clouddrove
diff --git a/‎.github/workflows/auto_merge.yml‎
Lines changed: 7 additions & 7 deletions b/‎.github/workflows/auto_merge.yml‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎.github/workflows/gemini-code-review.yml‎
Lines changed: 74 additions & 0 deletions b/‎.github/workflows/gemini-code-review.yml‎
Lines changed: 74 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 27 additions & 26 deletions b/‎README.md‎
Lines changed: 27 additions & 26 deletions
diff --git a/‎docs/09.gemini-code-review.md‎
Lines changed: 91 additions & 0 deletions b/‎docs/09.gemini-code-review.md‎
Lines changed: 91 additions & 0 deletions
diff --git a/‎docs/09.helm.md‎ renamed to ‎docs/10.helm.md‎ b/‎docs/09.helm.md‎ renamed to ‎docs/10.helm.md‎
diff --git a/‎docs/10.infracost.md‎ renamed to ‎docs/11.infracost.md‎ b/‎docs/10.infracost.md‎ renamed to ‎docs/11.infracost.md‎
diff --git a/‎docs/11.lock.md‎ renamed to ‎docs/12.lock.md‎ b/‎docs/11.lock.md‎ renamed to ‎docs/12.lock.md‎
diff --git a/‎docs/12.powerpipe.md‎ renamed to ‎docs/13.powerpipe.md‎ b/‎docs/12.powerpipe.md‎ renamed to ‎docs/13.powerpipe.md‎
diff --git a/‎docs/13.pr-checks.md‎ renamed to ‎docs/14.pr-checks.md‎ b/‎docs/13.pr-checks.md‎ renamed to ‎docs/14.pr-checks.md‎
diff --git a/‎docs/14.prowler.md‎ renamed to ‎docs/15.prowler.md‎ b/‎docs/14.prowler.md‎ renamed to ‎docs/15.prowler.md‎
@@ -53,8 +53,8 @@ jobs:
       checks: read
       pull-requests: read
     if: |
-      github.actor == 'dependabot[bot]' && 
-      inputs.azure_cloud == true && 
+      github.actor == 'dependabot[bot]' &&
+      inputs.azure_cloud == true &&
       inputs.tfchecks_azure != '[]'
     strategy:
       matrix:
@@ -81,8 +81,8 @@ jobs:
     needs: [static-checks, static-checks-azure]
     runs-on: ubuntu-latest
     if: |
-      always() && 
-      github.actor == 'dependabot[bot]' && 
+      always() &&
+      github.actor == 'dependabot[bot]' &&
       (needs.static-checks.result == 'success' || needs.static-checks-azure.result == 'success')
     steps:
       - name: Approve PR via GitHub Bot
@@ -101,9 +101,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: autoapprove
     if: |
-      always() && 
+      always() &&
       needs.autoapprove.result == 'success' &&
-      github.event_name == 'pull_request' && 
+      github.event_name == 'pull_request' &&
       github.event.pull_request.draft == false
     steps:
       - name: Automerge
@@ -115,4 +115,4 @@ jobs:
           MERGE_DELETE_BRANCH: "true"
           MERGE_LABELS: "dependencies, github_actions"
           MERGE_REQUIRED_APPROVALS: ""
-...
+...
@@ -0,0 +1,74 @@
+---
+name: Gemini Code Review ✨
+
+on:
+  workflow_call:
+    inputs:
+      review_prompt:
+        required: true
+        type: string
+        description: "📝 Prompt text for the Gemini review"
+      gemini_model:
+        default: "gemini-2.5-pro"
+        required: false
+        type: string
+        description: "🤖 Gemini model to use (default: gemini-2.5-pro)"
+      github_token:
+        default: ${{ github.TOKEN }}
+        required: false
+        type: string
+        description: "🔒 GitHub token (default: GITHUB_TOKEN)"
+    secrets:
+      GEMINI_API_KEY:
+        required: true
+        description: "🔑 API key for authenticating requests to the Gemini model used for code review."
