Antigravity Agent
7.6 KiB
7.6 KiB
id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack
| id | title | category | status | canonical_id | aliases | duplicate_of | source_trust_level | confidence_score | verification_status | tags | raw_sources | last_reinforced | github_commit | tech_stack | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| wiki-2026-0508-g-stack-integration-guide | G Stack Integration Guide | 10_Wiki/Topics | verified | self |
|
none | A | 0.9 | applied |
|
2026-05-10 | pending |
|
G-Stack Integration Guide
매 한 줄
"매 GitHub + Gemini + Google Cloud 를 single coherent dev stack 으로 묶는다". 매 G-Stack은 source control(GitHub), AI assist(Gemini Code Assist), cloud runtime(GCP/Cloud Run/Vertex AI) 의 통합 — 2026 Google ecosystem 의 매 default flow. GitHub Actions ↔ Cloud Build ↔ Vertex AI ↔ Gemini API.
매 핵심
매 G-Stack 구성
- GitHub: source, Actions CI/CD, Codespaces, Copilot 대안 = Gemini Code Assist
- Gemini: API (Gemini 2.5 Pro, Flash), Code Assist IDE plugin, Vertex AI
- Google Cloud: Cloud Run, GKE, Cloud Build, Artifact Registry, Vertex AI
매 핵심 integration points
- OIDC: 매 GitHub Actions → GCP keyless auth (no JSON key)
- Workload Identity Federation: 매 short-lived token
- Cloud Build trigger: 매 GitHub push → automated build
- Vertex AI agent: 매 Gemini 모델 + custom data RAG
매 응용
- CI/CD: GitHub Actions deploy to Cloud Run.
- AI-assisted dev: Gemini Code Assist in VSCode.
- Custom RAG: Vertex AI Agent Builder + GitHub repo source.
- Production LLM: Gemini API + Cloud Run wrapper.
💻 패턴
GitHub Actions → Cloud Run (OIDC, no key)
# .github/workflows/deploy.yml
name: Deploy to Cloud Run
on:
push:
branches: [main]
permissions:
contents: read
id-token: write # 매 OIDC token 발급
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: projects/123456/locations/global/workloadIdentityPools/github/providers/github
service_account: deploy@my-project.iam.gserviceaccount.com
- uses: google-github-actions/setup-gcloud@v2
- name: Build and Deploy
run: |
gcloud builds submit --tag us-central1-docker.pkg.dev/my-project/repo/app
gcloud run deploy app \
--image us-central1-docker.pkg.dev/my-project/repo/app \
--region us-central1 \
--allow-unauthenticated
Workload Identity Federation 설정 (Terraform)
resource "google_iam_workload_identity_pool" "github" {
workload_identity_pool_id = "github"
}
resource "google_iam_workload_identity_pool_provider" "github" {
workload_identity_pool_id = google_iam_workload_identity_pool.github.workload_identity_pool_id
workload_identity_pool_provider_id = "github"
attribute_mapping = {
"google.subject" = "assertion.sub"
"attribute.repository" = "assertion.repository"
}
attribute_condition = "assertion.repository_owner == 'myorg'"
oidc {
issuer_uri = "https://token.actions.githubusercontent.com"
}
}
resource "google_service_account_iam_member" "github_act_as" {
service_account_id = google_service_account.deploy.name
role = "roles/iam.workloadIdentityUser"
member = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.github.name}/attribute.repository/myorg/myrepo"
}
Gemini API (Python, Cloud Run)
import os
from google import genai
from fastapi import FastAPI
client = genai.Client(api_key=os.environ["GEMINI_API_KEY"])
app = FastAPI()
@app.post("/chat")
async def chat(prompt: str):
response = client.models.generate_content(
model="gemini-2.5-pro",
contents=prompt,
config={
"temperature": 0.7,
"max_output_tokens": 2048,
}
)
return {"text": response.text}
Vertex AI RAG (GitHub repo as source)
from google.cloud import aiplatform
from vertexai.preview import rag
aiplatform.init(project="my-project", location="us-central1")
corpus = rag.create_corpus(
display_name="github-repo-rag",
embedding_model_config=rag.EmbeddingModelConfig(
publisher_model="publishers/google/models/text-embedding-005"
)
)
# 매 GitHub mirror → GCS → Vertex
rag.import_files(
corpus_name=corpus.name,
paths=["gs://my-bucket/github-mirror/"],
chunk_size=1024,
)
# 매 query
response = rag.retrieval_query(
rag_resources=[rag.RagResource(rag_corpus=corpus.name)],
text="How does the auth module work?",
similarity_top_k=5,
)
Gemini Code Assist (VSCode settings)
{
"geminicodeassist.project": "my-gcp-project",
"geminicodeassist.enableInlineCompletions": true,
"geminicodeassist.enableTelemetry": false,
"github.copilot.enable": { "*": false }
}
Cloud Build trigger (GitHub push)
# cloudbuild.yaml
steps:
- name: 'gcr.io/cloud-builders/docker'
args: ['build', '-t', 'us-central1-docker.pkg.dev/$PROJECT_ID/repo/app:$COMMIT_SHA', '.']
