Gemini AI Code Review - Setup Guide

Overview

This Azure DevOps task provides AI-powered code review for both Git Pull Requests and TFVC Gated Check-ins using Google's Gemini AI.

Features

✅ Supports both Git and TFVC repositories
✅ Multiple API keys for load balancing
✅ Multiple model support (Gemini 1.5 Flash, Pro, etc.)
✅ Automatic retry with rate limiting
✅ File pattern exclusion
✅ Binary file filtering
✅ Customizable review language and code language

Git Repository Setup

1. Pipeline Configuration

Create a build pipeline triggered by Pull Requests:

trigger: none

pr:
  branches:
    include:
      - main
      - develop

pool:
  vmImage: "ubuntu-latest" # or windows-latest

steps:
  - task: AICodeReview@1
    inputs:
      apiKey: "$(GeminiApiKey)" # Store in pipeline variables as secret
      model: "gemini-1.5-flash"
      temperature: "0.7"
      maxOutputToken: "2048"
      commentLanguage: "English"
      codeLanguage: "C#"
      excludedFilePath: "*.json,*.md,package-lock.json"

2. Required Permissions

Ensure the build service account has permissions to:

Read the repository
Comment on pull requests

Go to Project Settings → Repositories → Select your repo → Security → Find [Project Name] Build Service and grant:

✅ Contribute to pull requests
✅ Read

3. Enable System.AccessToken

In your pipeline YAML, add:

steps:
  - checkout: self
    persistCredentials: true

TFVC Repository Setup

1. Gated Check-in Configuration

Option A: Using Classic Build Pipeline

Go to Pipelines → Create Pipeline → Use the classic editor
Select TFVC as the source
Choose your repository and branch mapping (e.g., $/ProjectName/Main)
Triggers Tab:
- Enable Gated check-in
- Select branches/folders to protect
Tasks Tab:
- Add the Gemini AI Code Review task
- Configure inputs (see below)

Option B: Using YAML (with gated check-in trigger)

Create a YAML file in your TFVC repository:

# Note: TFVC gated check-in is primarily configured through the UI
# This YAML defines the build process

trigger: none # Gated builds are triggered differently

pool:
  vmImage: "windows-latest" # TF.exe requires Windows

variables:
  - name: GeminiApiKey
    value: "your-api-key-here" # Better: use variable group

steps:
  - checkout: self
    clean: true

  - task: AICodeReview@1
    displayName: "Review TFVC Shelveset"
    inputs:
      apiKey: "$(GeminiApiKey)"
      model: "gemini-1.5-flash,gemini-1.5-pro"
      temperature: "0.7"
      maxOutputToken: "2048"
      commentLanguage: "English"
      codeLanguage: "C#"
      excludedFilePath: "*.config,*.json"
      tfExePath: 'C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\TF.exe'

2. Agent Requirements for TFVC

The build agent must have:

✅ Visual Studio or Team Explorer installed (for TF.exe)
✅ Windows OS (TF.exe is Windows-only)
✅ Access to your TFVC server

Common TF.exe locations:

VS 2022: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\TF.exe
VS 2019: C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TeamFoundation\Team Explorer\TF.exe

3. How TFVC Gated Check-in Works

Developer makes changes locally in their workspace
Developer attempts to check in
Azure DevOps creates a shelveset with the pending changes
The build pipeline runs against the shelveset
If build passes: Changes are automatically checked in
If build fails: Check-in is rejected, developer must fix issues

4. Viewing TFVC Reviews

Since TFVC doesn't have PR comments, reviews are published to:

Build Summary: Attached as markdown files
Build Logs: Warnings logged for critical issues
Build Artifacts: Review files in staging directory

Access reviews:

Go to the failed/completed build
Click the Summary tab
Look for attachments like Code Review - filename.cs.md

5. TFVC-Specific Features

Automatic Build Failure

If critical issues are found, the task will:

// Fail the build, preventing check-in
tl.setResult(tl.TaskResult.Failed, "Review found critical issues");

Issue Logging

Critical findings trigger pipeline warnings:

##vso[task.logissue type=warning]Code review found potential issues in MyFile.cs

Task Input Parameters

Parameter	Required	Default	Description
`apiKey`	✅	-	Comma-separated Gemini API keys
`model`	✅	`gemini-1.5-flash`	Comma-separated model names
`temperature`	✅	`0.7`	Randomness (0.0-1.0)
`maxOutputToken`	✅	`2048`	Max response tokens
`commentLanguage`	✅	`English`	Review comment language
`codeLanguage`	❌	`C#`	Programming language
`excludedFilePath`	❌	-	File patterns to skip
`tfExePath`	❌	Auto-detect	Custom TF.exe path (TFVC only)

Best Practices

1. API Key Management

Do NOT hardcode API keys! Use Azure DevOps secret variables:

Go to Pipelines → Library → Variable Groups
Create a new group (e.g., AI-Review-Secrets)
Add variable GeminiApiKey and mark it as Secret
Link the variable group to your pipeline

2. Multiple API Keys for Rate Limiting

apiKey: "$(GeminiKey1),$(GeminiKey2),$(GeminiKey3)"

The task will rotate through keys if rate limits are hit.

3. Model Selection

gemini-1.5-flash: Faster, cheaper, good for most reviews
gemini-1.5-pro: More thorough, better for complex code
Multiple models: gemini-1.5-flash,gemini-1.5-pro for fallback

4. Exclude Unnecessary Files

excludedFilePath: "*.json,*.md,*.config,package-lock.json,yarn.lock,*.min.js"

5. TFVC Performance Optimization

Use mapped workspaces (not server workspaces) for faster diff extraction
Limit shelveset size to avoid timeouts
Consider excluding large binary files or generated code

Troubleshooting

Git PR Issues

Problem: Comments not appearing in PR

Solution: Check build service has "Contribute to pull requests" permission
Solution: Verify System.AccessToken is available in the pipeline

Problem: "No target branch found"

Solution: Ensure PR trigger is properly configured
Solution: Check System.PullRequest.TargetBranch variable exists

TFVC Issues

Problem: "TF.exe not found"

# Solution: Specify exact path
tfExePath: 'C:\Path\To\TF.exe'

Problem: "No shelveset name found"

Solution: Ensure build is triggered by gated check-in, not manual/CI
Solution: Verify Build.SourceBranch contains shelveset reference

Problem: "Could not get diff from shelveset"

Solution: Check agent has access to TFVC server
Solution: Ensure workspace is properly mapped
Solution: Verify build service account has read permissions

Problem: Timeout getting shelveset changes

Solution: Reduce number of files in shelveset
Solution: Increase build timeout in pipeline settings
Solution: Exclude large files or folders

General Issues

Problem: Rate limit errors

Solution: Add multiple API keys
Solution: Reduce maxOutputToken
Solution: Review fewer files per run

Problem: Poor review quality

Solution: Increase temperature for more creative reviews (0.8-1.0)
Solution: Switch to gemini-1.5-pro for better analysis
Solution: Adjust prompt in review.ts for specific coding standards

Migration Path: Git → TFVC or Vice Versa

The same task works for both! Just:

For Git: Trigger on PR, task auto-detects Git mode
For TFVC: Trigger on gated check-in, task auto-detects TFVC mode

No code changes needed when switching repository types.

Architecture Differences

Git Flow

PR Created → Build Triggered → Get git diff → Review → Post PR Comments

TFVC Flow

Check-in Attempted → Shelveset Created → Build Triggered →
Get Shelveset Diff → Review → Write to Build Summary →
Pass: Auto Check-in | Fail: Reject Check-in

Example Review Output

For Git (PR Comment)

**Code Review: src/MyClass.cs**

## Issues Found

### 🔴 Critical

- Line 42: Potential SQL injection vulnerability

  ```csharp
  // Bad
  var query = $"SELECT * FROM Users WHERE Id = {userId}";

  // Good
  var query = "SELECT * FROM Users WHERE Id = @userId";
  ```

⚠️ Warning

Line 15: Consider using using statement for IDisposable


### For TFVC (Build Summary Attachment)
Same format, but saved as `Code_Review_MyClass.cs.md` in build artifacts.

Gemini AI Code Review (Git & TFVC)

Ong Wai Kiat