Bump the prod-dependencies group with 3 updates #677
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Gemini AI Code Review | |
| # pull_request_target is needed to access the Gemini key and modify (set/remove labels, comment on) | |
| # the pull request. | |
| on: # zizmor: ignore[dangerous-triggers] | |
| pull_request_target: | |
| types: [opened, synchronize, reopened, labeled] | |
| # TODO: Assign permissions in individual jobs rather than at the | |
| # workflow level to avoid blindly handing out `pull-requests: write` | |
| # at the workflow level to all jobs (particularly if new jobs are | |
| # added in this workflow in the future). | |
| permissions: | |
| contents: read | |
| pull-requests: write # zizmor: ignore[excessive-permissions] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| handle-label: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| should_run_review: ${{ steps.prep.outputs.should_run_review }} | |
| # For future use | |
| additional_context: "" | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Handle review label | |
| id: prep | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| LABEL_JSON: ${{ toJSON(github.event.pull_request.labels.*.name) }} | |
| EVENT_ACTION: ${{ github.event.action }} | |
| run: | | |
| HAS_LABEL=$(jq -n 'env.LABEL_JSON | fromjson | any(. == "gemini-review")') | |
| if [[ "${HAS_LABEL}" == "true" && "${EVENT_ACTION}" != "labeled" ]]; then | |
| echo "gemini-review label found on a '${EVENT_ACTION}' event. Removing label and skipping review." | |
| gh pr edit "${PR_NUMBER}" --remove-label "gemini-review" | |
| echo "should_run_review=false" >> "${GITHUB_OUTPUT}" | |
| elif [[ "${HAS_LABEL}" == "true" ]]; then | |
| echo "gemini-review label found. Proceeding with review." | |
| echo "should_run_review=true" >> "${GITHUB_OUTPUT}" | |
| else | |
| echo "gemini-review label not found. Skipping review." | |
| echo "should_run_review=false" >> "${GITHUB_OUTPUT}" | |
| fi | |
| gemini-code-review: | |
| needs: [handle-label] | |
| if: needs.handle-label.outputs.should_run_review == 'true' | |
| uses: './.github/workflows/gemini-review.yml' | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| issues: 'write' | |
| pull-requests: 'write' | |
| with: | |
| additional_context: '${{ needs.handle-label.outputs.additional_context }}' | |
| secrets: | |
| GEMINI_API_KEY: '${{ secrets.GEMINI_API_KEY }}' | |