fix: fix Gemini runner — Vertex auth, system prompt, custom commands, feedback MCP #1105
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Amber Automatic Code Review | |
| # | |
| # Uses memory system to apply repository-specific standards | |
| # Comments appear from github-actions[bot] | |
| # | |
| # Required GitHub Secret: | |
| # - CLAUDE_CODE_OAUTH_TOKEN: OAuth token for Claude Code | |
| name: Amber Automatic Code Review | |
| on: | |
| pull_request: | |
| types: [opened, synchronize] | |
| jobs: | |
| amber-review: | |
| if: github.event.pull_request.head.repo.full_name == github.repository | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| id-token: write | |
| actions: read | |
| steps: | |
| - name: Checkout base ref (for command file security) | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.base.ref }} | |
| fetch-depth: 1 | |
| path: base-ref | |
| - name: Checkout PR code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Determine command file path (security) | |
| id: command-path | |
| run: | | |
| # Deterministic security logic - no AI reasoning involved | |
| if [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]; then | |
| echo "Fork PR detected - using base ref for security" | |
| echo "path=base-ref/.claude/commands/amber.review.md" >> $GITHUB_OUTPUT | |
| else | |
| echo "Same repo PR - allowing PR changes for testing" | |
| echo "path=.claude/commands/amber.review.md" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Minimize old Claude review comments | |
| continue-on-error: true | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| REPO="${{ github.repository }}" | |
| PR_NUMBER="${{ github.event.pull_request.number }}" | |
| echo "Finding previous Claude Code Review comments to minimize..." | |
| # Get all comment IDs from github-actions[bot] with "Claude Code Review" at the start | |
| # Using startswith() to avoid matching code blocks or inline mentions | |
| COMMENT_IDS=$(gh api "repos/$REPO/issues/$PR_NUMBER/comments" \ | |
| --jq '.[] | select(.user.login == "github-actions[bot]" and (.body | startswith("# Claude Code Review"))) | .node_id') | |
| if [ -z "$COMMENT_IDS" ]; then | |
| echo "No old Claude Code Review comments found" | |
| exit 0 | |
| fi | |
| # Minimize each comment with error handling | |
| # Use here-string to avoid subshell variable scoping issues with pipe | |
| COUNT=0 | |
| ERRORS=0 | |
| while read -r id; do | |
| if [ -n "$id" ]; then | |
| if gh api graphql -f query='mutation($id: ID!) { minimizeComment(input: {subjectId: $id, classifier: OUTDATED}) { minimizedComment { isMinimized } } }' -f id="$id" 2>&1; then | |
| echo "✓ Minimized $id" | |
| COUNT=$((COUNT + 1)) | |
| else | |
| echo "✗ Failed to minimize $id" >&2 | |
| ERRORS=$((ERRORS + 1)) | |
| fi | |
| fi | |
| done <<< "$COMMENT_IDS" | |
| echo "Minimized $COUNT comment(s), $ERRORS error(s)" | |
| - name: Run Amber Code Review (with memory system) | |
| id: amber-review | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| allowed_non_write_users: '*' | |
| claude_args: | | |
| --allowedTools "Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh issue list:*)" | |
| prompt: | | |
| Read ${{ steps.command-path.outputs.path }} and follow its instructions exactly. | |
| Arguments: REPO: ${{ github.repository }} PR NUMBER: ${{ github.event.pull_request.number }} | |
| After completing the review, use gh pr comment to post your findings. | |
| - name: Add workflow link with memory system visibility | |
| if: steps.amber-review.conclusion == 'success' | |
| uses: actions/github-script@v8 | |
| env: | |
| RUN_ID: ${{ github.run_id }} | |
| GITHUB_SERVER_URL: ${{ github.server_url }} | |
| GITHUB_REPOSITORY: ${{ github.repository }} | |
| with: | |
| script: | | |
| const prNumber = context.payload.pull_request.number; | |
| const runId = process.env.RUN_ID; | |
| const serverUrl = process.env.GITHUB_SERVER_URL; | |
| const repository = process.env.GITHUB_REPOSITORY; | |
| // Find review comment | |
| const comments = await github.rest.issues.listComments({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber | |
| }); | |
| const reviewComment = comments.data | |
| .filter(c => c.user.login === 'github-actions[bot]' && c.body.startsWith('# Claude Code Review')) | |
| .sort((a, b) => new Date(b.created_at) - new Date(a.created_at))[0]; | |
| if (!reviewComment) { | |
| console.log('No review comment found'); | |
| return; | |
| } | |
| if (reviewComment.body.includes('View AI decision process')) { | |
| console.log('Transparency link already added'); | |
| return; | |
| } | |
| const transparencySection = '\n\n---\n🔍 [View AI decision process](' + serverUrl + '/' + repository + '/actions/runs/' + runId + ') (logs available for 90 days)\n\n' + | |
| '<details>\n' + | |
| '<summary>📋 View memory system files loaded (click to expand)</summary>\n\n' + | |
| '### What Amber Loaded for Code Review\n\n' + | |
| 'Amber automatically loaded these repository standards from the memory system:\n\n' + | |
| '1. **CLAUDE.md** - Master project instructions, development standards\n' + | |
| '2. **backend-development.md** - Go backend, K8s integration patterns\n' + | |
| '3. **frontend-development.md** - NextJS, Shadcn UI, React Query patterns\n' + | |
| '4. **security-standards.md** - Auth, RBAC, token handling\n' + | |
| '5. **k8s-client-usage.md** - User token vs service account patterns\n' + | |
| '6. **error-handling.md** - Consistent error patterns\n' + | |
| '7. **react-query-usage.md** - Data fetching patterns\n\n' + | |
| '**Impact**: This review used your repository\'s specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.\n\n' + | |
| '</details>'; | |
| const updatedBody = reviewComment.body + transparencySection; | |
| await github.rest.issues.updateComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: reviewComment.id, | |
| body: updatedBody | |
| }); | |
| console.log('Added transparency link to review comment'); |