Skip to content

debugging#8882

Merged
mattKorwel merged 1 commit into
mainfrom
prt-v11
Sep 19, 2025
Merged

debugging#8882
mattKorwel merged 1 commit into
mainfrom
prt-v11

Conversation

@mattKorwel

Copy link
Copy Markdown
Collaborator

No description provided.

@mattKorwel mattKorwel requested review from a team as code owners September 19, 2025 08:23
@mattKorwel mattKorwel merged commit 47e8822 into main Sep 19, 2025
6 of 7 checks passed
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello @mattKorwel, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a critical fix within the release script to enhance Git authentication. By ensuring the GITHUB_TOKEN is properly utilized when pushing release branches, it resolves common permission errors encountered in automated workflows, thereby streamlining the release process.

Highlights

  • Git Authentication Fix: Implemented a workaround in create-patch-pr.js to explicitly configure the Git remote URL to use GITHUB_TOKEN for authentication. This addresses potential workflow permission issues when pushing release branches.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@mattKorwel mattKorwel deleted the prt-v11 branch September 19, 2025 08:23

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a change to handle authentication for git push operations within a GitHub Actions workflow. However, the implementation has a critical security flaw that leaks the GITHUB_TOKEN into the logs. Additionally, it includes a hardcoded repository fallback that could lead to errors. My review includes a detailed comment with a suggested code change to address both of these issues.

Comment on lines +104 to +107
const repo = process.env.GITHUB_REPOSITORY || 'google-gemini/gemini-cli';
if (githubToken) {
run(`git remote set-url origin https://x-access-token:${githubToken}@github.com/${repo}.git`, dryRun);
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

There are two issues in this block:

  1. Critical Security Vulnerability: The run() helper function logs the entire command to the console, which includes the raw GITHUB_TOKEN. This exposes secrets in the workflow logs.
  2. Potential for Error: The hardcoded fallback for repo to 'google-gemini/gemini-cli' is risky. If this script is run in a different repository (like a fork) without GITHUB_REPOSITORY set, it will attempt to push to the wrong upstream repository.

The suggested change addresses both problems by:

  • Calling execSync directly to avoid logging the token.
  • Logging a masked version of the command.
  • Making GITHUB_REPOSITORY a required environment variable when GITHUB_TOKEN is present, preventing pushes to an incorrect repository.
    const repo = process.env.GITHUB_REPOSITORY;
    if (githubToken) {
      if (!repo) {
        console.error(
          'Error: GITHUB_REPOSITORY env var must be set when using GITHUB_TOKEN.'
        );
        process.exit(1);
      }
      const command = `git remote set-url origin https://x-access-token:${githubToken}@github.com/${repo}.git`;
      console.log(`> git remote set-url origin https://x-access-token:***@github.com/${repo}.git`);
      if (!dryRun) {
        try {
          execSync(command, { stdio: 'pipe' });
        } catch (err) {
          console.error('Command failed: git remote set-url');
          throw err;
        }
      }
    }

@github-actions

Copy link
Copy Markdown

Size Change: -2 B (0%)

Total Size: 17.3 MB

ℹ️ View Unchanged
Filename Size Change
./bundle/gemini.js 17.3 MB -2 B (0%)
./bundle/sandbox-macos-permissive-closed.sb 1.03 kB 0 B
./bundle/sandbox-macos-permissive-open.sb 830 B 0 B
./bundle/sandbox-macos-permissive-proxied.sb 1.31 kB 0 B
./bundle/sandbox-macos-restrictive-closed.sb 3.29 kB 0 B
./bundle/sandbox-macos-restrictive-open.sb 3.36 kB 0 B
./bundle/sandbox-macos-restrictive-proxied.sb 3.56 kB 0 B

compressed-size-action

abhipatel12 pushed a commit that referenced this pull request Sep 19, 2025
Co-authored-by: gemini-cli-robot <gemini-cli-robot@google.com>
nagendrareddy10 pushed a commit to nagendrareddy10/gemini-cli that referenced this pull request Sep 22, 2025
Co-authored-by: gemini-cli-robot <gemini-cli-robot@google.com>
yashv6655 added a commit to yashv6655/gemini-cli that referenced this pull request Sep 22, 2025
Co-authored-by: gemini-cli-robot <gemini-cli-robot@google.com>
thacio added a commit to thacio/auditaria that referenced this pull request Oct 3, 2025
giraffe-tree pushed a commit to giraffe-tree/gemini-cli that referenced this pull request Oct 10, 2025
Co-authored-by: gemini-cli-robot <gemini-cli-robot@google.com>
cocosheng-g pushed a commit that referenced this pull request May 6, 2026
Co-authored-by: gemini-cli-robot <gemini-cli-robot@google.com>
@sripasg sripasg added the size/s A small PR label Jun 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/s A small PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants