run-gemini-cli fails with Cloud Code Private API error when using Code Assist and WIF #497
Description
TL;DR
Similar to #258 , I'm seeing the exact same issue when trying to set up my pipeline with run-gemini-cli.
I have created a Workload Identity Provider by running setup_workload_identity.sh in my Google Cloud Shell, but when I run my pipeline I'm also getting the "Cloud Code Private API not enabled" error. Locally, I can use Gemini CLI with pro models using my Google Workspace account locally just fine,
Looking at the original commit that "fixed" #258 , the code change to setup_workload_identity.sh shifted around and was recently removed by this commit and is no longer present.
When I try to run gcloud services enable "cloudcode-pa.googleapis.com" --project="${GOOGLE_CLOUD_PROJECT}" manually, I'm getting this error:
ERROR: (gcloud.services.enable) PERMISSION_DENIED: Permission denied to enable service [cloudcode-pa.googleapis.com]
Help Token: AVnrbflSHBMyF5H0iMuZZE8Ty9zyeiSnyOYVBZt1r_5vFcLG24oIu8u6__bnC7BIk_sNqAG6HucX3s0bm0pwHf4BO1Cf8lB5uUm8PLWZ_Qc1Wnha. This command is authenticated as [my account email] which is the active account specified by the [core/account] property
- '@type': type.googleapis.com/google.rpc.PreconditionFailure
violations:
- subject: '110002'
type: googleapis.com
- '@type': type.googleapis.com/google.rpc.ErrorInfo
domain: serviceusage.googleapis.com
reason: AUTH_PERMISSION_DENIED
Expected behavior
run-gemini-cli action can run correctly after running setup_workload_identity.sh.
Observed behavior
Pipeline fails with this error:
Error authenticating: GaxiosError: Cloud Code Private API has not been used in project 271520206934 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudcode-pa.googleapis.com/overview?project=271520206934 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
at Gaxios._request (/home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/gaxios/build/src/gaxios.js:142:23)
at process.processTicksAndRejections (node:internal/process/task_queues:104:5)
at async OAuth2Client.requestAsync (/home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/google-auth-library/build/src/auth/oauth2client.js:429:18)
at async CodeAssistServer.requestPost (file:///home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/@google/gemini-cli-core/dist/src/code_assist/server.js:219:21)
at async CodeAssistServer.loadCodeAssist (file:///home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/@google/gemini-cli-core/dist/src/code_assist/server.js:129:20)
at async _doSetupUser (file:///home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/@google/gemini-cli-core/dist/src/code_assist/setup.js:96:19) {
config: {
url: 'https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'User-Agent': 'GeminiCLI/0.35.3/gemini-3-pro-preview (linux; x64; GitHub) google-api-nodejs-client/9.15.1',
Authorization: '<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.',
'x-goog-api-client': 'gl-node/24.14.0',
Accept: 'application/json'
},
responseType: 'json',
body: '{"cloudaicompanionProject":"true-shoreline-491101-u2","metadata":{"ideType":"IDE_UNSPECIFIED","platform":"PLATFORM_UNSPECIFIED","pluginType":"GEMINI","duetProject":"true-shoreline-491101-u2"}}',
retryConfig: {
retryDelay: 100,
retry: 3,
noResponseRetries: 3,
statusCodesToRetry: [Array],
currentRetryAttempt: 0,
httpMethodsToRetry: [Array],
retryDelayMultiplier: 2,
timeOfFirstRequest: 1775095418679,
totalTimeout: 9007199254740991,
maxRetryDelay: 9007199254740991
},
paramsSerializer: [Function: paramsSerializer],
validateStatus: [Function: validateStatus],
errorRedactor: [Function: defaultErrorRedactor]
},
response: {
config: {
