agent :: gemini gitaction 에러 수정

Author: SeJonJ

.github/workflows/gemini-bug-guide.yml

@@ -30,7 +30,7 @@ jobs:
         id: 'mint_identity_token'
         if: |-
           ${{ vars.APP_ID }}
-        uses: 'actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf' # ratchet:actions/create-github-app-token@v2
+        uses: 'actions/create-github-app-token@v2'
         with:
           app-id: '${{ vars.APP_ID }}'
           private-key: '${{ secrets.APP_PRIVATE_KEY }}'
@@ -40,13 +40,13 @@ jobs:
 
       - name: 'Run Gemini Bug Analysis'
         id: 'gemini_analysis'
-        uses: 'google-github-actions/run-gemini-cli@v0' # ratchet:exclude
+        uses: 'google-github-actions/run-gemini-cli@v0'
         env:
           GITHUB_TOKEN: '${{ steps.mint_identity_token.outputs.token || secrets.GITHUB_TOKEN || github.token }}'
           ISSUE_TITLE: '${{ github.event.issue.title }}'
           ISSUE_BODY: '${{ github.event.issue.body }}'
           ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}'
-          GEMINI_CLI_TRUST_WORKSPACE: true
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
         with:
           gemini_api_key: '${{ secrets.GEMINI_API_KEY }}'
           gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}'

.github/workflows/gemini-invoke.yml

@@ -29,7 +29,7 @@ jobs:
         id: 'mint_identity_token'
         if: |-
           ${{ vars.APP_ID }}
-        uses: 'actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf' # ratchet:actions/create-github-app-token@v2
+        uses: 'actions/create-github-app-token@v2'
         with:
           app-id: '${{ vars.APP_ID }}'
           private-key: '${{ secrets.APP_PRIVATE_KEY }}'
@@ -38,11 +38,11 @@ jobs:
           permission-pull-requests: 'write'
 
       - name: 'Checkout Code'
-        uses: 'actions/checkout@v4' # ratchet:exclude
+        uses: 'actions/checkout@v4'
 
       - name: 'Run Gemini CLI'
         id: 'run_gemini'
-        uses: 'google-github-actions/run-gemini-cli@v0' # ratchet:exclude
+        uses: 'google-github-actions/run-gemini-cli@v0'
         env:
           TITLE: '${{ github.event.pull_request.title || github.event.issue.title }}'
           DESCRIPTION: '${{ github.event.pull_request.body || github.event.issue.body }}'
@@ -52,7 +52,7 @@ jobs:
           ISSUE_NUMBER: '${{ github.event.pull_request.number || github.event.issue.number }}'
           REPOSITORY: '${{ github.repository }}'
           ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}'
-          GEMINI_CLI_TRUST_WORKSPACE: true
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
         with:
           gemini_api_key: '${{ secrets.GEMINI_API_KEY }}'
           gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}'

.github/workflows/gemini-plan-execute.yml

@@ -31,7 +31,7 @@ jobs:
         id: 'mint_identity_token'
         if: |-
           ${{ vars.APP_ID }}
-        uses: 'actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf' # ratchet:actions/create-github-app-token@v2
+        uses: 'actions/create-github-app-token@v2'
         with:
           app-id: '${{ vars.APP_ID }}'
           private-key: '${{ secrets.APP_PRIVATE_KEY }}'
@@ -40,11 +40,11 @@ jobs:
           permission-pull-requests: 'write'
 
       - name: 'Checkout Code'
-        uses: 'actions/checkout@v4' # ratchet:exclude
+        uses: 'actions/checkout@v4'
 
       - name: 'Run Gemini CLI'
         id: 'run_gemini'
-        uses: 'google-github-actions/run-gemini-cli@v0' # ratchet:exclude
+        uses: 'google-github-actions/run-gemini-cli@v0'
         env:
           TITLE: '${{ github.event.pull_request.title || github.event.issue.title }}'
           DESCRIPTION: '${{ github.event.pull_request.body || github.event.issue.body }}'
@@ -54,7 +54,7 @@ jobs:
           ISSUE_NUMBER: '${{ github.event.pull_request.number || github.event.issue.number }}'
           REPOSITORY: '${{ github.repository }}'
           ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}'
-          GEMINI_CLI_TRUST_WORKSPACE: true
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
         with:
           gemini_api_key: '${{ secrets.GEMINI_API_KEY }}'
           gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}'

