Configure Gemini Code Assist code customization (original) (raw)

This document describes how to set upGemini Code Assist code customization by connecting Gemini Code Assist to your private code repositories. This feature lets you receive code recommendations, which draw from the internal libraries, private APIs, and coding style of your organization.

Before you begin

Set up Gemini Code Assistwith an Enterprise subscription.
Create or configure end user accounts. Every developer in your organization who is using Gemini Code Assist must have a user identity in Google Cloud that has permission to access your Google Cloud project. For more information, seeGrant roles in the Google Cloud console. Ensure each user has the following roles:
- Gemini for Google Cloud User
- Repository Groups User
Configure Developer Connect, and then connect to your GitHub.com, GitLab.com, or Bitbucket.org repository:

Additionally, note that code customization only supports Developer Connect connections in the following locations (regions):

us-central1
europe-west1
asia-southeast1
In a shell environment, run thegcloud components update commandto ensure that you have updated all installed components of thegcloud CLIto the latest version. For this step, you can install and initialize the gcloud CLI, or you can useCloud Shell Editor.

gcloud components update

Choose which private repositories are connected

As a best practice, ensure you connect repositories which:

Have code that's of a similar style or structure to what you want your developers to write.
Have private libraries or APIs that you would like to call from your current codebase.

(Optional) Choose which files are not indexed

By default, code customization indexes all thesupported code files in your specified repositories.

To prevent exposure of code that you don't want to index, you can use branch patterns tocontrol access to your index and use a stable branch, such as main.

Alternatively, you can also exclude files from the index bycreating an .aiexclude file.

Create an index

Code customization relies on an index to analyze and parse your repository for quicker code generation suggestions and lookups.

gcloud CLI

To create the index, in a shell environment, use thegemini code-repository-indexes create command:

gcloud gemini code-repository-indexes create INDEX_NAME \
    --project=PROJECT_ID \
    --location=REGION

Terraform

resource "google_gemini_code_repository_index" "example" {
  location = "REGION"
  code_repository_index_id = "INDEX_NAME"
}

Replace the following:

INDEX_NAME: your index name. Important: Record your index name. You'll need it for several steps in this document.
PROJECT_ID: your Google Cloud project ID.
REGION: a supported region, as stated in theBefore you begin section of this page, that you have configured in Developer Connect in your Google Cloud project.

Index creation generally takes 30 minutes to complete, but it might take up to an hour.

Google limits the number of code repository indexes to one for each project and organization.

Control access to your index using repository groups

A repository group is a container for indexing configuration, which includes repositories and their branch patterns. Repository groups are designed for granular IAM control, giving developers access to the indexed data from those groups, where they have thecloudaicompanion.repositoryGroups.use permission.

Repository groups contain Developer Connect repositories, or links, from the same project and location.

Administrators perform the following actions:

Create Code Repository Index resource.
In the same project and location, configure a new Developer Connect connection.
Link Git repos in the connection.
Get links' resource names, pick branch pattern to index for each link and put it to one or multiple repository groups.

gcloud CLI

To create a repository group, in a shell environment, use thegemini code-repository-indexes repository-groups create command:

gcloud gemini code-repository-indexes repository-groups create REPOSITORY_GROUP \
    --project=PROJECT_ID \
    --location=REGION \
    --code-repository-index=INDEX_NAME \
    --repositories='[{"resource": "REPOSITORY_RESOURCE_NAME", "branchPattern": "BRANCH_NAMES"}]'

Terraform

resource "google_gemini_repository_group" "example" {
  location = "REGION"
  code_repository_index = "INDEX_NAME"
  repository_group_id = "REPOSITORY_GROUP"
  repositories {
    resource = "REPOSITORY_RESOURCE_NAME"
    branch_pattern = "BRANCH_NAMES"
  }
}

Replace the following:

REPOSITORY_GROUP: name of the repository group, such as default.
PROJECT_ID: your Google Cloud project ID.
REGION: a supported region, as stated in theBefore you begin section of this page, that you have have configured in Developer Connect in your Google Cloud project.
INDEX_NAME: name of the index you created in a preceding step to create an index.
REPOSITORY_RESOURCE_NAME: name of the repository inside the Developer Connect connection. To find the name of the repository, go to theDeveloper Connect page in the Google Cloud console, and in the Repositories tab, look for the Connection ID under the Connection column in the table. To copy the resource name, click themore_vert menu for more options, and select Copy resource path.
BRANCH_NAMES: name of the branches you want to index, such as main|dev.

You also can create a repository group with repositories defined in a JSON (or YAML) file, formatted as follows:

JSON

[
  {
      "resource": "REPOSITORY_RESOURCE_NAME", "branchPattern": "main|dev"
  },
  {
      "resource": "REPOSITORY_RESOURCE_NAME", "branchPattern": "dev"
  }
]

YAML

- resource: REPOSITORY_RESOURCE_NAME
  branchPattern: main|dev

- resource: REPOSITORY_RESOURCE_NAME
  branchPattern: dev

To create a repository group based on a JSON or YAML file, in a shell environment, use thegemini code-repository-indexes repository-groups create command:

JSON

gcloud gemini code-repository-indexes repository-groups create REPOSITORY_GROUP \
    --project=PROJECT_ID \
    --location=REGION \
    --code-repository-index=INDEX_NAME \
    --repositories=FILEPATH.json

YAML

gcloud gemini code-repository-indexes repository-groups create REPOSITORY_GROUP \
    --project=PROJECT_ID \
    --location=REGION \
    --code-repository-index=INDEX_NAME \
    --repositories=FILEPATH.yaml

If preferred, you can encrypt and control your data with a customer-managed encryption key (CMEK) through Cloud Key Management Service. To learn more about using a CMEK, seeEncrypt data with customer-managed encryption keys.

Grant IAM role to the repository group on a project

You only receive suggestions from repositories in the index. Each repository belongs to one or multiple repository groups. To access suggestions, you must grant the Cloud AI Companion Repository Groups User IAM role (roles/cloudaicompanion.repositoryGroupsUser)—which contains the requiredcloudaicompanion.repositoryGroups.user IAM permission—to the repository group by one of the following ways:

Grant principals permission to access the entire index.
Grant principals access to a subset of the index.

Grant principals permission to access the entire index

To bind an IAM policy for a project, in a shell environment, use theprojects add-iam-policy-binding command:

gcloud projects add-iam-policy-binding PROJECT_ID \  
    --member='PRINCIPAL' \  
    --role='roles/cloudaicompanion.repositoryGroupsUser'

Replace the following:

PROJECT_ID: the project ID where the repository group is located.
PRINCIPAL: the email address of the principal that needs access—for example, user:test-user@gmail.com for an individual, or group:admins@example.com for a group.
For more information, seegcloud projects set-iam-policy.

When prompted to specify a condition, enter None.

Grant principals access to a subset of the index

You can create multiple repository groups and assign IAM roles to different IAM principals.

gcloud CLI

In order to set up an IAM policy you must prepare the IAM policy JSON or YAML file, which will contain a list of IAM groups and assigned roles. For example:

bindings:
- members:
  - group:my-group@example.com
  - user:test-user@example.com
  role: roles/cloudaicompanion.repositoryGroupsUser

For additional details and syntax, seeUnderstanding allow policies.

To set the IAM policy, in a shell environment, use thegemini code-repository-indexes repository-groups set-iam-policy command:

gcloud gemini code-repository-indexes repository-groups set-iam-policy GROUP_NAMEPOLICY_FILE \
    --project=PROJECT_ID \
    --location=REGION \
    --code-repository-index=INDEX_NAME

Replace the following:

GROUP_NAME: the repository group name you created in a preceding step to control access to your index using repository groups.
POLICY_FILE: the IAM policy.
REGION: a supported region, as stated in theBefore you begin section of this page, that you have configured in Developer Connect in your Google Cloud project.
INDEX_NAME: the name of the index you created in a preceding step to create an index.
For more information, seegcloud gemini code-repository-indexes repository-groups set-iam-policy.

Terraform

data "google_iam_policy" "foo" {
  binding {
    role = "roles/cloudaicompanion.repositoryGroupsUser"
    members = ["test-user@example.com"]
  }
}

resource "google_gemini_repository_group_iam_policy" "foo" {
  project = "PROJECT_ID"
  location = "REGION"
  code_repository_index_id = "INDEX_NAME"
  repository_group_id = "GROUP_NAME"
  policy_data = data.google_iam_policy.foo.policy_data
}

data "google_gemini_repository_group_iam_policy" "foo" {
  project = "PROJECT_ID"
  location = "REGION"
  code_repository_index_id = "INDEX_NAME"
  repository_group_id = "GROUP_NAME"
  depends_on = [
    google_gemini_repository_group_iam_policy.foo
  ]
}

