Source URL: https://cloud.google.com/blog/topics/developers-practitioners/boost-your-continuous-delivery-pipeline-with-generative-ai/
Source: Cloud Blog
Title: Boost your Continuous Delivery pipeline with Generative AI
Feedly Summary: In the domain of software development, AI-driven assistance is emerging as a transformative force to enhance developer experience and productivity and ultimately optimize overall software delivery performance. Many organizations started to leverage AI-based assistants, such as Gemini Code Assist, in developer IDEs to support them in solving more difficult problems, understanding unfamiliar code, generating test cases, and many other common programming tasks. Based on the productivity gains experienced by the individual developers in their IDEs, many organizations are looking to expand their use of generative AI technologies to other aspects of their software development lifecycle including pull-requests, code reviews, or generating release notes.
In this article we want to explore how to use generative AI to enhance the quality and efficiency in software delivery. We also provide a practical example of how to leverage Gemini models in Vertex AI within a continuous delivery pipeline to support code reviews and generate release notes for pull requests.
aside_block
Generative AI beyond the IDE
Whilst AI-powered coding assistance within an IDE offers a significant boost to a developer’s productivity, the benefits of this technology are not limited to the direct interaction between the developer and the codebase. By expanding the use of large language models to other aspects of the software delivery lifecycle, we open up a range of new opportunities to streamline time-consuming tasks. By integrating AI capabilities within automated CI/CD pipelines, we not only free up time for developers to focus on more strategic and creative aspects of their work but also have a chance to enhance the code quality overall and detect issues within the codebase early and before they make it to production environments.
The concept of using automated tooling within a CI/CD pipeline to proactively detect issues with code quality isn’t entirely new. We’ve used several forms of static code analysis for decades to identify potential errors and vulnerabilities and to enforce coding standards. However, the advances in generative AI present new opportunities that go beyond the capabilities of traditional code analysis. With their advanced language understanding and contextual awareness they can provide more nuanced commentary and provide more grounded recommendations on how to improve on a certain code base. In many cases these cools can help reduce cognitive load or labor intensive tasks that a human developer had to perform in the form of code reviews and help them focus on the bigger picture and overall impact on the codebase.
This doesn’t mean that the AI tools are in a position to replace the trusted tools and processes altogether. As illustrated in the practical example below these tools are most impactful when they are embedded within a combination of deterministic tools and human experts and each perform the tasks that they are best equipped to.
Ingredients for an AI-infused SDLC
To illustrate how generative AI can be used to enhance software delivery we’ll use the following products and tools:
Gemini models in Vertex AI
Gemini models are designed to process and understand vast amounts of information, enabling more accurate and nuanced responses to user prompts. With a focus on enhanced capabilities in areas like logical reasoning, coding, and creative collaboration, Gemini revolutionized the way we are able to collaborate with AI.
Gemini can be used directly or indirectly when it powers a packaged experience. For example Gemini Code Assist is a end user application that is built on top of the Gemini models and provides an assistant that helps in code generation, transformation and understanding as mentioned above.
Developers can also directly integrate Gemini models in their own application through Vertex AI, an end-to-end platform which lets them create, customize, manage, and scale AI applications.
In this example we will use Gemini in Vertex AI to build a custom extension of a CI/CD pipeline that uses Gemini’s language and text generation capabilities to provide meaningful assistance in a code review process.
Friendly CI-CD Helper
To abstract away the mechanics of interacting with the Gemini APIs in Vertex AI and centrally manage aspects like prompt design and how the context is fed to the model we build a small demo tool called friendly-cicd-helper. The tool can be used either as a standalone Python application or as a container that can run in a container-based CI/CD pipeline such as Cloud Build.
In its core the friendly-cicd-helper uses Gemini to analyze code changes (here in the form of a Git diff) and can generate the following outputs:
Summary of the changes to help speed up a MR/PR review
PR/MR comments for code changes to provide initial feedback to the author
Release Notes for changes for code changes
We use the friendly-cicd-helper tool as an example of how to leverage Gemini capabilities in a CI/CD pipeline. It is not an official product and most use cases will require you to build your own implementation based on your own needs and preferences.
Cloud Build
Cloud Build is a fully managed, serverless CI/CD (Continuous Integration/Continuous Delivery) platform provided by Google Cloud. It allows you to automate the process of building, testing, and deploying your applications across various environments like VMs, Kubernetes, serverless platforms, and Firebase.
You can define how the above tasks are linked together in your build through a build config specification, in which each task is defined as a build step.
Your build can be linked to a source-code repository so that your source code is cloned in your workspace as part of your build, and triggers can be configured to run the build automatically when a specific event, such as a new merge request, occurs.
Example Cloud Build Pipeline with Gemini
In our example the following Cloud Build pipeline is triggered when a developer opens a merge request in Gitlab (any other Cloud Build supported repository would work). The pipeline first fetches the latest version of the source branch of the pull request and executes the following steps in order:
1. The first step generates a Git diff to collect the code changes that are proposed as part of the merge request in a file. The file is persisted in the workspace mount that is shared between the steps such that it can later be used in the context for the LLM prompts.
code_block
<ListValue: [StructValue([(‘code’, “steps:\r\n – id: Generate Git Diff\r\n name: gcr.io/cloud-builders/git\r\n entrypoint: ‘bash’\r\n args:\r\n – ‘-c’\r\n – |\r\n git fetch origin\r\n git diff origin/main –output /workspace/diff.txt\r\n cat /workspace/diff.txt"), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e47d9f0e1f0>)])]>
2. Then we use Gemini to generate an automated code review of our merge request with the friendly-cicd-helper vertex-code-review –diff /workspace/diff.txt command. The model response is then appended to the GitLab merge request thread as a comment.
code_block
<ListValue: [StructValue([(‘code’, ‘- id: Using Vertex AI to provide an automated MR Review\r\n name: \’europe-west1-docker.pkg.dev/$PROJECT_ID/tools/friendly-cicd-helper\’\r\n entrypoint: sh\r\n args:\r\n – -c\r\n – |\r\n export VERTEX_GCP_PROJECT=$PROJECT_ID\r\n echo "## Automated Merge Request Review Notes (generated by Vertex AI)" | tee mergerequest-review.md\r\n echo "_Note that the following notes do not replace a thorough code review by an expert:_" | tee -a mergerequest-review.md\r\n\r\n friendly-cicd-helper vertex-code-review –diff /workspace/diff.txt | tee -a mergerequest-review.md\r\n\r\n cat mergerequest-review.md | friendly-cicd-helper gitlab-comment –project $_GITLAB_PROJECT –mergerequest $$(cat /workspace/gitlab_merge_request_iid)\r\n secretEnv: [\’GITLAB_TOKEN\’]’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e47d9f0e400>)])]>
If you look at friendly-cicd-helper.py you’ll see that the vertex_code_review function calls the code_review function from the vertex_api.py module
code_block
<ListValue: [StructValue([(‘code’, ‘def vertex_code_review(diff):\r\n """\r\n Review on a Git Diff\r\n """\r\n import lib.vertex_api as vertex\r\n return vertex.code_review(diff)’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e47d9f0eb80>)])]>
That function submit a prompt to Gemini to get a code review using the Git diff as context:
code_block
<ListValue: [StructValue([(‘code’, ‘def code_review(diff_path):\r\n """\r\n Generate a code review based on a Git diff.\r\n """\r\n\r\n response = model.generate_content(\r\n f"""\r\nYou are an experienced software engineer.\r\nYou only comment on code that you found in the merge request diff.\r\nProvide a code review with suggestions for the most important \r\nimprovements based on the following Git diff:\r\n\r\n${load_diff(diff_path)}\r\n\r\n """,\r\n generation_config=generation_config\r\n )\r\n print(response.text.strip())\r\n return response.text)’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e47d9f0e850>)])]>
3. The same pattern can be repeated for generating other artifacts like suggested release notes that describe the contained changes in the MR and also append them to the same thread as a comment.
code_block
<ListValue: [StructValue([(‘code’, ‘- id: Using Vertex AI to provide automated Release Notes\r\n name: \’europe-west1-docker.pkg.dev/$PROJECT_ID/tools/friendly-cicd-helper\’\r\n entrypoint: sh\r\n args:\r\n – -c\r\n – |\r\n export VERTEX_GCP_PROJECT=$PROJECT_ID\r\n echo "## Automated Suggestions for Release Notes (generated by Vertex AI)" | tee mergerequest-release-notes.md\r\n\r\n friendly-cicd-helper vertex-release-notes –diff /workspace/diff.txt | tee -a mergerequest-release-notes.md\r\n\r\n cat mergerequest-release-notes.md | friendly-cicd-helper gitlab-comment –project $_GITLAB_PROJECT –mergerequest $$(cat /workspace/gitlab_merge_request_iid)\r\n secretEnv: [\’GITLAB_TOKEN\’]’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e47d9f0e9a0>)])]>
Here you can see the prompt submitted to Vertex from the vertex_api.py module
code_block
<ListValue: [StructValue([(‘code’, ‘def release_notes(diff_path):\r\n """\r\n Generate release notes based on a Git diff in unified format.\r\n """\r\n\r\n response = model.generate_content(\r\n f"""\r\nYou are an experienced tech writer.\r\nWrite short release notes in markdown bullet point format for the most important changes based on the following Git diff:\r\n\r\n${load_diff(diff_path)}\r\n """,\r\n generation_config=generation_config\r\n )\r\n print(response.text.strip())\r\n return response.text’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e47d9f0e370>)])]>
4. Lastly our pipeline builds a container image with the updated code and deploys the application to a QA environment using Cloud Deploy, where UAT can be executed.
code_block
<ListValue: [StructValue([(‘code’, ‘- id: Build the image with Skaffold\r\n name: gcr.io/k8s-skaffold/skaffold\r\n entrypoint: /bin/bash\r\n args:\r\n – -c\r\n – |\r\n skaffold build –interactive=false –file-output=/workspace/artifacts.json –default-repo=$_REPO\r\n – id: Create a release in Cloud Deploy and rollout to staging\r\n name: gcr.io/cloud-builders/gcloud\r\n entrypoint: \’bash\’\r\n args:\r\n – \’-c\’\r\n – |\r\n MERGE_REQUEST_IID=$$(cat /workspace/gitlab_merge_request_iid)\r\n gcloud deploy releases create ledgerwriter-${SHORT_SHA} –delivery-pipeline genai-sw-delivery \\\r\n –region europe-west1 –annotations "commitId=${REVISION_ID},gitlab_mr=$$MERGE_REQUEST_IID" –build-artifacts /workspace/artifacts.json’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e47d9f0ef70>)])]>
Seeing the pipeline in action
We will try our pipeline in the context of Bank of Anthos, a sample web app that simulates a bank’s payment processing network, allowing users to create artificial bank accounts and complete transactions.
For the purpose of this demo we’ve modified the ledger writer service that accepts and validates incoming transactions before writing them to the ledger. The repository fork is available here.
Starting from existing code we added the method below to the TransactionValidator class to obfuscate account number for logging purposes:
code_block
<ListValue: [StructValue([(‘code’, ‘public String obfuscateAccountNumber(String acctNum) {\r\n String obfuscated = "";\r\n for (int i = 0; i < acctNum.length(); i++) {\r\n if (Character.isDigit(acctNum.charAt(i))) {\r\n obfuscated += "0";\r\n } else {\r\n obfuscated += "x";\r\n }\r\n }\r\n return obfuscated;\r\n }’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e47e0303fd0>)])]>
In addition to that, we created a new TransactionValidatorTest class and added a test for the new method:
code_block
<ListValue: [StructValue([(‘code’, ‘package anthos.samples.bankofanthos.ledgerwriter;\r\n\r\nimport org.junit.jupiter.api.Test;\r\nimport static org.junit.jupiter.api.Assertions.assertEquals;\r\n\r\nclass TransactionValidatorTest {\r\n\r\n @Test\r\n void obfuscateAccountNumber_validAccountNumber_returnsObfuscated() {\r\n TransactionValidator validator = new TransactionValidator();\r\n String accountNumber = "12345678-90ab-cdef-1234-567890abcdef";\r\n String obfuscated = validator.obfuscateAccountNumber(accountNumber);\r\n assertEquals("00000000x00xxxxxxxx0000x000000xxxxxx", obfuscated);\r\n }\r\n}’), (‘language’, ”), (‘caption’, <wagtail.rich_text.RichText object at 0x3e47e0303310>)])]>
Once we open a MR in GitLab, after we insert the /gcbrun comment that we configured our Cloud Build trigger to require. This triggers the pipeline that we outlined above and appends the following comment with the AI-generated comments in the MR thread:
Then similarly the requested release note suggestions are also appended to the comment thread:
Summary
You saw an example of automating code reviews and release notes generation using Vertex AI and Gemini.
You can continue to try by yourself using the above example repository and friendly-cicd-helper, start from it and tune your prompts or implement your own script to submit a prompt to Gemini in your CD pipeline.
AI Summary and Description: Yes
Summary: The text discusses the integration of AI-driven assistance within software development processes, particularly focusing on how generative AI, notably through tools like Gemini and Vertex AI, enhances code quality and efficiency during the software delivery lifecycle. Moreover, it highlights practical implementations, such as automating code reviews and release notes generation within CI/CD pipelines, showcasing the transformative impact these tools can have on traditional software development practices.
Detailed Description:
The provided content emphasizes the growing importance and application of generative AI tools in software development, particularly for enhancing the developer experience and optimizing performance. The discussion revolves around the implementation of such tools within various stages of the software delivery lifecycle.
Key Points:
– **AI-Driven Assistance**:
– Organizations are starting to leverage AI assistants like Gemini Code Assist in IDEs.
– These tools help developers address complex problems, understand unfamiliar code, and generate test cases among other tasks, leading to improved productivity.
– **Generative AI in the Software Development Lifecycle**:
– Beyond IDE assistance, the text emphasizes integrating generative AI across other software stages like pull requests and code reviews.
– Generative AI’s capabilities are seen as a way to streamline time-consuming tasks and enhance overall code quality before production.
– **Enhanced Capabilities of Generative AI**:
– Traditional static code analysis tools have limitations; however, genetic AI can analyze context more accurately, providing better recommendations for code improvements.
– AI tools aim to reduce cognitive load by automating repetitive and labor-intensive tasks, allowing developers to focus on higher-level strategic work.
– **Ingredients for AI-Infused Software Development Lifecycle (SDLC)**:
– Use of Gemini models in Vertex AI provides enhanced processing capabilities for code-related tasks.
– Tools like the friendly-cicd-helper demonstrate how to manage AI integrations seamlessly within CI/CD pipelines.
– Automation through these tools can lead to substantial productivity gains while maintaining quality through early detection of code issues.
– **CI/CD Pipeline Example with Gemini**:
– The content outlines a practical example of using Cloud Build in channeling AI capabilities for automated code reviews and release note generation.
– The architecture enables a more interactive development process where code changes undergo detailed review and annotation through AI-generated outputs.
– **Practical Implementations**:
– The demo highlights the integration of tools in a live project context (Bank of Anthos), showcasing real-world applications.
– Developers can customize AI tools within their pipelines to suit their needs, demonstrating flexibility in implementation while reinforcing best practices in software delivery.
In summary, the text is highly relevant to professionals in security, privacy, and compliance across the domains of AI and software development, particularly in understanding how these advanced tools enhance productivity and code quality while embedding compliance and security considerations into the software lifecycle. Such insights can drive further innovation and governance within the realm of software security and compliance methodologies.