.github/workflows/gemini-review.yml

@@ -30,7 +30,7 @@ jobs:
         id: 'mint_identity_token'
         if: |-
           ${{ vars.APP_ID }}
-        uses: 'actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf' # ratchet:actions/create-github-app-token@v2
+        uses: 'actions/create-github-app-token@v2'
         with:
           app-id: '${{ vars.APP_ID }}'
           private-key: '${{ secrets.APP_PRIVATE_KEY }}'
@@ -39,10 +39,10 @@ jobs:
           permission-pull-requests: 'write'
 
       - name: 'Checkout repository'
-        uses: 'actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8' # ratchet:actions/checkout@v6
+        uses: 'actions/checkout@v4'
 
       - name: 'Run Gemini pull request review'
-        uses: 'google-github-actions/run-gemini-cli@v0' # ratchet:exclude
+        uses: 'google-github-actions/run-gemini-cli@v0'
         id: 'gemini_pr_review'
         env:
           GITHUB_TOKEN: '${{ steps.mint_identity_token.outputs.token || secrets.GITHUB_TOKEN || github.token }}'
@@ -51,7 +51,7 @@ jobs:
           PULL_REQUEST_NUMBER: '${{ github.event.pull_request.number || github.event.issue.number }}'
           REPOSITORY: '${{ github.repository }}'
           ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}'
-          GEMINI_CLI_TRUST_WORKSPACE: true
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
         with:
           gemini_api_key: '${{ secrets.GEMINI_API_KEY }}'
           gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}'

.github/workflows/gemini-scheduled-bug-verify.yml

@@ -2,8 +2,8 @@ name: '📅 Gemini Scheduled Bug Verify'
 
 on:
   schedule:
-    - cron: '0 0 * * *' # Every day at 00:00 UTC (9 AM KST)
-  workflow_dispatch: # Allow manual trigger
+    - cron: '0 0 * * *'
+  workflow_dispatch:
 
 jobs:
   get-issues:
@@ -16,9 +16,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          # Get open bug issues
           OPEN_ISSUES=$(gh issue list --label "bug" --state open --json number --jq '.[].number' | tr '\n' ',' | sed 's/,$//')
-          # Get closed bug issues (recent 10)
           CLOSED_ISSUES=$(gh issue list --label "bug" --state closed --limit 10 --json number --jq '.[].number' | tr '\n' ',' | sed 's/,$//')
           
           COMBINED_ISSUES=""
@@ -34,7 +32,6 @@ jobs:
             echo "No bug issues found."
             echo "issue_numbers=[]" >> $GITHUB_OUTPUT
           else
-            # Format as JSON array for matrix
             JSON_ARRAY=$(echo "[$COMBINED_ISSUES]" | sed 's/,/","/g' | sed 's/\[/["/' | sed 's/\]/"]/')
             echo "issue_numbers=$JSON_ARRAY" >> $GITHUB_OUTPUT
           fi
@@ -46,7 +43,7 @@ jobs:
       matrix:
         issue_number: ${{ fromJson(needs.get-issues.outputs.issue_numbers) }}
       fail-fast: false
-      max-parallel: 1 # Run sequentially to avoid rate limits
+      max-parallel: 1
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -66,13 +63,13 @@ jobs:
 
       - name: 'Run Gemini Bug Verification'
         id: 'gemini_verify'
-        uses: 'google-github-actions/run-gemini-cli@v0' # ratchet:exclude
+        uses: 'google-github-actions/run-gemini-cli@v0'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ISSUE_TITLE: ${{ env.title }}
           ISSUE_BODY: ${{ env.body }}
           ISSUE_STATE: ${{ env.state }}
-          GEMINI_CLI_TRUST_WORKSPACE: true
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
         with:
           gemini_api_key: '${{ secrets.GEMINI_API_KEY }}'
           gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}'
@@ -93,14 +90,10 @@ jobs:
           ISSUE_NUMBER: ${{ matrix.issue_number }}
           AI_OUTPUT: ${{ steps.gemini_verify.outputs.output }}
         run: |
-          # Extract components using basic parsing (assuming structured format in prompt)
           ACTION=$(echo "$AI_OUTPUT" | grep "^action:" | cut -d' ' -f2 | tr -d '\r')
           LABELS=$(echo "$AI_OUTPUT" | grep "^labels_to_add:" | cut -d' ' -f2 | tr -d '\r')
           COMMENT=$(echo "$AI_OUTPUT" | sed -n '/comment:/,$p' | sed '1d')
 
