Adding Support for Vertex Auth

Author: HassanJasim

.github/workflows/gemini-pr-review.yml

@@ -28,24 +28,17 @@ jobs:
       pull-requests: write
       issues: write
     steps:
-      - name: Generate GitHub App Token
-        id: generate_token
-        uses: actions/create-github-app-token@v1
-        with:
-          app-id: ${{ secrets.APP_ID }}
-          private-key: ${{ secrets.PRIVATE_KEY }}
-
       - name: Checkout PR code
         uses: actions/checkout@v4
         with:
-          token: ${{ steps.generate_token.outputs.token }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
 
       - name: Get PR details
         id: get_pr
         env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
             PR_NUMBER=${{ github.event.inputs.pr_number }}
@@ -78,7 +71,7 @@ jobs:
       - name: Run Gemini PR Review
         uses: ./
         env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ steps.get_pr.outputs.pr_number }}
           PR_DATA: ${{ steps.get_pr.outputs.pr_data }}
           CHANGED_FILES: ${{ steps.get_pr.outputs.changed_files }}
@@ -87,6 +80,8 @@ jobs:
         with:
           version: 0.1.8-rc.0
           GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+          GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT }}
+          GOOGLE_CLOUD_LOCATION: ${{ secrets.GOOGLE_CLOUD_LOCATION }}
           OTLP_GCP_WIF_PROVIDER: ${{ secrets.OTLP_GCP_WIF_PROVIDER }}
           OTLP_GOOGLE_CLOUD_PROJECT: ${{ secrets.OTLP_GOOGLE_CLOUD_PROJECT }}
           settings_json: |

action.yml

@@ -10,6 +10,12 @@ inputs:
   GEMINI_API_KEY:
     description: 'Your Gemini API key.'
     required: true
+  GOOGLE_CLOUD_PROJECT:
+    description: 'The Google Cloud project.'
+    required: false
+  GOOGLE_CLOUD_LOCATION:
+    description: 'The Google Cloud project.'
+    required: false
   OTLP_GCP_WIF_PROVIDER:
     description: 'The workload identity provider for GCP authentication.'
     required: false
@@ -81,6 +87,9 @@ runs:
       shell: bash
       env:
         GEMINI_API_KEY: ${{ inputs.GEMINI_API_KEY }}
+        GOOGLE_GENAI_USE_VERTEXAI: true
+        GOOGLE_CLOUD_PROJECT: ${{ inputs.GOOGLE_CLOUD_PROJECT }}
+        GOOGLE_CLOUD_LOCATION: ${{ inputs.GOOGLE_CLOUD_LOCATION }}
         PROMPT: ${{ inputs.prompt }}
 
 branding:

scripts/setup_workload_identity.sh

@@ -250,6 +250,12 @@ gcloud projects add-iam-policy-binding "${GCP_PROJECT_ID}" \
     --member="${PRINCIPAL_SET}" \
     --condition=None
 
+print_info "Granting vertex permissions..."
+gcloud projects add-iam-policy-binding "${GCP_PROJECT_ID}" \
+    --role="roles/aiplatform.admin" \
+    --member="${PRINCIPAL_SET}" \
+    --condition=None
+
 print_success "Standard permissions granted to Workload Identity Pool"
 
 # Get the full provider name for output
@@ -284,5 +290,11 @@ echo ""
 echo "☁️  Secret Name: OTLP_GOOGLE_CLOUD_PROJECT"
 echo "   Secret Value: ${GCP_PROJECT_ID}"
 echo ""
+echo "☁️ Secret Name: GOOGLE_CLOUD_LOCATION"
+echo "   Secret Value: global"
+echo ""
+echo "☁️  Secret Name: GOOGLE_CLOUD_PROJECT"
+echo "   Secret Value: ${GCP_PROJECT_ID}"
+echo ""
 
 print_success "Setup completed successfully! 🚀"