Skip to content

[Infra] Restore Danger #15638

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
paulb777 wants to merge 9 commits into
base: main
Choose a base branch
from
Open

[Infra] Restore Danger #15638

paulb777 wants to merge 9 commits into from
+37 −44

Conversation

@paulb777
Copy link
Member

@paulb777 paulb777 commented Dec 23, 2025
edited
Loading

  • Update to latest Danger
  • Use short-lived default GITHUB_TOKEN
  • Trigger on pull_request_target instead of pull_request for access to token

According to Gemini, this won't actually be able to update labels until it is merged to main.
The potential vulnerability should be addressed since actions are locked down in the repo configuration.

#no-changelog

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Dec 23, 2025

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

@github-actions github-actions bot deleted a comment from google-oss-bot Dec 23, 2025
@paulb777 paulb777 changed the title [Infra] Update danger tool version [Infra] Restore Danger Dec 23, 2025
@firebase firebase deleted a comment from github-actions bot Dec 23, 2025
@paulb777
Copy link
Member Author

paulb777 commented Dec 23, 2025

/gemini summarize

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Dec 23, 2025

Summary of Changes

This pull request focuses on re-enabling and modernizing the Danger CI/CD tool within the project's infrastructure. It involves upgrading the Danger gem to its latest version and adjusting the GitHub Actions workflow to use a more secure, short-lived GITHUB_TOKEN and trigger on pull_request_target for enhanced token access, which is crucial for Danger's operations like updating labels.

Highlights

  • Danger Update: The danger gem has been updated from version 8.4.5 to 9.5.3.
  • Token Usage: The configuration now utilizes a short-lived default GITHUB_TOKEN for improved security.
  • Trigger Event: Danger is now triggered on pull_request_target instead of pull_request to ensure proper access to the GitHub token, which is necessary for operations like updating labels.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog
  • Gemfile
    • Updated the danger gem from 8.4.5 to 9.5.3.
  • Gemfile.lock
    • Updated the danger gem's locked version and its transitive dependencies.
    • Significant updates to faraday (from 1.10.3 to 2.8.1), kramdown (from 2.4.0 to 2.5.1), octokit (from 4.25.1 to 10.0.0), and terminal-table (from 3.0.2 to 4.0.0).
    • Removed no_proxy_fix and multipart-post dependencies.
    • Added new dependencies such as base64, pstore, and unicode-emoji.
Ignored Files
  • Ignored by pattern: .github/workflows/** (1)
    • .github/workflows/danger.yml
Activity
  • A bot comment from gemini-code-assist[bot] was posted, providing information about using Gemini Code Assist.
  • paulb777 requested a summary of the pull request using the /gemini summarize command.

@paulb777
Copy link
Member Author

paulb777 commented Dec 23, 2025

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 23, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the danger gem from version 8.4.5 to 9.5.3, which also updates the Gemfile.lock file with the corresponding dependency changes. The purpose of this change, as described, is to restore Danger's functionality, particularly for managing pull request labels, by leveraging the pull_request_target trigger which provides access to a token with greater permissions. The changes in the Gemfile and Gemfile.lock are consistent with a standard dependency update and appear correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@morganchen12 morganchen12 Awaiting requested review from morganchen12

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

api: remoteconfig

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@paulb777