Create google.yml

[Dargon789]

• Because this PR includes a bug fix, relevant tests have been included.
• Because this PR includes a new feature, the change was previously discussed on an Issue or with someone from the team.
• I didn't do anything of this.

---

Summary by Sourcery

CI:

• Introduce a Google Cloud deployment workflow that authenticates via Workload Identity Federation, builds and pushes Docker images to Artifact Registry, and deploys to a GKE cluster using kustomize and kubectl.

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
hardhat-project-uz7z	Ready	Preview	Comment	Nov 27, 2025 9:38am
next-lrrp	Ready	Preview	Comment	Nov 27, 2025 9:38am

[sourcery-ai]

Reviewer's Guide

Adds a new CI workflow configuration to build a Docker image, push it to Google Artifact Registry, and deploy it to a GKE cluster on pushes to the main branch using GitHub Actions-style steps defined under .circleci/google.yml.

Flow diagram for build and deploy to GKE job

flowchart TD
  A[Push to main branch] --> B[Setup job environment]
  B --> C[Checkout repository]
  C --> D[Authenticate to Google Cloud via Workload Identity Provider]
  D --> E[Docker login to Artifact Registry]
  E --> F[Get GKE credentials]
  F --> G[Build Docker image with GITHUB_SHA tag]
  G --> H[Push Docker image to Artifact Registry]
  H --> I[Download and configure kustomize]
  I --> J[Update image reference in kustomize configuration]
  J --> K[Apply manifests to GKE with kubectl]
  K --> L[Wait for deployment rollout status]
  L --> M[Get Kubernetes services wide listing]

Loading

File-Level Changes

Change	Details	Files
Introduce a build-and-deploy pipeline that authenticates to Google Cloud, builds and pushes a Docker image to Artifact Registry, and deploys it to GKE using kustomize and kubectl.	Define workflow triggers to run on pushes to the main branch and set environment variables for GCP project, cluster, registry, and image metadata. Configure authentication to Google Cloud via workload identity federation and use the resulting token to log in Docker to Artifact Registry. Retrieve GKE cluster credentials to enable kubectl access from the CI job. Build a Docker image tagged with the current commit SHA and push it to Artifact Registry. Download and make a kustomize binary executable, then use it to update the image reference, build manifests, and apply them to the GKE cluster followed by rollout status and service inspection.	.circleci/google.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gemini-code-assist]

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new GitHub Actions workflow designed to streamline the continuous integration and continuous deployment process for applications targeting Google Kubernetes Engine. By automating the build, containerization, and deployment steps, it enhances the project's ability to deliver updates efficiently and securely to Google Cloud Platform, utilizing best practices for authentication and resource management.

Highlights

• New GitHub Actions Workflow: A new workflow file, google.yml, has been added to the .circleci directory, introducing a GitHub Actions-based CI/CD pipeline.
• Automated Build and Deploy to GKE: This workflow automates the process of building a Docker container, publishing it to Google Artifact Registry (GAR), and deploying it to Google Kubernetes Engine (GKE).
• Trigger on Push to Main: The CI/CD pipeline is configured to automatically trigger on every push to the 'main' branch, ensuring continuous deployment.
• Google Cloud Integration: The workflow leverages Google Cloud's Workload Identity Federation for secure authentication, Docker login for GAR, and get-gke-credentials for GKE access, along with Kustomize for Kubernetes manifest management.
• Configurable Environment Variables: The workflow includes several environment variables with TODO comments, allowing users to easily configure their Google Cloud project ID, GAR location, GKE cluster details, and Workload Identity Provider.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey there - I've reviewed your changes and found some issues that need to be addressed.

• This file is a GitHub Actions workflow but is placed under .circleci/google.yml; consider moving it to .github/workflows/google.yml or updating it to valid CircleCI config syntax so that the intended CI system can actually run it.
• The on.push.branches value is set to - '"main"', which will not match the main branch name as intended; drop the extra quotes so it reads - main (or - "main").
• The kustomize setup step downloads a .tar.gz but doesn't extract it, and the later kustomize edit set image uses literal placeholders (LOCATION, PROJECT_ID, etc.) rather than env vars; update this to correctly unpack the binary and interpolate the env variables into the image name.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- This file is a GitHub Actions workflow but is placed under `.circleci/google.yml`; consider moving it to `.github/workflows/google.yml` or updating it to valid CircleCI config syntax so that the intended CI system can actually run it.
- The `on.push.branches` value is set to `- '"main"'`, which will not match the `main` branch name as intended; drop the extra quotes so it reads `- main` (or `- "main"`).
- The kustomize setup step downloads a `.tar.gz` but doesn't extract it, and the later `kustomize edit set image` uses literal placeholders (`LOCATION`, `PROJECT_ID`, etc.) rather than env vars; update this to correctly unpack the binary and interpolate the env variables into the image name.

## Individual Comments

### Comment 1
<location> `.circleci/google.yml:34` </location>
<code_context>
+#
+# 5. Change the values in the "env" block to match your values.
+
+name: "Build and Deploy to GKE"
+on:
+  push:
</code_context>

<issue_to_address>
**issue (bug_risk):** This file is placed under `.circleci/` but uses GitHub Actions syntax, so it will not be executed by CircleCI nor by GitHub Actions.

This is a GitHub Actions workflow (`name`, `on`, `jobs`, `uses: actions/...`) but it’s stored in `.circleci/google.yml`. GitHub Actions only runs workflows from `.github/workflows/`, and CircleCI uses a different config format, so this file will never execute as-is. Please move it to `.github/workflows/google.yml` (or the correct CI location) so it actually runs.
</issue_to_address>

### Comment 2
<location> `.circleci/google.yml:37-38` </location>
<code_context>
+name: "Build and Deploy to GKE"
+on:
+  push:
+    branches:
+      - '"main"'
+
+env:
</code_context>

<issue_to_address>
**issue (bug_risk):** The branch name is over-quoted and will not match the `main` branch in GitHub Actions.

`- '"main"'` will only trigger on a branch literally named `"main"` (including the quotes). Use `- main` or `- "main"` so the workflow runs on the actual `main` branch.
</issue_to_address>

### Comment 3
<location> `.circleci/google.yml:103-105` </location>
<code_context>
+          docker push "${DOCKER_TAG}"
+
+      # Set up kustomize
+      - name: "Set up Kustomize"
+        run: |-
+          curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.4.3/kustomize_v5.4.3_linux_amd64.tar.gz
+          chmod u+x ./kustomize
+
</code_context>

<issue_to_address>
**issue (bug_risk):** The `kustomize` download step saves a compressed tarball as `kustomize` and marks it executable, which will fail at runtime.

The URL points to a `.tar.gz`, but the script saves it directly as `kustomize` and chmods it, so `./kustomize` is a tarball, not an executable, and later calls like `./kustomize edit ...` will fail. Instead, download and extract the archive, e.g.:

```sh
tmp=$(mktemp)
curl -sL "<url>" -o "$tmp"
tar -xzf "$tmp"
rm "$tmp"
```

or pipe directly to `tar xz`, ensuring `kustomize` is the extracted binary.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request adds a GitHub Actions workflow to build and deploy to GKE. While this is a valuable addition, the workflow file is placed in the .circleci directory instead of the correct .github/workflows directory, which will prevent it from running. Additionally, there are several critical errors in the workflow definition, including an incorrect branch trigger, a wrong output variable for authentication, and a broken command for installing kustomize. I've provided specific comments and suggestions to fix these issues. I've also included recommendations for improving security by using secrets and for making the Kustomize configuration more maintainable.