Conversation
Connor-Byram
commented
Mar 17, 2026
Connor-Byram
commented
- Osano added on listening mode; React cookie manage remains intact
- GA4 script switched for GTM script
- Cookie manager JS updated to listen for GTM Consent Change event
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the website's analytics and cookie consent management by integrating Osano and migrating from direct GA4 implementation to Google Tag Manager. The changes ensure compliance with consent regulations while providing a more robust and flexible platform for managing tracking scripts. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Changelog
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces Osano for cookie consent management and migrates from a direct Google Analytics implementation to Google Tag Manager. The changes are generally well-implemented. My review focuses on improving configuration management by extracting hardcoded IDs into environment variables for better flexibility across different environments. Additionally, I've suggested a refactoring in the Root.tsx component to enhance code clarity, reduce duplication, and improve the efficiency of the consent handling logic.
|
Hi @Connor-Byram! Your DCO sign-off is in order, but the org requires commits to also have a cryptographic signature (GPG or SSH) so GitHub can show them as "Verified." These are two separate things — easy to miss since our CONTRIBUTING.md doesn't mention it yet (we're fixing that in opentdf/platform#3168). Here's how to get set up: Option A: SSH signing (simpler if you already use SSH for GitHub)
Option B: GPG signing
Fix the existing commitOnce signing is configured, you can re-sign the existing commit and force-push: git commit --amend -S --no-edit
git push --force-with-leaseLet me know if you run into any issues! |
marythought
left a comment
marythought
left a comment
There was a problem hiding this comment.
A few things to address — main issues are the handleAcceptCookie indentation and the consent update firing on every navigation. The Osano src attribute indentation is minor. Gemini's env var suggestion on the hardcoded IDs is worth doing too.
…okie manager to listen for GTM consent update event Signed-off-by: Connor Byram <connor.byram@virtru.com>
Connor-Byram
force-pushed
the
osano-and-gtm
branch
from
440a89f to
8db9bae
Compare
Updates 8 stale vendored OpenAPI specs in `specs/policy/` to match upstream `opentdf/platform`. Unblocks #243 (and any other open PRs hitting the vendored YAML check). Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
## Summary - **Split surge preview into build/deploy workflows** — the previous single workflow silently failed for fork PRs because GitHub restricts secrets and write tokens for `pull_request` workflows from forks. The build workflow (`surge-preview.yaml`) runs untrusted; the deploy workflow (`surge-preview-deploy.yaml`) runs in trusted context via `workflow_run` with access to secrets and write token. Preserves `workflow_dispatch` manual deploy/teardown. - **Post failure comment when preview build fails** — instead of silent failure, posts a PR comment with a link to the workflow logs and instructions for the most common fix (stale vendored YAML). - **Auto-update vendored specs in preview build** — runs `npm run update-vendored-yaml` before building so external contributors aren't blocked by stale specs they didn't introduce. - **Add commit signature verification check** — the org ruleset requires cryptographic signatures but GitHub's merge-box message is opaque and easily confused with DCO sign-off. This check fails with clear instructions for setting up GPG or SSH signing, including the specific `verification.reason` for debugging. ## Context Discovered via #243 (first fork PR to hit these workflows). All previous PRs were from same-repo branches where secrets and write tokens are available. Closes #244 ## Test plan - [ ] Same-repo PR: Surge Preview Build runs → Surge Preview deploys → comment posted on open - [ ] Fork PR: build runs (no secrets needed) → deploy runs in trusted context → comment posted - [ ] Build failure: failure comment posted with workflow log link and preview URL - [ ] PR close: teardown runs via `record-close` → deploy workflow tears down surge - [ ] Manual dispatch: deploy and teardown paths still work - [ ] Unsigned commits: Commit Signatures check fails with setup instructions - [ ] Signed commits: Commit Signatures check passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Added verification for cryptographic commit signatures on pull requests. * Established automated preview deployment system for pull requests. * Updated build and deployment workflow infrastructure. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2 participants
