Configure and use Gemini Code Assist code customization

This document describes how to set up Gemini Code Assist code customization by connecting Gemini Code Assist to your private code repositories. This feature lets you receive code recommendations, which draw from the internal libraries, private APIs, and coding style of your organization.

Before you begin

Choose which private repositories are connected

As a best practice, ensure you connect repositories which:

  • Have code that's of a similar style or structure to what you want your developers to write.
  • Have private libraries or APIs that you would like to call from your current codebase.

(Optional) Choose which files are not indexed

By default, code customization indexes all the supported code files in your specified repositories.

In many scenarios, you might have specific files or subtrees that you don't want indexed. For example:

  • Highly sensitive information with limited access inside your organization
  • Old or deprecated code
  • Auto-generated or temporary code

To prevent exposure of code that you don't want to index, you can use branch patterns to control access to your index and use a stable branch, such as main.

Alternatively, you can also exclude files from the index by creating an .aiexclude file.

Create an index

Code customization relies on an index to analyze and parse your repository for quicker code generation suggestions and lookups.

gcloud

To create the index, in a shell environment, use the gemini code-repository-indexes create command:

gcloud gemini code-repository-indexes create INDEX_NAME \
    --project=PROJECT_ID \
    --location=REGION

Terraform

resource "google_gemini_code_repository_index" "example" {
  provider = google-beta
  location = "REGION"
  code_repository_index_id = "INDEX_NAME"
}

Replace the following:

  • INDEX_NAME: your index name. Important: Record your index name. You'll need it for several steps in this document.
  • PROJECT_ID: your Google Cloud project ID.
  • REGION: a supported region, as stated in the Before you begin section of this page, that you have configured in Developer Connect in your Google Cloud project.

Index creation generally takes 30 minutes to complete, but it might take up to an hour.

Google limits the number of code repository indexes to one for each project and organization.

Control access to your index using repository groups

A repository group is a container for indexing configuration, which includes repositories and their branch patterns. Repository groups are designed for granular IAM control, giving developers access to the indexed data from those groups, where they have the cloudaicompanion.repositoryGroups.use permission.

Repository groups contain Developer Connect repositories, or links, from the same project and location.

Administrators perform the following actions:

  • Create Code Repository Index resource.
  • In the same project and location, configure a new Developer Connect connection.
  • Link Git repos in the connection.
  • Get links' resource names, pick branch pattern to index for each link and put it to one or multiple repository groups.

gcloud

To create a repository group, in a shell environment, use the gemini code-repository-indexes repository-groups create command:

gcloud gemini code-repository-indexes repository-groups create REPOSITORY_GROUP \
    --project=PROJECT_ID \
    --location=REGION \
    --code-repository-index=INDEX_NAME \
    --repositories='[{"resource": "REPOSITORY_RESOURCE_NAME", "branchPattern": "BRANCH_NAMES"}]'

Terraform

resource "google_gemini_repository_group" "example" {
  provider = google-beta
  location = "REGION"
  code_repository_index = "INDEX_NAME"
  repository_group_id = "REPOSITORY_GROUP"
  repositories {
    resource = "REPOSITORY_RESOURCE_NAME"
    branch_pattern = "BRANCH_NAMES"
  }
}

Replace the following:

  • REPOSITORY_GROUP: name of the repository group, such as default.
  • PROJECT_ID: your Google Cloud project ID.
  • REGION: a supported region, as stated in the Before you begin section of this page, that you have have configured in Developer Connect in your Google Cloud project.
  • INDEX_NAME: name of the index you created in a preceding step to create an index.
  • REPOSITORY_RESOURCE_NAME: name of the repository inside the Developer Connect connection. To find the name of the repository, go to the Developer Connect page in the Google Cloud console, and in the Repositories tab, look for the Connection ID under the Connection column in the table. To copy the resource name, click the more_vert menu for more options, and select Copy resource path.
  • BRANCH_NAMES: name of the branches you want to index, such as main|dev.

You also can create a repository group with repositories defined in a JSON (or YAML) file, formatted as follows:

JSON

[
  {
      "resource": "REPOSITORY_RESOURCE_NAME", "branchPattern": "main|dev"
  },
  {
      "resource": "REPOSITORY_RESOURCE_NAME", "branchPattern": "dev"
  }
]

YAML

- resource: REPOSITORY_RESOURCE_NAME
  branchPattern: main|dev

- resource: REPOSITORY_RESOURCE_NAME
  branchPattern: dev

To create a repository group based on a JSON or YAML file, in a shell environment, use the gemini code-repository-indexes repository-groups create command:

JSON

gcloud gemini code-repository-indexes repository-groups create REPOSITORY_GROUP \
    --project=PROJECT_ID \
    --location=REGION \
    --code-repository-index=INDEX_NAME \
    --repositories=FILEPATH.json

YAML

gcloud gemini code-repository-indexes repository-groups create REPOSITORY_GROUP \
    --project=PROJECT_ID \
    --location=REGION \
    --code-repository-index=INDEX_NAME \
    --repositories=FILEPATH.yaml

If preferred, you can encrypt and control your data with a customer-managed encryption key (CMEK) through Cloud Key Management Service. To learn more about using a CMEK, see Encrypt data with customer-managed encryption keys.

Grant IAM role to the repository group on a project

You only receive suggestions from repositories in the index. Each repository belongs to one or multiple repository groups. To access suggestions, you must grant the Cloud AI Companion Repository Groups User IAM role (roles/cloudaicompanion.repositoryGroupsUser)—which contains the required cloudaicompanion.repositoryGroups.user IAM permission—to the repository group by one of the following ways:

  • Grant principals permission to access the entire index.
  • Grant principals access to a subset of the index.

Grant principals permission to access the entire index

  1. To bind an IAM policy for a project, in a shell environment, use the projects add-iam-policy-binding command:

    gcloud projects add-iam-policy-binding PROJECT_ID \
        --member='PRINCIPAL' \
        --role='roles/cloudaicompanion.repositoryGroupsUser'
    

    Replace the following:

    • PROJECT_ID: the project ID where the repository group is located.
    • PRINCIPAL: the email address of the principal that needs access—for example, user:test-user@gmail.com for an individual, or group:admins@example.com for a group.

    For more information, see gcloud projects set-iam-policy.

  2. When prompted to specify a condition, enter None.

Grant principals access to a subset of the index

You can create multiple repository groups and assign IAM roles to different IAM principals.

gcloud

In order to set up an IAM policy you must prepare the IAM policy JSON or YAML file, which will contain a list of IAM groups and assigned roles. For example:

bindings:
- members:
  - group:my-group@example.com
  - user:test-user@example.com
  role: roles/cloudaicompanion.repositoryGroupsUser

For additional details and syntax, see Understanding allow policies.

To set the IAM policy, in a shell environment, use the gemini code-repository-indexes repository-groups set-iam-policy command:

gcloud gemini code-repository-indexes repository-groups set-iam-policy GROUP_NAMEPOLICY_FILE \
    --project=PROJECT_ID \
    --location=REGION \
    --code-repository-index=INDEX_NAME

Replace the following:

Terraform

data "google_iam_policy" "foo" {
  provider = google-beta
  binding {
    role = "roles/cloudaicompanion.repositoryGroupsUser"
    members = ["test-user@example.com"]
  }
}

resource "google_gemini_repository_group_iam_policy" "foo" {
  provider = google-beta
  project = "PROJECT_ID"
  location = "REGION"
  code_repository_index_id = "INDEX_NAME"
  repository_group_id = "GROUP_NAME"
  policy_data = data.google_iam_policy.foo.policy_data
}

data "google_gemini_repository_group_iam_policy" "foo" {
  provider = google-beta
  project = "PROJECT_ID"
  location = "REGION"
  code_repository_index_id = "INDEX_NAME"
  repository_group_id = "GROUP_NAME"
  depends_on = [
    google_gemini_repository_group_iam_policy.foo
  ]
}

