This document describes how to set up Gemini Code Assist code customization by connecting Gemini Code Assist to your private code repositories. This feature lets you receive code recommendations, which draw from the internal libraries, private APIs, and coding style of your organization.
Before you begin
- Set up Gemini Code Assist with an Enterprise subscription.
- Create or configure end user accounts. Every developer in your organization who is using Gemini Code Assist must have a user identity in Google Cloud that has permission to access your Google Cloud project. For more information, see Grant roles in the Google Cloud console. Ensure each user has the following roles:
Configure Developer Connect, and then connect to your GitHub.com or GitLab.com repository:
Additionally, note that code customization only supports Developer Connect connections in the following locations (regions):
us-central1
europe-west1
asia-southeast1
In a shell environment, run the
gcloud components update
command to ensure that you have updated all installed components of the gcloud CLI to the latest version. For this step, you can install and initialize the gcloud CLI, or you can use Cloud Shell.gcloud components update
Choose which private repositories are connected
As a best practice, ensure you connect repositories which:
- Have code that's of a similar style or structure to what you want your developers to write.
- Have private libraries or APIs that you would like to call from your current codebase.
(Optional) Choose which files are not indexed
By default, code customization indexes all the supported code files in your specified repositories.In many scenarios, you might have specific files or subtrees that you don't want indexed. For example:
- Highly sensitive information with limited access inside your organization
- Old or deprecated code
- Auto-generated or temporary code
To prevent exposure of code that you don't want to index, you can use branch
patterns to
control access to your index
and use a stable branch, such as main
.
Alternatively, you can also exclude files from the index by
creating an .aiexclude
file.
Create an index
Code customization relies on an index to analyze and parse your repository for quicker code generation suggestions and lookups.
gcloud
To create the index, in a shell environment, use the
gemini code-repository-indexes create
command:
gcloud gemini code-repository-indexes create INDEX_NAME \
--project=PROJECT_ID \
--location=REGION
Terraform
resource "google_gemini_code_repository_index" "example" {
provider = google-beta
location = "REGION"
code_repository_index_id = "INDEX_NAME"
}
Replace the following:
INDEX_NAME
: your index name. Important: Record your index name. You'll need it for several steps in this document.PROJECT_ID
: your Google Cloud project ID.REGION
: a supported region, as stated in the Before you begin section of this page, that you have configured in Developer Connect in your Google Cloud project.
Index creation generally takes 30 minutes to complete, but it might take up to an hour.
Google limits the number of code repository indexes to one for each project and organization.
Control access to your index using repository groups
A repository group is a container for indexing configuration, which includes
repositories and their branch patterns. Repository groups are designed for
granular IAM control, giving developers access to the indexed
data from those groups, where they have the
cloudaicompanion.repositoryGroups.use
permission.
Repository groups contain Developer Connect repositories, or links, from the same project and location.
Administrators perform the following actions:
- Create Code Repository Index resource.
- In the same project and location, configure a new Developer Connect connection.
- Link Git repos in the connection.
Get links' resource names, pick branch pattern to index for each link and put it to one or multiple repository groups.
gcloud
To create a repository group, in a shell environment, use the
gemini code-repository-indexes repository-groups create
command:
gcloud gemini code-repository-indexes repository-groups create REPOSITORY_GROUP \
--project=PROJECT_ID \
--location=REGION \
--code-repository-index=INDEX_NAME \
--repositories='[{"resource": "REPOSITORY_RESOURCE_NAME", "branchPattern": "BRANCH_NAMES"}]'
Terraform
resource "google_gemini_repository_group" "example" {
provider = google-beta
location = "REGION"
code_repository_index = "INDEX_NAME"
repository_group_id = "REPOSITORY_GROUP"
repositories {
resource = "REPOSITORY_RESOURCE_NAME"
branch_pattern = "BRANCH_NAMES"
}
}
Replace the following:
REPOSITORY_GROUP
: name of the repository group, such asdefault
.PROJECT_ID
: your Google Cloud project ID.REGION
: a supported region, as stated in the Before you begin section of this page, that you have have configured in Developer Connect in your Google Cloud project.INDEX_NAME
: name of the index you created in a preceding step to create an index.REPOSITORY_RESOURCE_NAME
: name of the repository inside the Developer Connect connection. To find the name of the repository, go to the Developer Connect page in the Google Cloud console, and in the Repositories tab, look for the Connection ID under the Connection column in the table. To copy the resource name, click the more_vert menu for more options, and select Copy resource path.BRANCH_NAMES
: name of the branches you want to index, such asmain|dev
.
