Skip to content

feat(caretaker): egress cloud run service skeleton#28167

Merged
gundermanc merged 4 commits into
google-gemini:mainfrom
chadd28:feat/triage-egress
Jul 2, 2026
Merged

feat(caretaker): egress cloud run service skeleton#28167
gundermanc merged 4 commits into
google-gemini:mainfrom
chadd28:feat/triage-egress

Conversation

@chadd28

@chadd28 chadd28 commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

Summary

Implements the caretaker Egress Cloud Run Service skeleton into tools/caretaker-agent/cloudrun/egress-service/. This service provides a lightweight HTTP server to receive verified action event messages pushed via Cloud Pub/Sub (egress-actions topic) from the Triage Worker, decode Base64 payloads, validate event schemas, and dispatch execution to an egress action handler.

Details

  • Express HTTP Service (src/app.ts, src/server.ts): Provides a lightweight Cloud Run HTTP endpoint to handle GCP Pub/Sub push message delivery, decode Base64 payloads, and return structured health status (/ GET) for liveness/readiness probes.

How to Validate

  1. Navigate to the egress service directory:
cd tools/caretaker-agent/cloudrun/egress-service
npm test    

Pre-Merge Checklist

  • Updated relevant documentation and README (if needed)
  • Added/updated tests (if needed)
  • Noted breaking changes (if any)
  • Validated on required platforms/methods:
    • MacOS
      • npm run
      • npx
      • Docker
      • Podman
      • Seatbelt
    • Windows
      • npm run
      • npx
      • Docker
    • Linux
      • npm run
      • npx
      • Docker

@chadd28 chadd28 requested a review from a team as a code owner June 27, 2026 01:09
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request adds a new automated egress service to the caretaker agent suite. The service acts as a bridge between GCP Pub/Sub and GitHub, allowing the system to react to verified events by performing automated repository operations. It is built as a lightweight Express application optimized for deployment on Google Cloud Run, ensuring secure and reliable execution of GitHub tasks.

Highlights

  • New Egress Service Implementation: Introduced a new Cloud Run service located in tools/caretaker-agent/cloudrun/egress-service/ designed to process GCP Pub/Sub messages.
  • GitHub Integration: Implemented a GitHub Action executor using Octokit to perform automated tasks like adding labels and posting comments on issues.
  • Robust Error Handling and Validation: Added comprehensive type guards and validation logic to ensure incoming Pub/Sub payloads are correctly formatted before processing.
  • Testing Suite: Added a full unit test suite using Vitest, covering both the HTTP router and the GitHub action execution logic.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@github-actions github-actions Bot added the size/xl An extra large PR label Jun 27, 2026
@github-actions

github-actions Bot commented Jun 27, 2026

Copy link
Copy Markdown

📊 PR Size: size/L

  • Lines changed: 315
  • Additions: +315
  • Deletions: -0
  • Files changed: 8

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new Node.js/TypeScript Express-based egress service designed to run on Cloud Run and handle GitHub actions via Pub/Sub push subscriptions. Feedback highlights a critical security vulnerability regarding missing authentication on the POST endpoint, and suggests centralizing environment variable parsing and improving string validation for comments.

Comment thread tools/caretaker-agent/cloudrun/egress-service/src/app.ts
Comment thread tools/caretaker-agent/cloudrun/egress-service/src/actions/github.ts Outdated
Comment thread tools/caretaker-agent/cloudrun/egress-service/src/actions/github.ts Outdated
@gemini-cli gemini-cli Bot added the status/need-issue Pull requests that need to have an associated issue. label Jun 27, 2026
@github-actions github-actions Bot added the size/l A large sized PR label Jul 1, 2026
@chadd28 chadd28 changed the title feat(caretaker): egress cloud run service feat(caretaker): egress cloud run service skeleton Jul 1, 2026
@chadd28

chadd28 commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Ready for review! @gundermanc

* SPDX-License-Identifier: Apache-2.0
*/

export type EgressAction = 'COMMENT' | 'LABEL' | 'PATCH';

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are any of these contracts between the different jobs or service components? If so, can we make sure to not duplicate them? Ideally we put our contracts in a common place where all components can reference them.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a great point. This contract is shared between the Python Triage Worker (triage-worker/utils/egress.py) and the TypeScript Egress Service (egress-service/src/types.ts) over Pub/Sub JSON messages. But because each Cloud Run service is deployed as a standalone container scoped strictly to its own root directory (cloudrun/egress-service/ and cloudrun/triage-worker/ ), container build contexts cannot import files outside their service folder. This is something I'm actively thinking through, we can chat more about it since there are a few other areas that I would want to share down the line (such as DB operations)

@gundermanc gundermanc added this pull request to the merge queue Jul 1, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jul 1, 2026
@gundermanc gundermanc added this pull request to the merge queue Jul 2, 2026
Merged via the queue into google-gemini:main with commit f7af4e5 Jul 2, 2026
52 of 53 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/l A large sized PR size/xl An extra large PR status/need-issue Pull requests that need to have an associated issue.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants