fix(ci): python genkit v0.5.0 tags

[yesudeep]

Summary

Adds CI authentication and bootstrap infrastructure for the releasekit release pipeline.

Auth job (3-tier: App → PAT → GITHUB_TOKEN)

All 8 release workflows (1 live + 7 sample templates) now include an auth job with:

• GitHub App (preferred) — passes CLA, triggers downstream CI
• Personal Access Token — passes CLA, triggers downstream CI
• GITHUB_TOKEN (fallback) — zero setup, but PRs won't trigger CI

Each mode resolves git identity (user name + email) for commit attribution:

• App: uses <app-slug>[bot] identity with API-fetched user ID
• PAT: uses RELEASEKIT_GIT_USER_NAME/RELEASEKIT_GIT_USER_EMAIL repo variables (falls back to releasekit[bot])
• GITHUB_TOKEN: uses the same repo variables (falls back to github-actions[bot])

This means CLA checks can pass even with GITHUB_TOKEN by setting repo variables to a CLA-signed identity.

auth_method dropdown

All workflows now include an auth_method choice in the workflow dispatch UI:

Value	Behavior
auto	Auto-detect from configured secrets (default)
app	Force GitHub App token
pat	Force PAT
github-token	Force built-in GITHUB_TOKEN

Bootstrap tags

• bootstrap_tags.py — Standalone PEP 723 script that reads releasekit.toml, discovers all workspace packages using library_dirs, and creates per-package tags at the bootstrap_sha commit
• 24 tags pushed to origin (23 per-package + 1 umbrella py/v0.5.0)

Code review fixes

• Added RELEASEKIT_GIT_USER_NAME/RELEASEKIT_GIT_USER_EMAIL env vars to prepare and release job steps
• Added error handling for gh api call when fetching App bot user ID (falls back to user_id=0)
• Unified identity resolution across all 8 workflows (non-uv workflows previously only resolved token, not identity)
• bootstrap_tags.py now reads library_dirs from releasekit.toml instead of hardcoding ['packages', 'plugins']
• Restored logging module calls (previously stripped as pass placeholders for T20 compliance)

Documentation

Added to README.md:

• CI Authentication section with setup instructions for all 3 auth modes
• auth_method dropdown reference table
• Bootstrap Tags section with usage examples

Setup instructions

To configure CLA-passing identity with GITHUB_TOKEN (no App/PAT needed):

1. Go to https://github.com/firebase/genkit/settings/variables/actions
2. Add RELEASEKIT_GIT_USER_NAME = your name
3. Add RELEASEKIT_GIT_USER_EMAIL = your CLA-signed email

Follow-up

• releasekit init could auto-create bootstrap tags when bootstrap_sha is set (instead of requiring a separate script)
• Configure GitHub App or PAT for full CI integration (GITHUB_TOKEN PRs don't trigger downstream workflows)

Files changed

File	Change
.github/workflows/releasekit-uv.yml	Auth job + identity + auth_method
py/tools/releasekit/github/workflows/releasekit-uv.yml	Auth job + identity + auth_method
py/tools/releasekit/github/workflows/releasekit-cargo.yml	Auth job + identity + auth_method
py/tools/releasekit/github/workflows/releasekit-dart.yml	Auth job + identity + auth_method
py/tools/releasekit/github/workflows/releasekit-go.yml	Auth job + identity + auth_method
py/tools/releasekit/github/workflows/releasekit-gradle.yml	Auth job + identity + auth_method
py/tools/releasekit/github/workflows/releasekit-pnpm.yml	Auth job + identity + auth_method
py/tools/releasekit/scripts/bootstrap_tags.py	Dynamic discovery + logging
py/tools/releasekit/README.md	Auth + bootstrap docs

[gemini-code-assist]

Summary of Changes

Hello @yesudeep, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the releasekit CI system by introducing a robust and flexible authentication mechanism across all language-specific workflows (Cargo, Dart, Go, Gradle, pnpm, uv). It allows for prioritized use of GitHub Apps, PATs, or GITHUB_TOKEN for release operations, improving security and functionality, especially regarding CLA checks and downstream CI triggers. Additionally, a new utility script is provided to simplify the initial setup of Git tags for existing projects, ensuring accurate versioning from the outset.

Highlights

• Flexible CI Authentication: Implemented a robust CI authentication system for releasekit workflows, supporting GitHub Apps, Personal Access Tokens (PATs), and the default GITHUB_TOKEN with a priority-based auto-detection mechanism.
• Centralized Token Resolution: Introduced a new auth job in all language-specific releasekit workflows to dynamically resolve and provide the appropriate authentication token to subsequent jobs, enhancing security and consistency.
• Bootstrap Tagging Script: Added a new Python script (bootstrap_tags.py) to simplify the initial creation of per-package Git tags for existing repositories adopting releasekit, ensuring correct version baselines.
• Enhanced Documentation: Updated the README.md with comprehensive documentation on configuring the new CI authentication methods and utilizing the bootstrap tags script.
• Python Genkit PR Title Template: Configured a specific pull request title template for Python Genkit releases in releasekit.toml.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• py/tools/releasekit/README.md
  • Added detailed documentation for CI authentication methods (GitHub App, PAT, GITHUB_TOKEN) and their configuration.
  • Included instructions and usage examples for the new bootstrap_tags.py script.
• py/tools/releasekit/github/workflows/releasekit-cargo.yml
  • Introduced RELEASEKIT_APP_PRIVATE_KEY and RELEASEKIT_TOKEN as workflow inputs.
  • Added an auth_method input to allow explicit selection of authentication type.
  • Implemented a new auth job to resolve the appropriate GitHub token.
  • Updated prepare, release, publish, and notify jobs to use the token resolved by the auth job.
• py/tools/releasekit/github/workflows/releasekit-dart.yml
  • Introduced RELEASEKIT_APP_PRIVATE_KEY and RELEASEKIT_TOKEN as workflow inputs.
  • Added an auth_method input to allow explicit selection of authentication type.
  • Implemented a new auth job to resolve the appropriate GitHub token.
  • Updated prepare, release, publish, and notify jobs to use the token resolved by the auth job.
• py/tools/releasekit/github/workflows/releasekit-go.yml
  • Introduced RELEASEKIT_APP_PRIVATE_KEY and RELEASEKIT_TOKEN as workflow inputs.
  • Added an auth_method input to allow explicit selection of authentication type.
  • Implemented a new auth job to resolve the appropriate GitHub token.
  • Updated prepare, release, publish, and notify jobs to use the token resolved by the auth job.
• py/tools/releasekit/github/workflows/releasekit-gradle.yml
  • Introduced RELEASEKIT_APP_PRIVATE_KEY and RELEASEKIT_TOKEN as workflow inputs.
  • Added an auth_method input to allow explicit selection of authentication type.
  • Implemented a new auth job to resolve the appropriate GitHub token.
  • Updated prepare, release, publish, and notify jobs to use the token resolved by the auth job.
• py/tools/releasekit/github/workflows/releasekit-pnpm.yml
  • Introduced RELEASEKIT_APP_PRIVATE_KEY and RELEASEKIT_TOKEN as workflow inputs.
  • Added an auth_method input to allow explicit selection of authentication type.
  • Implemented a new auth job to resolve the appropriate GitHub token.
  • Updated prepare-js, prepare-js-cli, release-js, publish-js, and notify-js jobs to use the token resolved by the auth job.
• py/tools/releasekit/github/workflows/releasekit-uv.yml
  • Introduced RELEASEKIT_APP_PRIVATE_KEY and RELEASEKIT_TOKEN as workflow inputs.
  • Added an auth_method input to allow explicit selection of authentication type.
  • Implemented a new auth job with enhanced logic to resolve the appropriate GitHub token and set git user identity.
  • Updated prepare, release, publish, and notify jobs to use the token resolved by the auth job.
  • Added GH_TOKEN to the environment for releasekit prepare and releasekit release steps.
• py/tools/releasekit/scripts/bootstrap_tags.py
  • Added a new Python script to create initial per-package git tags based on pyproject.toml files at a specified bootstrap SHA.
• releasekit.toml
  • Added pr_title_template configuration for Python Genkit releases.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/releasekit-uv.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request introduces a robust authentication mechanism for CI workflows and a helpful bootstrapping script for tags. The auth job logic in releasekit-uv.yml is well-implemented for identity resolution, but this logic is not fully utilized in the subsequent jobs, and other workflows use a simplified version that lacks identity resolution. Additionally, the bootstrap_tags.py script uses a risky git push --tags command which should be scoped to the relevant workspace tags to avoid unintended side effects in a monorepo environment.