You also can create a repository group with repositories defined in a JSON (or YAML) file, formatted as follows:
JSON
[
{
"resource": "REPOSITORY_RESOURCE_NAME", "branchPattern": "main|dev"
},
{
"resource": "REPOSITORY_RESOURCE_NAME", "branchPattern": "dev"
}
]
YAML
- resource: REPOSITORY_RESOURCE_NAME
branchPattern: main|dev
- resource: REPOSITORY_RESOURCE_NAME
branchPattern: dev
To create a repository group based on a JSON or YAML file, in a shell
environment, use the
gemini code-repository-indexes repository-groups create
command:
JSON
gcloud gemini code-repository-indexes repository-groups create REPOSITORY_GROUP \
--project=PROJECT_ID \
--location=REGION \
--code-repository-index=INDEX_NAME \
--repositories=FILEPATH.json
YAML
gcloud gemini code-repository-indexes repository-groups create REPOSITORY_GROUP \
--project=PROJECT_ID \
--location=REGION \
--code-repository-index=INDEX_NAME \
--repositories=FILEPATH.yaml
If preferred, you can encrypt and control your data with a customer-managed encryption key (CMEK) through Cloud Key Management Service. To learn more about using a CMEK, see Encrypt data with customer-managed encryption keys.
Grant IAM role to the repository group on a project
You only receive suggestions from repositories in the index. Each repository
belongs to one or multiple repository groups. To access suggestions, you must
grant the Cloud AI Companion Repository Groups User IAM role
(roles/cloudaicompanion.repositoryGroupsUser
)—which contains the required
cloudaicompanion.repositoryGroups.user
IAM permission—to the
repository group by one of the following ways:
- Grant principals permission to access the entire index.
- Grant principals access to a subset of the index.
Grant principals permission to access the entire index
To bind an IAM policy for a project, in a shell environment, use the
projects add-iam-policy-binding
command:gcloud projects add-iam-policy-binding PROJECT_ID \ --member='PRINCIPAL' \ --role='roles/cloudaicompanion.repositoryGroupsUser'
Replace the following:
PROJECT_ID
: the project ID where the repository group is located.PRINCIPAL
: the email address of the principal that needs access—for example,user:test-user@gmail.com
for an individual, orgroup:admins@example.com
for a group.
For more information, see
gcloud projects set-iam-policy
.When prompted to specify a condition, enter
None
.
Grant principals access to a subset of the index
You can create multiple repository groups and assign IAM roles to different IAM principals.
gcloud
In order to set up an IAM policy you must prepare the IAM policy JSON or YAML file, which will contain a list of IAM groups and assigned roles. For example:
bindings:
- members:
- group:my-group@example.com
- user:test-user@example.com
role: roles/cloudaicompanion.repositoryGroupsUser
For additional details and syntax, see Understanding allow policies.
To set the IAM policy, in a shell environment, use the
gemini code-repository-indexes repository-groups set-iam-policy
command:
gcloud gemini code-repository-indexes repository-groups set-iam-policy GROUP_NAMEPOLICY_FILE \
--project=PROJECT_ID \
--location=REGION \
--code-repository-index=INDEX_NAME
Replace the following:
GROUP_NAME
: the repository group name you created in a preceding step to control access to your index using repository groups.POLICY_FILE
: the IAM policy.REGION
: a supported region, as stated in the Before you begin section of this page, that you have configured in Developer Connect in your Google Cloud project.INDEX_NAME
: the name of the index you created in a preceding step to create an index.For more information, see
gcloud gemini code-repository-indexes repository-groups set-iam-policy
.
Terraform
data "google_iam_policy" "foo" {
provider = google-beta
binding {
role = "roles/cloudaicompanion.repositoryGroupsUser"
members = ["test-user@example.com"]
}
}
resource "google_gemini_repository_group_iam_policy" "foo" {
provider = google-beta
project = "PROJECT_ID"
location = "REGION"
code_repository_index_id = "INDEX_NAME"
repository_group_id = "GROUP_NAME"
policy_data = data.google_iam_policy.foo.policy_data
}
data "google_gemini_repository_group_iam_policy" "foo" {
provider = google-beta
project = "PROJECT_ID"
location = "REGION"
code_repository_index_id = "INDEX_NAME"
repository_group_id = "GROUP_NAME"
depends_on = [
google_gemini_repository_group_iam_policy.foo
]
}
You can also create a binding:
resource "google_gemini_repository_group_iam_binding" "foo" {
provider = google-beta
project = "PROJECT_ID"
location = "REGION"
code_repository_index_id = "INDEX_NAME"
repository_group_id = "GROUP_NAME"
role = "roles/cloudaicompanion.repositoryGroupsUser"
members = ["test-user@example.com"]
}
Replace the following:
GROUP_NAME
: the repository group name you created in a preceding step to control access to your index using repository groups.REGION
: a supported region, as stated in the Before you begin section of this page, that you have configured in Developer Connect in your Google Cloud project.INDEX_NAME
: the name of the index you created in a preceding step to create an index.For more information, see
gcloud gemini code-repository-indexes repository-groups set-iam-policy
.
Check indexing status
Depending on the number of repositories you want to index and their size, indexing content can take up to 24 hours. For large repositories, indexing can take longer. Indexing occurs once every 24 hours, picking up any changes that were made in the repository.
Search for the
indexing
logs. For more information, see Logging query language.Console
In the Google Cloud console, go to the Logs Explorer.
Use the log names filter to view
indexing
logs.
gcloud
To search for the indexing logs, in a shell environment, use the
logging read
command:gcloud logging read "logName="projects/PROJECT_ID/logs/indexing""
Replace
PROJECT_ID
with the project ID where the repository group is located.For example, to view errors in the
indexing
logs, run the following command:gcloud logging read "logName="projects/PROJECT_ID/logs/indexing" AND severity>=ERROR"
Review the associated indexing statuses, such as the following:
- Start of repository indexing-for example,
Indexing repository REPOSITORY_NAME. Total number of repositories: 10, succeeded: 6, failed: 0.
- End of individual repository indexing-for example:
- Success:
Successfully finished indexing repository REPOSITORY_NAME. Total number of repositories: 10, succeeded: 7, failed: 0.
- Failure:
Failed to index repository REPOSITORY_NAME. Error: [<error message>]. Total number of repositories: 10, succeeded: 7, failed: 1.
- Success:
- End of repository indexing-for example:
- Success:
Finished indexing process. Repositories attempted: 10. Repositories successfully indexed: 9. Repositories unsuccessfully fetched: 0.
- Failure:
Finished indexing process. Repositories attempted: 10. Repositories successfully indexed: 9. Repositories unsuccessfully fetched: 1. Repositories that were not successfully fetched will be retried in the next run.
- Success:
In the index statuses,
REPOSITORY_NAME
is the repository you want to review.- Start of repository indexing-for example,
Review the associated indexing errors, such as the following:
- Failed to fetch repository.
- Failed to list repository files.
- Failed to retrieve repository information from the index.
- Failed to retrieve files from the index.
- Internal error.
Use code customization
Once you have set up code customization, users will begin to see code completion and code generation suggestions which may be based on private code you have indexed in addition to results from full codebase awareness.
Turn off code customization
To list all repository groups for the current index, in a shell environment, use the
gemini code-repository-indexes repository-groups list
command:gcloud gemini code-repository-indexes repository-groups list --location=REGION \ --project=PROJECT_ID \ --code-repository-index=INDEX_NAME --uri
Replace the following:
REGION
: a supported region, as stated in the Before you begin section of this page, that you have configured in Developer Connect in your Google Cloud project.PROJECT_ID
: your Google Cloud project ID.INDEX_NAME
: name of the index you created in a preceding step to create an index.
To delete a repository group from the current index, use the
gemini code-repository-indexes repository-groups delete
command:gcloud gemini code-repository-indexes repository-groups delete REPOSITORY_GROUP \ --location=REGION \ --project=PROJECT_ID \ --code-repository-index=INDEX_NAME
Repeat step 3 for each repository group until you delete all repository groups from the index.
Optional: To delete the index, in a shell environment, use the
gemini code-repository-indexes delete
command:gcloud gemini code-repository-indexes delete INDEX_NAME \ --location=REGION \ --project=PROJECT_ID
What's next
- Start using Gemini Code Assist:
- VS Code: Code with Gemini Code Assist
- IntelliJ: Code with Gemini Code Assist
- Cloud Shell Editor: Code with Gemini Code Assist
- Cloud Workstations: Code with Gemini Code Assist
- Learn how to encrypt data with customer-managed encryption keys (CMEK).
- Learn more about Developer Connect.
- Learn how and when Gemini for Google Cloud uses your data.