The pull request modifies the .github/config/nodejs-prod.jsonc file to exclude the iam/deny sample from the production environment due to a permission error.
  • Test File Modification: The pull request updates the iam/deny/test/deny.test.js file to retrieve the project ID from the environment variables instead of using the IAM client.

Changelog

  • .github/config/nodejs-dev.jsonc
    • Added iam/deny to the list of samples to be tested in the development environment.
  • .github/config/nodejs-prod.jsonc
    • Removed iam/deny from the list of samples to be tested in the production environment due to a permission error.
  • iam/deny/test/deny.test.js
    • Modified the test file to retrieve the project ID from the environment variables instead of using the IAM client.
    • Removed the before hook that was used to get the project ID using the IAM client (lines 31-33).
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in issue comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Did you know?

The concept of 'denying' permissions is a critical aspect of security, ensuring that even if a user has some access, specific actions can be explicitly prohibited to maintain a secure environment.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@product-auto-label product-auto-label bot added api: iam Issues related to the Identity and Access Management API. samples Issues that are directly related to samples. labels Mar 4, 2025
gemini-code-assist[bot]
gemini-code-assist bot suggested changes Mar 4, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

The pull request migrates the IAM deny samples to a new CI. The changes involve updating the CI configuration files and modifying the test file to use environment variables for the project ID. Overall, the changes seem reasonable, but there are a few points that need attention.

Summary of Findings

  • Hardcoded Project ID in Policy Name: The policyName variable in iam/deny/test/deny.test.js still contains a hardcoded project ID. This should be replaced with an environment variable or a dynamic value to ensure the tests work correctly in different environments.
  • Missing Error Handling: The code relies on environment variables for the project ID, but there is no error handling if the environment variable is not set. This could lead to unexpected behavior and test failures.

Merge Readiness

The pull request is almost ready for merging, but there are a couple of issues that need to be addressed. The hardcoded project ID in the policy name and the missing error handling for the project ID environment variable should be fixed before merging. I am unable to directly approve the pull request, and other reviewers should review and approve this code before merging.

iam/deny/test/deny.test.js
let projectId;
const {projectId} = process.env;
const policyId = `gcloud-test-policy-${uuid.v4().split('-')[0]}`;
const policyName = `policies/cloudresourcemanager.googleapis.com%2Fprojects%2F949737848314/denypolicies/${policyId}`;
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Mar 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The policyName still contains a hardcoded project ID (949737848314). This needs to be updated to use the projectId variable to ensure the tests work correctly for different projects. Consider using template literals to construct the policy name with the project ID.

Style Guide References

Suggested change
const policyName = `policies/cloudresourcemanager.googleapis.com%2Fprojects%2F949737848314/denypolicies/${policyId}`;
const policyName = `policies/cloudresourcemanager.googleapis.com%2Fprojects%2F${projectId}/denypolicies/${policyId}`;

iam/deny/test/deny.test.js Outdated

describe('IAM deny samples', () => {
let projectId;
const {projectId} = process.env;
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Mar 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Consider adding a check to ensure that process.env.projectId is defined before using it. If it's not defined, the tests will fail in a confusing way. You can throw an error or use a default project ID for testing purposes. If you throw an error, make sure to fail fast, and provide a helpful message to the user.

Style Guide References

Suggested change
const {projectId} = process.env;
const {projectId = 'YOUR_DEFAULT_PROJECT_ID'} = process.env; // Provide a default value or throw an error if not set

@glasnt
Copy link
Contributor Author

glasnt commented Mar 4, 2025

Test relies on additional project I do not have permission to view, neither does the testing infra.

@glasnt glasnt closed this Mar 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

api: iam Issues related to the Identity and Access Management API. samples Issues that are directly related to samples.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@glasnt