#!/usr/bin/env python3 """gemini_review_gate.py — Gemini App evidence-based merge gate. Phase 3 evidence-only redesign (task-2465, 2026-05-06). - Gemini API 호출 0건 (App evidence만 검증) - GEMINI_API_KEY 의존 0건 - HOLD(neutral)도 GitHub check에서는 failure로 발행 — neutral은 branch protection을 통과하므로 금지. - 평가 로직은 scripts.gemini_evidence_verify.evaluate_gate에 단일화. """ from __future__ import annotations import argparse import json import os import subprocess import sys from datetime import datetime, timezone from pathlib import Path # gemini_evidence_verify (sibling script) import — runtime sys.path 조작 후 동적 import ROOT = Path(__file__).resolve().parent sys.path.insert(0, str(ROOT)) from gemini_evidence_verify import evaluate_gate # type: ignore[reportMissingImports] # noqa: E402 DEFAULT_CHECK_NAME = "gemini-review-gate" def _now_iso() -> str: return datetime.now(timezone.utc).isoformat() def publish_check_run( repo: str, sha: str, name: str, conclusion: str, summary: str, details: str = "", ) -> dict: """GitHub check run을 gh api POST로 발행. conclusion: "success" | "failure" (neutral 발행 절대 금지) """ payload: dict = { "name": name, "head_sha": sha, "status": "completed", "conclusion": conclusion, "output": { "title": name, "summary": summary[:65535], "text": details[:65535], }, } proc = subprocess.run( ["gh", "api", "-X", "POST", f"repos/{repo}/check-runs", "--input", "-"], input=json.dumps(payload, ensure_ascii=False), capture_output=True, text=True, timeout=30, ) return {"rc": proc.returncode, "stdout": proc.stdout, "stderr": proc.stderr} def main() -> int: ap = argparse.ArgumentParser( description="gemini_review_gate — Gemini App evidence 기반 merge gate" ) ap.add_argument("--pr-number", type=int, required=True, help="PR number") ap.add_argument("--commit-sha", required=True, help="Head commit SHA") ap.add_argument( "--repo", default=os.environ.get("GH_REPO", "JonghyukJeon/dev_workspace"), help="OWNER/REPO", ) ap.add_argument( "--check-name", default=DEFAULT_CHECK_NAME, help="GitHub check run name (phase3 wrapper에서 'phase3-merge-gate'로 호출)", ) ap.add_argument( "--publish-check", action="store_true", help="GitHub check run 발행", ) args = ap.parse_args() result = evaluate_gate(args.pr_number, args.commit_sha, args.repo) state = result["state"] # state → GitHub check conclusion 매핑 # ★ neutral 절대 금지 — branch protection이 neutral을 success로 취급 if state == "pass": conclusion = "success" summary = f"PASS: {result['reason']}" elif state == "hold": conclusion = "failure" # ★ neutral 금지 summary = f"HOLD: {result['reason']} (pending under {result.get('timeout_seconds', 300) // 60}min)" else: # block conclusion = "failure" summary = f"BLOCK: {result['reason']}" if args.publish_check: publish_check_run( args.repo, args.commit_sha, args.check_name, conclusion, summary, json.dumps(result, ensure_ascii=False, indent=2), ) primary = result["evidence"]["primary"] stale_count = sum(1 for e in primary if e.get("stale")) output = { "name": args.check_name, "pr": args.pr_number, "sha": args.commit_sha, "repo": args.repo, "state": state, "reason": result["reason"], "elapsed_seconds": result.get("elapsed_seconds", 0), "timeout_seconds": result.get("timeout_seconds", 300), "evidence_count": { "primary": len(primary), "secondary": len(result["evidence"]["secondary"]), "stale": stale_count, }, "high_severity_hits": result["evidence"]["high_severity_hits"], "ts": _now_iso(), } print(json.dumps(output, ensure_ascii=False)) return 0 if state == "pass" else 1 if __name__ == "__main__": sys.exit(main())