You can also create a binding:

resource "google_gemini_repository_group_iam_binding" "foo" {
  project = "PROJECT_ID"
  location = "REGION"
  code_repository_index_id = "INDEX_NAME"
  repository_group_id = "GROUP_NAME"
  role = "roles/cloudaicompanion.repositoryGroupsUser"
  members = ["test-user@example.com"]
}

Replace the following:

GROUP_NAME: the repository group name you created in a preceding step to control access to your index using repository groups.
REGION: a supported region, as stated in theBefore you begin section of this page, that you have configured in Developer Connect in your Google Cloud project.
INDEX_NAME: the name of the index you created in a preceding step to create an index.
For more information, seegcloud gemini code-repository-indexes repository-groups set-iam-policy.

Check indexing status

Depending on the number of repositories you want to index and their size, indexing content can take up to 24 hours. For large repositories, indexing can take longer. Indexing occurs once every 24 hours, picking up any changes that were made in the repository.

Search for the indexing logs. For more information, seeLogging query language.

Console

In the Google Cloud console, go to theLogs Explorer.
Go to Logs Explorer
Use the log names filter to view indexing logs.

gcloud CLI

To search for the indexing logs, in a shell environment, use thelogging read command:

gcloud logging read "logName="projects/PROJECT_ID/logs/indexing""

Replace PROJECT_ID with the project ID where the repository group is located.
For example, to view errors in the indexing logs, run the following command:

gcloud logging read "logName="projects/PROJECT_ID/logs/indexing" AND severity>=ERROR"

Review the associated indexing statuses, such as the following:
- Start of repository indexing-for example, Indexing repository REPOSITORY_NAME. Total number of repositories: 10, succeeded: 6, failed: 0.
- End of individual repository indexing-for example:
  * Success: Successfully finished indexing repository REPOSITORY_NAME. Total number of repositories: 10, succeeded: 7, failed: 0.
  * Failure: Failed to index repository REPOSITORY_NAME. Error: [<error message>]. Total number of repositories: 10, succeeded: 7, failed: 1.
- End of repository indexing-for example:
  * Success: Finished indexing process. Repositories attempted: 10. Repositories successfully indexed: 9. Repositories unsuccessfully fetched: 0.
  * Failure: Finished indexing process. Repositories attempted: 10. Repositories successfully indexed: 9. Repositories unsuccessfully fetched: 1. Repositories that were not successfully fetched will be retried in the next run.

In the index statuses, REPOSITORY_NAME is the repository you want to review. 3. Review the associated indexing errors, such as the following:

Failed to fetch repository.
Failed to list repository files.
Failed to retrieve repository information from the index.
Failed to retrieve files from the index.
Internal error.

Once you have set up code customization, you'll begin to see code completion and code generation suggestions which may be based on private code you have indexed in addition to results from full codebase awareness.

To learn more about using code customization and best practices, seeUse code customization.

Turn off code customization

To list all repository groups for the current index, in a shell environment, use thegemini code-repository-indexes repository-groups list command:

gcloud gemini code-repository-indexes repository-groups list --location=REGION \  
    --project=PROJECT_ID \  
    --code-repository-index=INDEX_NAME --uri

Replace the following:

REGION: a supported region, as stated in theBefore you begin section of this page, that you have configured in Developer Connect in your Google Cloud project.
PROJECT_ID: your Google Cloud project ID.
INDEX_NAME: name of the index you created in a preceding step to create an index.

To delete a repository group from the current index, use thegemini code-repository-indexes repository-groups delete command:

gcloud gemini code-repository-indexes repository-groups delete REPOSITORY_GROUP \  
    --location=REGION \  
    --project=PROJECT_ID \  
    --code-repository-index=INDEX_NAME

Repeat step 3 for each repository group until you delete all repository groups from the index.
Optional: To delete the index, in a shell environment, use thegemini code-repository-indexes delete command:

gcloud gemini code-repository-indexes delete INDEX_NAME \  
    --location=REGION \  
    --project=PROJECT_ID

What's next

Start using Gemini Code Assist:
- VS Code, IntelliJ, and other supported JetBrains IDEs: Code with Gemini Code Assist
- Cloud Shell Editor: Code with Gemini Code Assist
- Cloud Workstations: Code with Gemini Code Assist
Learn how to use code customizationand best practices.
Learn how to encrypt data with customer-managed encryption keys (CMEK).
Learn more about Developer Connect.
Learn how and when Gemini for Google Cloud uses your data.