[Infra] Restore Danger

[paulb777]

• Update to latest Danger and use short-lived token via a GitHub App
• Successful CI run at https://github.com/firebase/firebase-ios-sdk/actions/runs/20474104911/job/58835295102

[gemini-code-assist]

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

[paulb777]

/gemini summarize

[paulb777]

/gemini review

[paulb777]

/gemini summarize

[paulb777]

/gemini review

[gemini-code-assist]

Summary of Changes

This pull request focuses on restoring and modernizing the Danger CI/CD tool within the project's infrastructure. The primary goal is to upgrade the danger gem and its associated dependencies to their latest versions, which is essential for maintaining robust automated code quality checks and streamlining the pull request review process. This update also paves the way for more secure integration with GitHub through the use of short-lived tokens.

Highlights

• Danger Gem Update: The danger gem has been updated from version 8.4.5 to 9.5.3, bringing the project up to date with the latest features and fixes for automated code review.
• Dependency Modernization: Numerous transitive dependencies, including faraday, kramdown, octokit, and terminal-table, have been significantly updated to align with the new danger gem version, ensuring compatibility and leveraging newer library capabilities.
• Enhanced Security Integration: This update supports the use of a short-lived token via a GitHub App for Danger operations, improving the security posture of the CI/CD pipeline by limiting token exposure.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• Gemfile
  • Updated the danger gem from 8.4.5 to 9.5.3.
• Gemfile.lock
  • Updated the locked version of the danger gem and its transitive dependencies.
  • Major dependency updates include faraday (from 1.10.3 to 2.8.1), kramdown (from 2.4.0 to 2.5.1), octokit (from 4.25.1 to 10.0.0), and terminal-table (from 3.0.2 to 4.0.0).
  • Removed no_proxy_fix and multipart-post dependencies.
  • Added new dependencies such as base64, pstore, and unicode-emoji.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/danger.yml

Activity

• A bot comment from gemini-code-assist[bot] was posted, providing information about using Gemini Code Assist.
• paulb777 requested a summary of the pull request using the /gemini summarize command.
• gemini-code-assist[bot] provided a summary of changes.
• paulb777 requested a review using the /gemini review command.
• paulb777 requested another summary using the /gemini summarize command.

[gemini-code-assist]

Code Review

This pull request updates the danger gem from version 8.4.5 to 9.5.3. This is a good practice to keep dependencies up-to-date. The changes in Gemfile and the resulting modifications in Gemfile.lock are consistent with this update. The screenshot in the PR description suggests that the new version has been tested and is working correctly. The changes look good.