url: 'https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist',
method: 'POST',
headers: [Object],
responseType: 'json',
body: '{"cloudaicompanionProject":"true-shoreline-491101-u2","metadata":{"ideType":"IDE_UNSPECIFIED","platform":"PLATFORM_UNSPECIFIED","pluginType":"GEMINI","duetProject":"true-shoreline-491101-u2"}}',
retryConfig: [Object],
paramsSerializer: [Function: paramsSerializer],
validateStatus: [Function: validateStatus],
errorRedactor: [Function: defaultErrorRedactor]
},
data: { error: [Object] },
headers: {
'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
'content-encoding': 'gzip',
'content-type': 'application/json; charset=UTF-8',
date: 'Thu, 02 Apr 2026 02:03:39 GMT',
server: 'ESF',
'server-timing': 'gfet4t7; dur=27',
'transfer-encoding': 'chunked',
vary: 'Origin, X-Origin, Referer',
'x-content-type-options': 'nosniff',
'x-frame-options': 'SAMEORIGIN',
'x-xss-protection': '0'
},
status: 403,
statusText: 'Forbidden',
request: {
responseURL: 'https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist'
}
},
error: undefined,
status: 403,
code: 403,
errors: [
{
message: 'Cloud Code Private API has not been used in project 271520206934 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudcode-pa.googleapis.com/overview?project=271520206934 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.',
domain: 'usageLimits',
reason: 'accessNotConfigured',
extendedHelp: 'https://console.developers.google.com'
}
],
Symbol(gaxios-gaxios-error): '6.7.1'
}
Action YAML
name: Gemini PR Review
on:
pull_request:
types: [opened, synchronize, reopened]
paths-ignore:
- '**.md'
jobs:
gemini-review:
name: Gemini AI Review
runs-on: self-hosted
permissions:
id-token: write
pull-requests: write
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Run Gemini Review
uses: google-github-actions/run-gemini-cli@v0.1.21
with:
use_gemini_code_assist: true
gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}'
gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}'
gcp_service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}'Log output
2026-04-02T02:02:57.5334617Z Current runner version: '2.333.0'
2026-04-02T02:02:57.5340831Z Runner name: 'myRunner'
2026-04-02T02:02:57.5341912Z Runner group name: 'default'
2026-04-02T02:02:57.5342827Z Machine name: 'myMachine'
2026-04-02T02:02:57.5345314Z ##[group]GITHUB_TOKEN Permissions
2026-04-02T02:02:57.5347796Z Contents: read
2026-04-02T02:02:57.5348617Z Metadata: read
2026-04-02T02:02:57.5349108Z PullRequests: write
2026-04-02T02:02:57.5349580Z ##[endgroup]
2026-04-02T02:02:57.5352087Z Secret source: Actions
2026-04-02T02:02:57.5352807Z Prepare workflow directory
2026-04-02T02:02:57.6326445Z Prepare all required actions
2026-04-02T02:02:57.6372359Z Getting action download info
2026-04-02T02:02:58.1104402Z Download action repository 'actions/checkout@v6' (SHA:de0fac2e4500dabe0009e67214ff5f5447ce83dd)
2026-04-02T02:02:58.8299018Z Download action repository 'google-github-actions/run-gemini-cli@v0.1.21' (SHA:9dbec29a20fab3f35017a40ad0eb798a257d4d51)
2026-04-02T02:02:59.5033350Z Getting action download info
2026-04-02T02:02:59.6916736Z Download action repository 'google-github-actions/auth@v3' (SHA:7c6bc770dae815cd3e89ee6cdf493a5fab2cc093)
2026-04-02T02:03:00.2998862Z Download action repository 'pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061' (SHA:41ff72655975bd51cab0327fa583b6e92b6d3061)
2026-04-02T02:03:01.0763265Z Download action repository 'actions/upload-artifact@v6' (SHA:b7c566a772e6b6bfb58ed0dc250532a479d7789f)
2026-04-02T02:03:01.9519668Z Complete job name: Gemini AI Review
2026-04-02T02:03:02.0161071Z ##[group]Run actions/checkout@v6
2026-04-02T02:03:02.0161655Z with:
2026-04-02T02:03:02.0161834Z fetch-depth: 0
2026-04-02T02:03:02.0162025Z repository: myCompany/myProject
2026-04-02T02:03:02.0162506Z token: ***
2026-04-02T02:03:02.0162678Z ssh-strict: true
2026-04-02T02:03:02.0163034Z ssh-user: git
2026-04-02T02:03:02.0163215Z persist-credentials: true
2026-04-02T02:03:02.0163415Z clean: true
2026-04-02T02:03:02.0163603Z sparse-checkout-cone-mode: true
2026-04-02T02:03:02.0163859Z fetch-tags: false
2026-04-02T02:03:02.0164032Z show-progress: true
2026-04-02T02:03:02.0164201Z lfs: false
2026-04-02T02:03:02.0164362Z submodules: false
2026-04-02T02:03:02.0164542Z set-safe-directory: true
2026-04-02T02:03:02.0165021Z ##[endgroup]
2026-04-02T02:03:02.3107413Z Syncing repository: myCompany/myProject
2026-04-02T02:03:02.3109074Z ##[group]Getting Git version info
2026-04-02T02:03:02.3109526Z Working directory is '/tmp/runner-2/work/myProject/myProject'
2026-04-02T02:03:02.3110430Z [command]/usr/bin/git version
2026-04-02T02:03:02.3110646Z git version 2.43.0
2026-04-02T02:03:02.3111663Z ##[endgroup]
2026-04-02T02:03:02.3123299Z Temporarily overriding HOME='/tmp/runner-2/work/_temp/f4d1aadb-1dbd-4532-8f48-a0c94ca00011' before making global git config changes
2026-04-02T02:03:02.3124594Z Adding repository directory to the temporary git global config as a safe directory
2026-04-02T02:03:02.3128105Z [command]/usr/bin/git config --global --add safe.directory /tmp/runner-2/work/myProject/myProject
2026-04-02T02:03:02.3174125Z [command]/usr/bin/git config --local --get remote.origin.url
2026-04-02T02:03:02.3196320Z https://github.com/myCompany/myProject
2026-04-02T02:03:02.3211983Z ##[group]Removing previously created refs, to avoid conflicts
2026-04-02T02:03:02.3216844Z [command]/usr/bin/git rev-parse --symbolic-full-name --verify --quiet HEAD
2026-04-02T02:03:02.3245672Z HEAD
2026-04-02T02:03:02.3296776Z ##[endgroup]
2026-04-02T02:03:02.3299827Z [command]/usr/bin/git submodule status
2026-04-02T02:03:02.3526013Z ##[group]Cleaning the repository
2026-04-02T02:03:02.3528976Z [command]/usr/bin/git clean -ffdx
2026-04-02T02:03:02.4505806Z Removing .gemini/
2026-04-02T02:03:02.4506116Z Removing gemini-artifacts/
2026-04-02T02:03:02.4516932Z [command]/usr/bin/git reset --hard HEAD
2026-04-02T02:03:02.4852264Z HEAD is now at 3f84c7a Merge 2462ebc923af06c1e2a2a483b3db55d2921838c6 into 92844a6d989d3c43a6569ea7b8231f0610ab403e
2026-04-02T02:03:02.4855867Z ##[endgroup]
2026-04-02T02:03:02.4859007Z ##[group]Disabling automatic garbage collection
2026-04-02T02:03:02.4863638Z [command]/usr/bin/git config --local gc.auto 0
2026-04-02T02:03:02.4896367Z ##[endgroup]
2026-04-02T02:03:02.4896887Z ##[group]Setting up auth
2026-04-02T02:03:02.4897991Z Removing SSH command configuration
2026-04-02T02:03:02.4906510Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2026-04-02T02:03:02.4937603Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2026-04-02T02:03:02.5168198Z Removing HTTP extra header
2026-04-02T02:03:02.5175033Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2026-04-02T02:03:02.5205298Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2026-04-02T02:03:02.5423902Z Removing includeIf entries pointing to credentials config files
2026-04-02T02:03:02.5429150Z [command]/usr/bin/git config --local --name-only --get-regexp ^includeIf\.gitdir:
2026-04-02T02:03:02.5461331Z [command]/usr/bin/git submodule foreach --recursive git config --local --show-origin --name-only --get-regexp remote.origin.url
2026-04-02T02:03:02.5700406Z [command]/usr/bin/git config --file /tmp/runner-2/work/_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config http.https://github.com/.extraheader AUTHORIZATION: basic ***
2026-04-02T02:03:02.5745760Z [command]/usr/bin/git config --local includeIf.gitdir:/tmp/runner-2/work/myProject/myProject/.git.path /tmp/runner-2/work/_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:02.5776992Z [command]/usr/bin/git config --local includeIf.gitdir:/tmp/runner-2/work/myProject/myProject/.git/worktrees/*.path /tmp/runner-2/work/_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:02.5815015Z [command]/usr/bin/git config --local includeIf.gitdir:/github/workspace/.git.path /github/runner_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:02.5846760Z [command]/usr/bin/git config --local includeIf.gitdir:/github/workspace/.git/worktrees/*.path /github/runner_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:02.5878247Z ##[endgroup]
2026-04-02T02:03:02.5878659Z ##[group]Fetching the repository
2026-04-02T02:03:02.5888707Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules origin +refs/heads/*:refs/remotes/origin/* +refs/tags/*:refs/tags/* +1039d46acd185ec808cb66088149d8f7cf8ce4e6:refs/remotes/pull/256/merge
2026-04-02T02:03:03.0922578Z From https://github.com/myCompany/myProject
2026-04-02T02:03:03.0923231Z 2462ebc..374029b users/username/3-27/gemini-pr-review -> origin/users/username/3-27/gemini-pr-review
2026-04-02T02:03:03.0926899Z + 3f84c7a...1039d46 1039d46acd185ec808cb66088149d8f7cf8ce4e6 -> pull/256/merge (forced update)
2026-04-02T02:03:03.0956247Z ##[endgroup]
2026-04-02T02:03:03.0956629Z ##[group]Determining the checkout info
2026-04-02T02:03:03.0956986Z ##[endgroup]
2026-04-02T02:03:03.0961399Z [command]/usr/bin/git sparse-checkout disable
2026-04-02T02:03:03.1024848Z [command]/usr/bin/git config --local --unset-all extensions.worktreeConfig
2026-04-02T02:03:03.1054605Z ##[group]Checking out the ref
2026-04-02T02:03:03.1056559Z [command]/usr/bin/git checkout --progress --force refs/remotes/pull/256/merge
2026-04-02T02:03:03.1117534Z Warning: you are leaving 1 commit behind, not connected to
2026-04-02T02:03:03.1118213Z any of your branches:
2026-04-02T02:03:03.1118340Z
2026-04-02T02:03:03.1118663Z 3f84c7a Merge 2462ebc923af06c1e2a2a483b3db55d2921838c6 into 92844a6d989d3c43a6569ea7b8231f0610ab403e
2026-04-02T02:03:03.1119057Z
2026-04-02T02:03:03.1119251Z If you want to keep it by creating a new branch, this may be a good time
2026-04-02T02:03:03.1119925Z to do so with:
2026-04-02T02:03:03.1120024Z
2026-04-02T02:03:03.1120142Z git branch <new-branch-name> 3f84c7a
2026-04-02T02:03:03.1120311Z
2026-04-02T02:03:03.1127877Z HEAD is now at 1039d46 Merge 374029be2938ad0e0d0fae25b408503c2a31b727 into 92844a6d989d3c43a6569ea7b8231f0610ab403e
2026-04-02T02:03:03.1135264Z ##[endgroup]
2026-04-02T02:03:03.1174603Z [command]/usr/bin/git log -1 --format=%H
2026-04-02T02:03:03.1200328Z 1039d46acd185ec808cb66088149d8f7cf8ce4e6
2026-04-02T02:03:03.1672811Z ##[group]Run google-github-actions/run-gemini-cli@v0.1.21
2026-04-02T02:03:03.1673164Z with:
2026-04-02T02:03:03.1673321Z use_gemini_code_assist: true
2026-04-02T02:03:03.1673530Z gcp_location: global
2026-04-02T02:03:03.1673732Z gcp_project_id: myProjectId
2026-04-02T02:03:03.1674163Z gcp_service_account: gemini-cli-95922d3f@myProjectId.iam.gserviceaccount.com
2026-04-02T02:03:03.1688334Z gcp_workload_identity_provider: projects/271520206934/locations/global/workloadIdentityPools/github-95922d3f/providers/gh-95922d3f
2026-04-02T02:03:03.1689011Z gcp_token_format: access_token
2026-04-02T02:03:03.1689743Z gcp_access_token_scopes: https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/userinfo.profile
2026-04-02T02:03:03.1690490Z gemini_cli_version: latest
2026-04-02T02:03:03.1690705Z prompt: You are a helpful assistant.