You can also create a binding:

resource "google_gemini_repository_group_iam_binding" "foo" {
  provider = google-beta
  project = "PROJECT_ID"
  location = "REGION"
  code_repository_index_id = "INDEX_NAME"
  repository_group_id = "GROUP_NAME"
  role = "roles/cloudaicompanion.repositoryGroupsUser"
  members = ["test-user@example.com"]
}

Replace the following:

Check indexing status

Depending on the number of repositories you want to index and their size, indexing content can take up to 24 hours. For large repositories, indexing can take longer. Indexing occurs once every 24 hours, picking up any changes that were made in the repository.

  1. Search for the indexing logs. For more information, see Logging query language.

    Console

    1. In the Google Cloud console, go to the Logs Explorer.

      Go to Logs Explorer

    2. Use the log names filter to view indexing logs.

    gcloud

    To search for the indexing logs, in a shell environment, use the logging read command:

    gcloud logging read "logName="projects/PROJECT_ID/logs/indexing""
    

    Replace PROJECT_ID with the project ID where the repository group is located.

    For example, to view errors in the indexing logs, run the following command:

    gcloud logging read "logName="projects/PROJECT_ID/logs/indexing" AND severity>=ERROR"
    
  2. Review the associated indexing statuses, such as the following:

    • Start of repository indexing-for example, Indexing repository REPOSITORY_NAME. Total number of repositories: 10, succeeded: 6, failed: 0.
    • End of individual repository indexing-for example:
      • Success: Successfully finished indexing repository REPOSITORY_NAME. Total number of repositories: 10, succeeded: 7, failed: 0.
      • Failure: Failed to index repository REPOSITORY_NAME. Error: [<error message>]. Total number of repositories: 10, succeeded: 7, failed: 1.
    • End of repository indexing-for example:
      • Success: Finished indexing process. Repositories attempted: 10. Repositories successfully indexed: 9. Repositories unsuccessfully fetched: 0.
      • Failure: Finished indexing process. Repositories attempted: 10. Repositories successfully indexed: 9. Repositories unsuccessfully fetched: 1. Repositories that were not successfully fetched will be retried in the next run.

    In the index statuses, REPOSITORY_NAME is the repository you want to review.

  3. Review the associated indexing errors, such as the following:

    • Failed to fetch repository.
    • Failed to list repository files.
    • Failed to retrieve repository information from the index.
    • Failed to retrieve files from the index.
    • Internal error.

Use code customization

Once you have set up code customization, users will begin to see code completion and code generation suggestions which may be based on private code you have indexed in addition to results from full codebase awareness.

Turn off code customization

  1. To list all repository groups for the current index, in a shell environment, use the gemini code-repository-indexes repository-groups list command:

    gcloud gemini code-repository-indexes repository-groups list --location=REGION \
        --project=PROJECT_ID \
        --code-repository-index=INDEX_NAME --uri
    

    Replace the following:

    • REGION: a supported region, as stated in the Before you begin section of this page, that you have configured in Developer Connect in your Google Cloud project.
    • PROJECT_ID: your Google Cloud project ID.
    • INDEX_NAME: name of the index you created in a preceding step to create an index.
  2. To delete a repository group from the current index, use the gemini code-repository-indexes repository-groups delete command:

    gcloud gemini code-repository-indexes repository-groups delete REPOSITORY_GROUP \
        --location=REGION \
        --project=PROJECT_ID \
        --code-repository-index=INDEX_NAME
    
  3. Repeat step 3 for each repository group until you delete all repository groups from the index.

  4. Optional: To delete the index, in a shell environment, use the gemini code-repository-indexes delete command:

    gcloud gemini code-repository-indexes delete INDEX_NAME \
        --location=REGION \
        --project=PROJECT_ID
    

What's next