-          echo "Action: $ACTION"
-          echo "Labels: $LABELS"
-
           if [ "$ACTION" == "close_and_comment" ]; then
             gh issue comment $ISSUE_NUMBER --body "$COMMENT"
             gh issue close $ISSUE_NUMBER
@@ -109,7 +102,6 @@ jobs:
             gh issue reopen $ISSUE_NUMBER
             gh issue comment $ISSUE_NUMBER --body "$COMMENT"
             if [ ! -z "$LABELS" ]; then gh issue edit $ISSUE_NUMBER --add-label "$LABELS"; fi
-            # Remove verified label if exists
             gh issue edit $ISSUE_NUMBER --remove-label "verified" || true
           elif [ "$ACTION" == "comment" ]; then
             gh issue comment $ISSUE_NUMBER --body "$COMMENT"

.github/workflows/gemini-scheduled-triage.yml

@@ -2,19 +2,13 @@ name: '📋 Gemini Scheduled Issue Triage'
 
 on:
   schedule:
-    - cron: '0 * * * *' # Runs every hour
+    - cron: '0 * * * *'
   pull_request:
-    branches:
-      - 'main'
-      - 'release/**/*'
-    paths:
-      - '.github/workflows/gemini-scheduled-triage.yml'
+    branches: [main]
+    paths: ['.github/workflows/gemini-scheduled-triage.yml']
   push:
-    branches:
-      - 'main'
-      - 'release/**/*'
-    paths:
-      - '.github/workflows/gemini-scheduled-triage.yml'
+    branches: [main]
+    paths: ['.github/workflows/gemini-scheduled-triage.yml']
   workflow_dispatch:
 
 concurrency:
@@ -40,17 +34,14 @@ jobs:
     steps:
       - name: 'Get repository labels'
         id: 'get_labels'
-        uses: 'actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd' # ratchet:actions/github-script@v8.0.0
+        uses: 'actions/github-script@v7'
         with:
-          # NOTE: we intentionally do not use the minted token. The default
-          # GITHUB_TOKEN provided by the action has enough permissions to read
-          # the labels.
           script: |-
             const labels = [];
             for await (const response of github.paginate.iterator(github.rest.issues.listLabelsForRepo, {
               owner: context.repo.owner,
               repo: context.repo.repo,
-              per_page: 100, // Maximum per page to reduce API calls
+              per_page: 100,
             })) {
               labels.push(...response.data);
             }
@@ -70,32 +61,26 @@ jobs:
           GITHUB_REPOSITORY: '${{ github.repository }}'
           GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN || github.token }}'
         run: |-
-          echo '🔍 Finding unlabeled issues and issues marked for triage...'
           ISSUES="$(gh issue list \
             --state 'open' \
             --search 'no:label label:"status/needs-triage"' \
             --json number,title,body \
             --limit '100' \
             --repo "${GITHUB_REPOSITORY}"
           )"
-
-          echo '📝 Setting output for GitHub Actions...'
           echo "issues_to_triage=${ISSUES}" >> "${GITHUB_OUTPUT}"
 