2026-04-02T02:03:03.1690978Z use_vertex_ai: false
2026-04-02T02:03:03.1691161Z upload_artifacts: false
2026-04-02T02:03:03.1691350Z use_pnpm: false
2026-04-02T02:03:03.1691525Z workflow_name: Gemini PR Review
2026-04-02T02:03:03.1691733Z ##[endgroup]
2026-04-02T02:03:03.1806224Z ##[group]Run set -exuo pipefail
2026-04-02T02:03:03.1806609Z �[36;1mset -exuo pipefail�[0m
2026-04-02T02:03:03.1806810Z �[36;1m�[0m
2026-04-02T02:03:03.1807072Z �[36;1m# Emit a clear warning in three places without failing the step�[0m
2026-04-02T02:03:03.1807396Z �[36;1mwarn() {�[0m
2026-04-02T02:03:03.1807578Z �[36;1m local msg="$1"�[0m
2026-04-02T02:03:03.1807772Z �[36;1m echo "WARNING: ${msg}" >&2�[0m
2026-04-02T02:03:03.1808049Z �[36;1m echo "::warning title=Input validation::${msg}"�[0m
2026-04-02T02:03:03.1808360Z �[36;1m if [[ -n "${GITHUB_STEP_SUMMARY:-}" ]]; then�[0m
2026-04-02T02:03:03.1808613Z �[36;1m {�[0m
2026-04-02T02:03:03.1808803Z �[36;1m echo "### Input validation warnings"�[0m
2026-04-02T02:03:03.1809053Z �[36;1m echo�[0m
2026-04-02T02:03:03.1809234Z �[36;1m echo "- ${msg}"�[0m
2026-04-02T02:03:03.1809443Z �[36;1m } >> "${GITHUB_STEP_SUMMARY}"�[0m
2026-04-02T02:03:03.1809669Z �[36;1m fi�[0m
2026-04-02T02:03:03.1809812Z �[36;1m}�[0m
2026-04-02T02:03:03.1809954Z �[36;1m�[0m
2026-04-02T02:03:03.1810310Z �[36;1m# Validate the count of authentication methods�[0m
2026-04-02T02:03:03.1810583Z �[36;1mauth_methods=0�[0m
2026-04-02T02:03:03.1810932Z �[36;1mif [[ "${INPUT_GEMINI_API_KEY_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi�[0m
2026-04-02T02:03:03.1811483Z �[36;1mif [[ "${INPUT_GOOGLE_API_KEY_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi�[0m
2026-04-02T02:03:03.1812269Z �[36;1mif [[ "${INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT:-false}" == "true" ]]; then ((++auth_methods)); fi�[0m
2026-04-02T02:03:03.1812816Z �[36;1m�[0m
2026-04-02T02:03:03.1812988Z �[36;1mif [[ ${auth_methods} -eq 0 ]]; then�[0m
2026-04-02T02:03:03.1814021Z �[36;1m warn "No authentication method provided. Please provide one of 'gemini_api_key', 'google_api_key', or 'gcp_workload_identity_provider'."�[0m
2026-04-02T02:03:03.1814692Z �[36;1mfi�[0m
2026-04-02T02:03:03.1814841Z �[36;1m�[0m
2026-04-02T02:03:03.1815007Z �[36;1mif [[ ${auth_methods} -gt 1 ]]; then�[0m
2026-04-02T02:03:03.1815616Z �[36;1m warn "Multiple authentication methods provided. Please use only one of 'gemini_api_key', 'google_api_key', or 'gcp_workload_identity_provider'."�[0m
2026-04-02T02:03:03.1816205Z �[36;1mfi�[0m
2026-04-02T02:03:03.1816343Z �[36;1m�[0m
2026-04-02T02:03:03.1816834Z �[36;1m# Validate Workload Identity Federation inputs�[0m
2026-04-02T02:03:03.1817252Z �[36;1mif [[ "${INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT:-false}" == "true" ]]; then�[0m
2026-04-02T02:03:03.1817725Z �[36;1m if [[ "${INPUT_GCP_PROJECT_ID_PRESENT:-false}" != "true" ]]; then�[0m
