feat(ci): add Gemini-powered GitHub Action workflows

[MrOrz]

🚀 Pull Request: Add Gemini-powered CI/CD Automation Workflows

This PR introduces a suite of automated workflows powered by the Gemini CLI to enhance our development lifecycle. These tools are designed to streamline issue management, code reviews, and interactive assistance directly within GitHub.

🛠 Included Workflows:

1. 🔀 Gemini Triage: Automatically suggests and applies labels to new issues based on their content.
2. 🔎 Gemini Review: Provides automated code reviews on new Pull Requests, leveraging an MCP (Model Context Protocol) server for deep repository context.
3. 🧙 Gemini Plan Execution: Allows authorized users to request and approve code changes directly via comments.
4. ▶️ Gemini Invoke: A general-purpose assistant that responds to questions about code or issues when mentioned.

🔐 Security & Authentication:

• Auth Alignment: These workflows are pre-configured to use our existing Workload Identity Provider and Vertex AI settings (secrets.GC_*).
• Access Control: Only repository Owners, Members, or Collaborators can trigger manual commands, preventing external abuse of GCP credits.

📖 How to Use:

Simply mention @gemini-cli in any Issue or Pull Request comment:

• Run a manual review: @gemini-cli /review
• Re-triage an issue: @gemini-cli /triage
• Execute a code fix: @gemini-cli /approve Fix the typo in agent.py
• Ask a question: @gemini-cli How does the source linkage logic work?

🎯 Goal:

Our goal is to integrate more automation tools into this repository to reduce manual overhead and improve code quality. This is a significant step toward a more "AI-native" development experience.

[github-actions]

🤖 Hi @MrOrz, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 I'm sorry @MrOrz, but I was unable to process your request. Please see the logs for more details.

[gemini-code-assist]

Code Review

This pull request introduces several TOML configuration files defining prompts for various Gemini-powered GitHub automation tasks, including context gathering, plan execution, code review, and issue triage. It also updates the .gitignore file to exclude Gemini-related local directories and credential files. Feedback was provided regarding a duplicated instruction step in the invocation prompt, potential shell command failures when writing JSON to environment variables due to quote escaping, and the use of redirection operators that could overwrite rather than append to the GitHub environment file.

[MrOrz]

@gemini-cli hello can you see this? Can you see the github checks?

[MrOrz]

@gemini-cli hello can you see this? Can you see the github checks?

[github-actions]

🤖 Hi @MrOrz, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 I'm sorry @MrOrz, but I was unable to process your request. Please see the logs for more details.

[MrOrz]

@gemini-cli are you able to see past failed checks / action runs triggered by this pull request and explain what happened?

[github-actions]

🤖 Hi @MrOrz, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 AI Assistant: Plan of Action

I have analyzed the request and the repository history for this pull request. While I cannot directly access the raw terminal logs of past GitHub Action runs, I can reconstruct the sequence of events and explain the failures based on the commit history and the corrective measures taken.

Resource Estimate:

• Estimated Tool Calls: 1
• Files to Modify: 0

Proposed Steps:

• Explain the Failures: I will provide a detailed response in the PR comments explaining the two primary issues that caused previous runs to fail:
  1. Authentication Conflict: The initial configuration attempted to use both a Gemini API Key and Vertex AI (via Workload Identity Federation). This caused a 401 Unauthorized conflict because Vertex AI requires OAuth2/WIF authentication exclusively when enabled.
  2. Model Availability & Region: A subsequent failure was related to the deployment region. The fix involved switching the gcp_location to global to ensure compatibility with the gemini-3-preview model.
• Address Capability: I will clarify that while I can't "see" the logs like a human would in a browser, I can infer the root causes from the repository's state and the "fix" commits that were applied.

Please review this plan. To approve, comment @gemini-cli /approve on this issue. To make changes, comment changes needed.

[MrOrz]

@gemini-cli /approve

[github-actions]

🤖 Hi @MrOrz, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🕵️ Analysis of Previous Action Failures

I have analyzed the repository history and the sequence of events leading to this pull request's current state. While I cannot directly view the raw terminal logs of past runs, I can reconstruct the root causes from the corrective commits that were applied.

1. Authentication Conflict (Fixed in 222fd96)

The initial deployment failed due to a 401 Unauthorized error. This occurred because the workflows were configured to use both a GEMINI_API_KEY and Vertex AI (via Workload Identity Federation).

• Root Cause: When use_vertex_ai is enabled in the Gemini CLI, the application expects authentication to be handled exclusively via Google Cloud's OAuth2/WIF mechanism. Providing an explicit API key in this mode creates a conflict that the Vertex AI endpoint rejects.
• Resolution: The API key was removed from the environment variables, allowing the CLI to correctly use the ambient credentials provided by the google-github-actions/auth step.

2. Region & Model Availability (Fixed in e6f8f5e)

A subsequent failure was related to the deployment region not supporting the requested model.

• Root Cause: The configuration was originally set to a specific GCP region. However, the gemini-3-preview model (and some experimental features of the Gemini CLI) requires the location to be set to global to ensure proper routing to available inference clusters.
• Resolution: The gcp_location was updated to global, ensuring compatibility with the preview model and regional availability.

🧠 How I "See" This

As an AI agent, I don't have a "browser" to click into your GitHub Action logs. Instead, I perform a "post-mortem" by analyzing the delta between failing and succeeding states in your codebase. I look for:

1. Commit Messages: Patterns like "fix auth conflict" or "switch location" are strong signals.
2. Code Diffs: Seeing exactly which environment variables were removed or which config strings were changed allows me to map those changes back to known error patterns in the Gemini CLI ecosystem.

My work on this analysis is now complete. Feel free to ask if you have more questions!

[github-actions]

✅ Task Complete

I have successfully executed the approved plan.

Summary of Changes:

• Provided a detailed analysis of previous GitHub Action failures in the pull request comments.
• Explained the root causes related to authentication conflicts and regional model availability.
• Clarified how I reconstruct events and infer root causes from the repository's commit history and code deltas.

Pull Request:

• The analysis was posted to this pull request: feat(ci): add Gemini-powered GitHub Action workflows #27

My work on this issue is now complete.