-          ISSUE_COUNT="$(echo "${ISSUES}" | jq 'length')"
-          echo "✅ Found ${ISSUE_COUNT} issue(s) to triage! 🎯"
-
       - name: 'Run Gemini Issue Analysis'
         id: 'gemini_issue_analysis'
         if: |-
           ${{ steps.find_issues.outputs.issues_to_triage != '[]' }}
-        uses: 'google-github-actions/run-gemini-cli@v0' # ratchet:exclude
+        uses: 'google-github-actions/run-gemini-cli@v0'
         env:
-          GITHUB_TOKEN: '' # Do not pass any auth token here since this runs on untrusted inputs
+          GITHUB_TOKEN: ''
           ISSUES_TO_TRIAGE: '${{ steps.find_issues.outputs.issues_to_triage }}'
           REPOSITORY: '${{ github.repository }}'
           AVAILABLE_LABELS: '${{ steps.get_labels.outputs.available_labels }}'
-          GEMINI_CLI_TRUST_WORKSPACE: true
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
         with:
           gemini_api_key: '${{ secrets.GEMINI_API_KEY }}'
           gemini_cli_version: '${{ vars.GEMINI_CLI_VERSION }}'
@@ -125,13 +110,10 @@ jobs:
 
   label:
     runs-on: 'ubuntu-latest'
-    needs:
-      - 'triage'
+    needs: [triage]
     if: |-
       needs.triage.outputs.available_labels != '' &&
-      needs.triage.outputs.available_labels != '[]' &&
-      needs.triage.outputs.triaged_issues != '' &&
-      needs.triage.outputs.triaged_issues != '[]'
+      needs.triage.outputs.triaged_issues != ''
     permissions:
       contents: 'read'
       issues: 'write'
@@ -141,7 +123,7 @@ jobs:
         id: 'mint_identity_token'
         if: |-
           ${{ vars.APP_ID }}
-        uses: 'actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf' # ratchet:actions/create-github-app-token@v2
+        uses: 'actions/create-github-app-token@v2'
         with:
           app-id: '${{ vars.APP_ID }}'
           private-key: '${{ secrets.APP_PRIVATE_KEY }}'
@@ -153,56 +135,30 @@ jobs:
         env:
           AVAILABLE_LABELS: '${{ needs.triage.outputs.available_labels }}'
           TRIAGED_ISSUES: '${{ needs.triage.outputs.triaged_issues }}'
-        uses: 'actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd' # ratchet:actions/github-script@v8.0.0
+        uses: 'actions/github-script@v7'
         with:
-          # Use the provided token so that the "gemini-cli" is the actor in the
-          # log for what changed the labels.
           github-token: '${{ steps.mint_identity_token.outputs.token || secrets.GITHUB_TOKEN || github.token }}'
           script: |-
-            // Parse the available labels
             const availableLabels = (process.env.AVAILABLE_LABELS || '').split(',')
               .map((label) => label.trim())
               .sort()
 
-            // Parse out the triaged issues
             const triagedIssues = (JSON.parse(process.env.TRIAGED_ISSUES || '{}'))
-              .sort((a, b) => a.issue_number - b.issue_number)
-
-            core.debug(`Triaged issues: ${JSON.stringify(triagedIssues)}`);
 
-            // Iterate over each label
             for (const issue of triagedIssues) {
-              if (!issue) {
-                core.debug(`Skipping empty issue: ${JSON.stringify(issue)}`);
-                continue;
-              }
+              if (!issue || !issue.issue_number) continue;
 
-              const issueNumber = issue.issue_number;
-              if (!issueNumber) {
-                core.debug(`Skipping issue with no data: ${JSON.stringify(issue)}`);
-                continue;
-              }
-
-              // Extract and reject invalid labels - we do this just in case
-              // someone was able to prompt inject malicious labels.
               let labelsToSet = (issue.labels_to_set || [])
                 .map((label) => label.trim())
                 .filter((label) => availableLabels.includes(label))
                 .sort()
 
-              core.debug(`Identified labels to set: ${JSON.stringify(labelsToSet)}`);
-
-              if (labelsToSet.length === 0) {
-                core.info(`Skipping issue #${issueNumber} - no labels to set.`)
-                continue;
-              }
-
-              core.debug(`Setting labels on issue #${issueNumber} to ${labelsToSet.join(', ')} (${issue.explanation || 'no explanation'})`)
+              if (labelsToSet.length === 0) continue;
 
               await github.rest.issues.setLabels({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
-                issue_number: issueNumber,
+                issue_number: issue.issue_number,
                 labels: labelsToSet,
               });
             }