+
+jobs:
+  review:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: read
+    steps:
+      - name: 📥 Checkout
+        uses: actions/checkout@v4
+
+      - name: 🔍 Get PR diff
+        id: diff
+        run: |
+          BASE_BRANCH="${{ github.event.pull_request.base.ref }}"
+          PR_BRANCH="${{ github.event.pull_request.head.ref }}"
+
+          echo "🔗 Base: $BASE_BRANCH, PR: $PR_BRANCH"
+          git fetch origin $BASE_BRANCH $PR_BRANCH
+          git diff origin/$BASE_BRANCH...origin/$PR_BRANCH > pr.diff
+          echo "diff_file=pr.diff" >> $GITHUB_OUTPUT
+
+      - name: 🤖 Run Gemini Review
+        id: gemini
+        uses: google-github-actions/[email protected]
+        with:
+          gemini_api_key: ${{ secrets.GEMINI_API_KEY }}
+          gemini_model: "gemini-2.5-pro"
+          files: ${{ steps.diff.outputs.diff_file }}
+          prompt: |
+            ${{ inputs.review_prompt }}
+
+      - name: 💬 Comment Review on PR
+        if: steps.gemini.outputs.summary != ''
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const summary = ${{ toJSON(steps.gemini.outputs.summary) }};
+            const review = `### ✨ Gemini Code Review ✨\n\n${summary}`;
+
+            const issue_number = context.payload.pull_request.number;
+
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number,
+              body: review
+            });
+...
@@ -98,32 +98,33 @@ Above example is just a simple example to call workflow from github shared workf
 8. [Docker Workflow](./docs/08.docker.md)
    * [Example for scan and push docker image on Dockerhub](./docs/08.docker.md#example-for-scan-and-push-docker-image-on-dockerhub)
    * [Example for scan and push docker image on ECR](./docs/08.docker.md#example-for-scan-and-push-docker-image-on-ecr)
-9. [Helm Workflow](./docs/09.helm.md)
-   * [Example for AWS cloud provider](./docs/09.helm.md#example-for-aws-cloud-provider)
-   * [Example for Azure cloud provider](./docs/09.helm.md)
-10. [Infracost workflow](./docs/10.infracost.md)
-11. [Lock Thread workflow](./docs/11.lock.md)
-12. [Powerpipe workflow](./docs/12.powerpipe.md)
-13. [PR Checks workflow](./docs/13.pr-checks.md)
-14. [Prowler workflow](./docs/14.prowler.md)
-15. [Prowler workflow (AWS)](./docs/15.prowlerAWS.md)
-16. [Prowler workflow (GCP)](./docs/16.prowlerGCP.md)
-17. [README Generation workflow](./docs/17.readme.md)
-18. [Remote SSH Command workflow](./docs/18.RemoteSSHCommand.md)
-19. [Slack Alert](./docs/19.slack.md)
-20. [Smurf Docker + Helm Workflow](./docs/20.smurf-docker-helm.md)
-21. [Smurf Terraform Workflow](./docs/21.smurf-terraform.md)
-22. [SST Workflow](./docs/22.sst.md)
-23. [Stale PR workflow](./docs/23.stale-pr.md)
-24. [Tag Release workflow](./docs/24.tag-release.md)
-25. [Terraform Checks Workflow](./docs/25.tf-checks.md)
-    * [Example for terraform checks with azure cloud](./docs/25.tf-checks.md#example-for-terraform-checks-with-azure-cloud)
-    * [Example for terraform checks with aws cloud](./docs/25.tf-checks.md#example-for-terraform-checks-with-aws-cloud)
-    * [Example for terraform checks with digitalocean cloud](./docs/25.tf-checks.md#example-for-terraform-checks-with-digitalocean-cloud)
-26. [Terraform Lint Workflow](./docs/26.terraform-lint.md)
-27. [Terraform Workflow](./docs/27.terraform_workflow.md)
-28. [Terraform Module Tag Release Workflow (Shared)](./docs/28.tf-monorepo-tag-release.md)
-29. [Terraform PR Plan Diff workflow](./docs/29.tf-pr-checks.md)
+9. [Gemini Code Review Workflow](./docs/09.gemini-code-review.md)
+10. [Helm Workflow](./docs/10.helm.md)
+    * [Example for AWS cloud provider](./docs/10.helm.md#example-for-aws-cloud-provider)
+    * [Example for Azure cloud provider](./docs/10.helm.md)
+11. [Infracost workflow](./docs/11.infracost.md)
+12. [Lock Thread workflow](./docs/12.lock.md)
+13. [Powerpipe workflow](./docs/13.powerpipe.md)
+14. [PR Checks workflow](./docs/14.pr-checks.md)
+15. [Prowler workflow](./docs/15.prowler.md)
+16. [Prowler workflow (AWS)](./docs/16.prowlerAWS.md)
+17. [Prowler workflow (GCP)](./docs/17.prowlerGCP.md)
+18. [README Generation workflow](./docs/18.readme.md)
+19. [Remote SSH Command workflow](./docs/19.RemoteSSHCommand.md)
+20. [Slack Alert](./docs/20.slack.md)
+21. [Smurf Docker + Helm Workflow](./docs/21.smurf-docker-helm.md)
+22. [Smurf Terraform Workflow](./docs/22.smurf-terraform.md)
+23. [SST Workflow](./docs/23.sst.md)
+24. [Stale PR workflow](./docs/24.stale-pr.md)
+25. [Tag Release workflow](./docs/25.tag-release.md)
+26. [Terraform Checks Workflow](./docs/26.tf-checks.md)
+    * [Example for terraform checks with azure cloud](./docs/26.tf-checks.md#example-for-terraform-checks-with-azure-cloud)
+    * [Example for terraform checks with aws cloud](./docs/26.tf-checks.md#example-for-terraform-checks-with-aws-cloud)
+    * [Example for terraform checks with digitalocean cloud](./docs/26.tf-checks.md#example-for-terraform-checks-with-digitalocean-cloud)
+27. [Terraform Lint Workflow](./docs/27.terraform-lint.md)
+28. [Terraform Workflow](./docs/28.terraform_workflow.md)
+29. [Terraform Module Tag Release Workflow (Shared)](./docs/29.tf-monorepo-tag-release.md)
+30. [Terraform PR Plan Diff workflow](./docs/30.tf-pr-checks.md)
 
 ## Feedback 
 If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/github-shared-workflows/issues), or feel free to drop us an email at [[email protected]](mailto:[email protected]).
