Add PR workflow, Gradle wrapper, and simplify podspec

[fcarrero]

Summary

• Add GitHub Actions workflow for pull requests with typecheck, tests, package validation, Android and iOS checks
• Add Gradle wrapper to android/ for CI build validation
• Simplify ConektaElements.podspec to use a direct download URL with checksum verification (no more ~/.netrc required)
• Update Conekta Elements Compose dependency to 0.0.2-beta.2

Test plan

• Verify PR workflow triggers on pull requests to main
• Verify tsc --noEmit and vitest pass in CI
• Verify npm pack --dry-run succeeds
• Verify Gradle wrapper validation and ./gradlew tasks pass
• Verify iOS podspec syntax and source file checks pass
• Verify pod install works without ~/.netrc credentials

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the project's build and continuous integration processes. It introduces automated checks for code quality and platform-specific builds, streamlines the iOS dependency management by removing a credential requirement, and updates core development dependencies. These changes aim to improve developer experience, ensure code stability, and simplify future maintenance.

Highlights

• CI/CD Workflow: A new GitHub Actions workflow has been added for pull requests, including type checking, tests, package validation, and Android/iOS specific checks.
• Gradle Wrapper Integration: The Gradle wrapper has been introduced to the android/ directory, standardizing Android build validation within the CI environment.
• Simplified iOS Podspec: The ConektaElements.podspec has been updated to directly download the composeKit.xcframework.zip from a specific release URL with SHA256 checksum verification, eliminating the prior requirement for ~/.netrc GitHub credentials.
• Dependency Updates: The Conekta Elements Compose dependency for Android has been updated to version 0.0.2-beta.2, and various esbuild and vite related dependencies in package-lock.json were adjusted.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• ConektaElements.podspec
  • Removed logic for dynamically fetching the latest release URL for composeKit.xcframework.zip.
  • Updated prepare_command to directly download composeKit.xcframework.zip from a fixed URL (0.2.0-beta.2).
  • Added SHA256 checksum verification for the downloaded composeKit.xcframework.zip.
  • Removed comments and instructions related to ~/.netrc GitHub credentials.
• android/build.gradle
  • Removed the custom Maven repository configuration for https://maven.pkg.github.com/conekta/conekta-elements.
  • Updated the conekta-elements-compose dependency from 0.0.1-beta.8 to 0.0.2-beta.2.
• android/gradle/wrapper/gradle-wrapper.properties
  • Added the standard Gradle wrapper properties file, configuring the distribution URL to gradle-8.2-bin.zip.
• android/gradlew
  • Added the Unix-like Gradle wrapper script.
• android/gradlew.bat
  • Added the Windows Gradle wrapper batch script.
• package-lock.json
  • Downgraded esbuild and its platform-specific optional dependencies from version 0.27.3 to 0.25.12.
  • Downgraded vite from version 7.3.1 to 6.4.1.
  • Updated various vite sub-dependencies including fdir, picomatch, postcss, rollup, and tinyglobby.
  • Adjusted the node engine requirement for vite to be more inclusive (^18.0.0 || ^20.0.0 || >=22.0.0).
  • Modified vite's peer dependencies for less, sass, sass-embedded, stylus, and sugarss to accept any version (*).
  • Updated @types/node peer dependency range for vite.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/pull-request.yml

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[Copilot]

Pull request overview

This PR sets up CI infrastructure for pull requests and simplifies the Android and iOS native dependencies by removing the need for private GitHub Packages authentication. It adds a GitHub Actions workflow to validate TypeScript, tests, npm packaging, Android build configuration, and iOS podspec on every PR to main.

Changes:

• Added GitHub Actions PR workflow with four jobs: type check & tests, package validation, Android build validation, and iOS podspec validation
• Added Gradle wrapper (gradlew, gradlew.bat, gradle-wrapper.jar, gradle-wrapper.properties) to the android/ directory for CI use
• Simplified ConektaElements.podspec to use a hardcoded download URL with SHA-256 checksum, removing the ~/.netrc requirement; updated Android dependency to io.conekta:conekta-elements-compose:0.0.2-beta.2 and removed private Maven registry

Reviewed changes

Copilot reviewed 6 out of 8 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
.github/workflows/pull-request.yml	New CI workflow for PRs; adds Android and iOS validation jobs
ConektaElements.podspec	Replaces authenticated GitHub API download with direct public URL + checksum
android/build.gradle	Removes private Maven registry, updates Conekta Compose dependency version
android/gradlew	Standard Gradle wrapper shell script for POSIX environments
android/gradlew.bat	Standard Gradle wrapper batch script for Windows
android/gradle/wrapper/gradle-wrapper.properties	Gradle 8.2 distribution configuration
android/gradle/wrapper/gradle-wrapper.jar	Binary Gradle wrapper bootstrap JAR
package-lock.json	Vite downgraded from 7.x to 6.x and esbuild from 0.27.x to 0.25.x (both compatible with vitest 4.x)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[gemini-code-assist]

Code Review

This pull request introduces a GitHub Actions workflow for CI, adds the Gradle wrapper for consistent Android builds, and simplifies the iOS podspec by using a direct download URL. However, a critical vulnerability exists in the podspec where the checksum verification does not stop execution upon failure, which could lead to the use of an unverified or malicious framework. Additionally, my review includes suggestions to improve maintainability by extracting hardcoded dependency versions into variables in both the podspec and build.gradle files, and a question about a potential unintentional downgrade of vite and esbuild dependencies in package-lock.json. Positive security changes include the removal of hardcoded credentials from android/build.gradle.