-
-
Notifications
You must be signed in to change notification settings - Fork 1
217 lines (179 loc) · 9.07 KB
/
gemini-assistant.yml
File metadata and controls
217 lines (179 loc) · 9.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
# On-Demand AI Assistant for Issues and PRs (Secure)
# Triggered by @gemini-cli mentions in comments
name: Gemini AI Assistant (Secure)
on:
issue_comment:
types: [created]
permissions:
contents: read
issues: write
pull-requests: write
jobs:
ai-assistant:
name: AI Assistant Response
runs-on: ubuntu-latest
if: |
github.event.issue.state == 'open' &&
contains(github.event.comment.body, '@gemini-cli')
steps:
- name: Checkout code (Safe - base branch only)
uses: actions/checkout@v5
with:
fetch-depth: 0
# SECURITY: Never checkout PR head for comment-triggered workflows
- name: Extract AI Command (Secure)
id: extract-command
env:
# SECURITY: Use environment variable to prevent code injection
COMMENT_BODY: ${{ github.event.comment.body }}
run: |
# SECURITY: Use environment variable instead of direct interpolation
# Extract everything after @gemini-cli safely
COMMAND=$(echo "$COMMENT_BODY" | sed -n 's/.*@gemini-cli \(.*\)/\1/p' | head -1)
# Sanitize the command to prevent injection
# Remove potentially dangerous characters
CLEAN_COMMAND=$(echo "$COMMAND" | tr -cd '[:alnum:][:space:]._-' | head -c 200)
echo "command=$CLEAN_COMMAND" >> $GITHUB_OUTPUT
echo "Extracted command: $CLEAN_COMMAND"
- name: Get PR context safely (if applicable)
id: pr-context
if: github.event.issue.pull_request
env:
# SECURITY: Use environment variable for safe access
PR_NUMBER: ${{ github.event.issue.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# SECURITY: Use GitHub API to get PR info without checkout
# Validate PR number is numeric only
if [[ ! "$PR_NUMBER" =~ ^[0-9]+$ ]]; then
echo "Invalid PR number format"
exit 1
fi
# Get PR information safely via API
curl -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER" \
> pr_info.json
# Extract safe metadata
BASE_SHA=$(jq -r '.base.sha' pr_info.json)
HEAD_SHA=$(jq -r '.head.sha' pr_info.json)
# Validate SHA format (40 character hex)
if [[ ! "$BASE_SHA" =~ ^[a-f0-9]{40}$ ]] || [[ ! "$HEAD_SHA" =~ ^[a-f0-9]{40}$ ]]; then
echo "Invalid SHA format"
exit 1
fi
# Get diff via API (no checkout needed)
curl -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3.diff" \
"https://api.github.com/repos/${{ github.repository }}/compare/$BASE_SHA..$HEAD_SHA" \
> pr_diff.txt
echo "pr-available=true" >> $GITHUB_OUTPUT
- name: Run Gemini AI Assistant
env:
# SECURITY: Use environment variables for safe handling
GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
USER_COMMAND: ${{ steps.extract-command.outputs.command }}
ISSUE_TITLE: ${{ github.event.issue.title }}
ISSUE_NUMBER: ${{ github.event.issue.number }}
ISSUE_AUTHOR: ${{ github.event.issue.user.login }}
IS_PR: ${{ github.event.issue.pull_request && 'Pull Request' || 'Issue' }}
run: |
npx @google/gemini-cli@latest --prompt "
You are an expert WordPress plugin development assistant for the \"Simple WP Optimizer\" plugin.
CONTEXT:
- Repository: WordPress performance optimization plugin
- Removes unnecessary WordPress features and scripts to improve performance
- WordPress 6.5+, PHP 7.4+
- Features include emoji removal, jQuery migrate removal, header cleanup, DNS prefetch optimization
USER REQUEST: \"$USER_COMMAND\"
ISSUE/PR CONTEXT:
- Type: $IS_PR
- Title: \"$ISSUE_TITLE\"
- Number: #$ISSUE_NUMBER
- Author: @$ISSUE_AUTHOR
RESPONSE GUIDELINES:
📋 For Code Analysis Requests:
- Review code for WordPress standards compliance
- Check for security vulnerabilities
- Suggest performance improvements
- Provide specific, actionable recommendations
🔧 For Implementation Help:
- Provide WordPress-specific solutions
- Include proper error handling
- Follow plugin coding standards
- Reference WordPress Codex when helpful
🐛 For Bug Investigation:
- Analyze potential root causes
- Suggest debugging approaches
- Recommend testing strategies
- Consider WordPress environment factors
✨ For Feature Requests:
- Evaluate WordPress compatibility
- Consider performance implications
- Suggest implementation approaches
- Identify potential conflicts
📚 For Documentation:
- Provide clear, actionable information
- Include relevant code examples
- Reference WordPress documentation
- Consider user experience impact
SECURITY NOTICE: This analysis is performed safely without accessing untrusted code.
Always be helpful, specific, and focus on WordPress best practices.
If you need more information to provide a complete answer, ask clarifying questions.
" > assistant-response.txt
- name: Post AI Assistant Response
uses: actions/github-script@v8
env:
# SECURITY: Use environment variables for safe handling
COMMENT_USER: ${{ github.event.comment.user.login }}
USER_COMMAND: ${{ steps.extract-command.outputs.command }}
ISSUE_NUMBER: ${{ github.event.issue.number }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs');
const commentUser = process.env.COMMENT_USER;
const userCommand = process.env.USER_COMMAND;
const issueNumber = process.env.ISSUE_NUMBER;
// SECURITY: Validate inputs
if (!commentUser || !userCommand) {
throw new Error('Missing required environment variables');
}
let assistantResponse = 'No response generated.';
try {
if (fs.existsSync('assistant-response.txt')) {
assistantResponse = fs.readFileSync('assistant-response.txt', 'utf8');
}
} catch (error) {
console.log('Error reading assistant response file:', error);
assistantResponse = 'Error reading AI assistant response.';
}
const aiResponse = `
## 🤖 AI WordPress Assistant Response
Hi @${commentUser}! I've analyzed your request: **"${userCommand}"**
### 📝 Expert Analysis & Recommendations
${assistantResponse}
---
### 🔗 Helpful Resources
- [WordPress Plugin Developer Handbook](https://developer.wordpress.org/plugins/)
- [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/)
- [Plugin Security Guidelines](https://developer.wordpress.org/plugins/security/)
- [WordPress Performance Optimization](https://developer.wordpress.org/apis/handbook/performance/)
[WooCommerce Developer Documentation](https://woocommerce.com/document/create-a-plugin/)
### 💡 Available Commands
Try these commands with @gemini-cli:
- \`@gemini-cli review this code\` - Code review and analysis
- \`@gemini-cli suggest improvements\` - Performance and structure suggestions
- \`@gemini-cli check security\` - Security vulnerability analysis
- \`@gemini-cli explain this function\` - Code explanation and documentation
- \`@gemini-cli write tests for X\` - Test implementation guidance
- \`@gemini-cli debug this issue\` - Bug investigation and resolution
> 🔄 **Note:** This is an AI-generated response for Simple WP Optimizer. Please review suggestions carefully and test thoroughly.
**Analysis Date:** ${new Date().toISOString()}
`;
await github.rest.issues.createComment({
issue_number: issueNumber,
owner: context.repo.owner,
repo: context.repo.repo,
body: aiResponse
});