 
@@ -0,0 +1,91 @@
+# 📖 Gemini Code Review Workflow Guide
+
+## 🎯 Objective
+Automate AI-powered code reviews for every Pull Request using Google’s Gemini model.  
+This ensures consistent, high-quality review feedback on style, correctness, performance, and best practices.
+
+---
+
+## ✨ Features
+- 🚀 **Auto Review** — Runs automatically on PR open, update, or reopen.  
+- 🤖 **AI Suggestions** — Uses Google Gemini (`gemini-2.5-pro`) for detailed review.  
+- 📂 **Diff Based** — Reviews only the code changes in the PR.  
+- 🔄 **Reusable Workflow** — Centralized workflow callable from multiple repos.  
+- 🔑 **Configurable** — Supports overriding model or GitHub token if needed.  
+
+---
+
+## ❓ Why use this?
+- ✅ Catch issues early without waiting for human reviewers.  
+- ✅ Standardize review quality across repos.  
+- ✅ Reduce review time for repetitive issues (formatting, common bugs, performance hints).  
+- ✅ Easy to integrate and maintain via a reusable workflow.  
+
+---
+
+## 🔑 Setup: Google API Key
+The Gemini CLI requires a Google API key.
+
+1. Visit **[Google AI Studio](https://aistudio.google.com/)**  
+2. Click **Create API Key**  
+3. Copy the key and add it to your repo’s GitHub secrets:  
+   - Navigate to **Settings → Secrets and variables → Actions**  
+   - Add a new secret:  
+     - **Name:** `GEMINI_API_KEY`  
+     - **Value:** *(your API key from Google AI Studio)*  
+
+---
+
+## ✍️ Customizing the Review Prompt
+
+The **review prompt** controls *how Gemini reviews your code*.  
+By default, a general-purpose prompt is used, but you can override it in the caller workflow.
+
+### 🔹 Example
+```yaml
+with:
+  review_prompt: |
+    🧑‍💻 You are an AI code reviewer. Review the provided **git diff** in pr.diff.
+    Focus on:
+      - 📂 Mentioning the file name and line number
+      - ⚠️ Describing the issue clearly
+      - ❓ Explaining why it is problematic
+      - 🛠 Suggesting a fix
+    If multiple issues exist, list them separately.
+```
+---
+
+## ▶️ Example Caller File
+
+```yaml
+---
+name: PR Gemini Review 🚀
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  call-gemini-review:
+    name: 🤖 Run Gemini Code Review
+    uses: clouddrove/github-shared-workflows/.github/workflows/gemini-code-review.yml@master
+    with:
+      gemini_model: "gemini-2.5-pro"   # ✨ optional, default already set
+      github_token: ${{ github.TOKEN }}   # 🔑 optional override
+      review_prompt: |
+        🧑‍💻 You are an AI code reviewer. Review the provided **git diff** in pr.diff.
+        For each issue you find:
+          - 📂 Mention the file name and line number
+          - ⚠️ Describe the issue
+          - ❓ Explain why it is problematic
+          - 🛠 Suggest a fix
+        If multiple issues exist, list them separately.
+    secrets:
+      GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+```
+
+## 📌 Notes
+
+- Default GitHub token (github.TOKEN) is used unless overridden.
+- You can change the model via with.gemini_model.
+- Works best on small to medium PRs — large diffs may exceed token limits.