- name: 'gcr.io/cloud-builders/docker'
args: ['push', 'us-central1-docker.pkg.dev/$PROJECT_ID/repo/app:$COMMIT_SHA']
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
entrypoint: gcloud
args:
- run
- deploy
- app
- --image=us-central1-docker.pkg.dev/$PROJECT_ID/repo/app:$COMMIT_SHA
- --region=us-central1
options:
logging: CLOUD_LOGGING_ONLY
Secret Manager → Cloud Run
# 매 secret 생성
echo -n "$GEMINI_KEY" | gcloud secrets create gemini-api-key --data-file=-
# 매 Cloud Run 에 마운트
gcloud run deploy app \
--image=... \
--update-secrets=GEMINI_API_KEY=gemini-api-key:latest \
--service-account=deploy@my-project.iam.gserviceaccount.com
Monitoring (Cloud Logging + Sentry)
import google.cloud.logging
import sentry_sdk
google.cloud.logging.Client().setup_logging()
sentry_sdk.init(dsn=os.environ["SENTRY_DSN"], traces_sample_rate=0.1)
import logging
logging.info("매 structured log to Cloud Logging")
매 결정 기준
| 상황 | G-Stack tool |
|---|---|
| Solo prototype | GitHub + Gemini Code Assist + Cloud Run |
| Production API | + Vertex AI + Secret Manager + Cloud Build |
| ML/LLM heavy | Vertex AI Agent Builder + RAG |
| Enterprise | + WIF + Org policy + VPC-SC |
| Multi-cloud | GitHub Actions abstraction layer |
기본값: 매 OIDC (no JSON key), Cloud Run (serverless), Gemini 2.5 Flash (cheap default).
🔗 Graph
- 부모: DevOps · Cloud Architecture
- 변형: AWS Stack · Azure Stack · Vercel Stack
- 응용: GitHub Actions · Cloud Run · Vertex AI · Gemini API
- Adjacent: OIDC · Workload Identity · Infrastructure as Code
🤖 LLM 활용
언제: 매 GCP+GitHub 통합 troubleshooting, OIDC 설정 검증, Vertex AI agent 설계. 언제 X: 매 multi-cloud agnostic — G-Stack 은 GCP-tied.
❌ 안티패턴
- JSON service account key: 매 long-lived key — leak risk. OIDC 로 교체.
- Hardcoded Gemini key in repo: 매 obvious leak. Secret Manager 사용.
- Public Cloud Run: 매
--allow-unauthenticated인데 매 sensitive endpoint → 매 IAM/IAP. - No budget alert: 매 Vertex AI 무한 query → 매 unexpected bill.
🧪 검증 / 중복
- Verified (GitHub Docs, "Configuring OpenID Connect in Google Cloud Platform").
- Verified (Google Cloud Docs, Workload Identity Federation, 2024).
- Verified (Vertex AI RAG Engine GA, 2024).
- 신뢰도 A.
🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — GitHub+Gemini+GCP integration patterns |