2026-04-02T02:03:03.1818352Z �[36;1m warn "When using Workload Identity Federation ('gcp_workload_identity_provider'), you must also provide 'gcp_project_id'."�[0m
2026-04-02T02:03:03.1819184Z �[36;1m fi�[0m
2026-04-02T02:03:03.1819504Z �[36;1m # Service account is required when using token_format (default behavior)�[0m
2026-04-02T02:03:03.1819947Z �[36;1m # Only optional when explicitly set to empty for direct WIF�[0m
2026-04-02T02:03:03.1820589Z �[36;1m if [[ "${INPUT_GCP_TOKEN_FORMAT}" != "" && "${INPUT_GCP_SERVICE_ACCOUNT_PRESENT:-false}" != "true" ]]; then�[0m
2026-04-02T02:03:03.1821728Z �[36;1m warn "When using Workload Identity Federation with token generation ('gcp_token_format'), you must also provide 'gcp_service_account'. To use direct WIF without a service account, explicitly set 'gcp_token_format' to an empty string."�[0m
2026-04-02T02:03:03.1822669Z �[36;1m fi�[0m
2026-04-02T02:03:03.1822989Z �[36;1m if [[ "${INPUT_USE_VERTEX_AI:-false}" == "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" ]]; then�[0m
2026-04-02T02:03:03.1823696Z �[36;1m warn "When using Workload Identity Federation, you must set exactly one of 'use_vertex_ai' or 'use_gemini_code_assist' to 'true'."�[0m
2026-04-02T02:03:03.1824245Z �[36;1m fi�[0m
2026-04-02T02:03:03.1824395Z �[36;1mfi�[0m
2026-04-02T02:03:03.1824535Z �[36;1m�[0m
2026-04-02T02:03:03.1824693Z �[36;1m# Validate Vertex AI API Key�[0m
2026-04-02T02:03:03.1825006Z �[36;1mif [[ "${INPUT_GOOGLE_API_KEY_PRESENT:-false}" == "true" ]]; then�[0m
2026-04-02T02:03:03.1825388Z �[36;1m if [[ "${INPUT_USE_VERTEX_AI:-false}" != "true" ]]; then�[0m
2026-04-02T02:03:03.1825804Z �[36;1m warn "When using 'google_api_key', you must set 'use_vertex_ai' to 'true'."�[0m
2026-04-02T02:03:03.1826168Z �[36;1m fi�[0m
2026-04-02T02:03:03.1826411Z �[36;1m if [[ "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" == "true" ]]; then�[0m
2026-04-02T02:03:03.1826861Z �[36;1m warn "When using 'google_api_key', 'use_gemini_code_assist' cannot be 'true'."�[0m
2026-04-02T02:03:03.1827228Z �[36;1m fi�[0m
2026-04-02T02:03:03.1827371Z �[36;1mfi�[0m
2026-04-02T02:03:03.1827516Z �[36;1m�[0m
2026-04-02T02:03:03.1827671Z �[36;1m# Validate Gemini API Key�[0m
2026-04-02T02:03:03.1827981Z �[36;1mif [[ "${INPUT_GEMINI_API_KEY_PRESENT:-false}" == "true" ]]; then�[0m
2026-04-02T02:03:03.1828506Z �[36;1m if [[ "${INPUT_USE_VERTEX_AI:-false}" == "true" || "${INPUT_USE_GEMINI_CODE_ASSIST:-false}" == "true" ]]; then�[0m
2026-04-02T02:03:03.1829161Z �[36;1m warn "When using 'gemini_api_key', both 'use_vertex_ai' and 'use_gemini_code_assist' must be 'false'."�[0m
2026-04-02T02:03:03.1829603Z �[36;1m fi�[0m
2026-04-02T02:03:03.1829750Z �[36;1mfi�[0m
2026-04-02T02:03:03.1844745Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2026-04-02T02:03:03.1845080Z env:
2026-04-02T02:03:03.1845246Z INPUT_GEMINI_API_KEY_PRESENT: false
2026-04-02T02:03:03.1845485Z INPUT_GOOGLE_API_KEY_PRESENT: false
2026-04-02T02:03:03.1845751Z INPUT_GCP_WORKLOAD_IDENTITY_PROVIDER_PRESENT: true
2026-04-02T02:03:03.1846030Z INPUT_GCP_PROJECT_ID_PRESENT: true
2026-04-02T02:03:03.1846263Z INPUT_GCP_SERVICE_ACCOUNT_PRESENT: true
2026-04-02T02:03:03.1846511Z INPUT_GCP_TOKEN_FORMAT: access_token
2026-04-02T02:03:03.1846744Z INPUT_USE_VERTEX_AI: false
2026-04-02T02:03:03.1846952Z INPUT_USE_GEMINI_CODE_ASSIST: true
2026-04-02T02:03:03.1847162Z ##[endgroup]
2026-04-02T02:03:03.2998036Z + auth_methods=0
2026-04-02T02:03:03.2998354Z + [[ false == \t\r\u\e ]]
2026-04-02T02:03:03.2998657Z + [[ false == \t\r\u\e ]]
2026-04-02T02:03:03.2998963Z + [[ true == \t\r\u\e ]]
2026-04-02T02:03:03.2999246Z + (( ++auth_methods ))
2026-04-02T02:03:03.2999527Z + [[ 1 -eq 0 ]]
2026-04-02T02:03:03.2999771Z + [[ 1 -gt 1 ]]
2026-04-02T02:03:03.2999988Z + [[ true == \t\r\u\e ]]
2026-04-02T02:03:03.3001173Z + [[ true != \t\r\u\e ]]
2026-04-02T02:03:03.3001378Z + [[ access_token != '' ]]
2026-04-02T02:03:03.3001602Z + [[ true != \t\r\u\e ]]
2026-04-02T02:03:03.3001793Z + [[ false == \t\r\u\e ]]
2026-04-02T02:03:03.3001989Z + [[ false == \t\r\u\e ]]
2026-04-02T02:03:03.3002174Z + [[ false == \t\r\u\e ]]
2026-04-02T02:03:03.3061905Z ##[group]Run SANITIZED=$(echo "${WORKFLOW_NAME}" | sed 's/[^ a-zA-Z0-9-]//g' | xargs | tr ' ' '_' | tr '[:upper:]' '[:lower:]')
2026-04-02T02:03:03.3062866Z �[36;1mSANITIZED=$(echo "${WORKFLOW_NAME}" | sed 's/[^ a-zA-Z0-9-]//g' | xargs | tr ' ' '_' | tr '[:upper:]' '[:lower:]')�[0m
2026-04-02T02:03:03.3063398Z �[36;1mecho "gh_workflow_name=$SANITIZED" >> $GITHUB_OUTPUT�[0m
2026-04-02T02:03:03.3076405Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2026-04-02T02:03:03.3076721Z env:
2026-04-02T02:03:03.3076881Z WORKFLOW_NAME: Gemini PR Review
2026-04-02T02:03:03.3077086Z ##[endgroup]
2026-04-02T02:03:03.4314812Z ##[group]Run set -euo pipefail
2026-04-02T02:03:03.4315112Z �[36;1mset -euo pipefail�[0m
2026-04-02T02:03:03.4315323Z �[36;1mmkdir -p .gemini/commands�[0m
2026-04-02T02:03:03.4315644Z �[36;1mcp -r "${GITHUB_ACTION_PATH}/.github/commands/"* .gemini/commands/�[0m
2026-04-02T02:03:03.4326000Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2026-04-02T02:03:03.4326305Z env:
2026-04-02T02:03:03.4326640Z GITHUB_ACTION_PATH: /tmp/runner-2/work/_actions/google-github-actions/run-gemini-cli/v0.1.21
2026-04-02T02:03:03.4327060Z ##[endgroup]
2026-04-02T02:03:03.5640576Z ##[group]Run google-github-actions/auth@v3
2026-04-02T02:03:03.5640921Z with:
2026-04-02T02:03:03.5641154Z project_id: myProjectId
2026-04-02T02:03:03.5642059Z workload_identity_provider: projects/271520206934/locations/global/workloadIdentityPools/github-95922d3f/providers/gh-95922d3f
2026-04-02T02:03:03.5643172Z service_account: gemini-cli-95922d3f@myProjectId.iam.gserviceaccount.com
2026-04-02T02:03:03.5643821Z token_format: access_token
2026-04-02T02:03:03.5644804Z access_token_scopes: https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/userinfo.profile
2026-04-02T02:03:03.5645550Z create_credentials_file: true
2026-04-02T02:03:03.5645929Z export_environment_variables: true
2026-04-02T02:03:03.5646167Z universe: googleapis.com
2026-04-02T02:03:03.5646363Z cleanup_credentials: true
2026-04-02T02:03:03.5646580Z access_token_lifetime: 3600s
2026-04-02T02:03:03.5646787Z id_token_include_email: false
2026-04-02T02:03:03.5646987Z ##[endgroup]
2026-04-02T02:03:03.8481307Z Created credentials file at "/tmp/runner-2/work/myProject/myProject/gha-creds-b288eabc86ee815a.json"
2026-04-02T02:03:04.2706245Z ##[group]Run set -euo pipefail
2026-04-02T02:03:04.2706554Z �[36;1mset -euo pipefail�[0m
2026-04-02T02:03:04.2706769Z �[36;1m�[0m
2026-04-02T02:03:04.2706979Z �[36;1mVERSION_INPUT="${GEMINI_CLI_VERSION:-latest}"�[0m
2026-04-02T02:03:04.2707265Z �[36;1m�[0m
2026-04-02T02:03:04.2707867Z �[36;1mif [[ "${VERSION_INPUT}" == "latest" || "${VERSION_INPUT}" == "preview" || "${VERSION_INPUT}" == "nightly" || "${VERSION_INPUT}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9\.-]+)?(\+[a-zA-Z0-9\.-]+)?$ ]]; then�[0m
2026-04-02T02:03:04.2708683Z �[36;1m echo "Installing Gemini CLI from npm: @google/gemini-cli@${VERSION_INPUT}"�[0m
2026-04-02T02:03:04.2709089Z �[36;1m if [[ "${USE_PNPM}" == "true" ]]; then�[0m
2026-04-02T02:03:04.2709456Z �[36;1m pnpm add --silent --global @google/gemini-cli@"${VERSION_INPUT}"�[0m
2026-04-02T02:03:04.2709791Z �[36;1m else�[0m
2026-04-02T02:03:04.2710175Z �[36;1m npm install --silent --no-audit --prefer-offline --global @google/gemini-cli@"${VERSION_INPUT}"�[0m
2026-04-02T02:03:04.2710625Z �[36;1m fi�[0m
2026-04-02T02:03:04.2710780Z �[36;1melse�[0m
2026-04-02T02:03:04.2711141Z �[36;1m echo "Installing Gemini CLI from GitHub: github:google-gemini/gemini-cli#${VERSION_INPUT}"�[0m
2026-04-02T02:03:04.2711875Z �[36;1m git clone https://github.com/google-gemini/gemini-cli.git�[0m
2026-04-02T02:03:04.2712491Z �[36;1m cd gemini-cli�[0m
2026-04-02T02:03:04.2712706Z �[36;1m git checkout "${VERSION_INPUT}"�[0m
2026-04-02T02:03:04.2712951Z �[36;1m npm install�[0m
2026-04-02T02:03:04.2713145Z �[36;1m npm run bundle�[0m
2026-04-02T02:03:04.2713441Z �[36;1m npm install --silent --no-audit --prefer-offline --global .�[0m
2026-04-02T02:03:04.2713758Z �[36;1mfi�[0m
2026-04-02T02:03:04.2713938Z �[36;1mecho "Verifying installation:"�[0m
2026-04-02T02:03:04.2714356Z �[36;1mif command -v gemini >/dev/null 2>&1; then�[0m
2026-04-02T02:03:04.2714825Z �[36;1m gemini --version || echo "Gemini CLI installed successfully (version command not available)"�[0m
2026-04-02T02:03:04.2715264Z �[36;1melse�[0m
2026-04-02T02:03:04.2715476Z �[36;1m echo "Error: Gemini CLI not found in PATH"�[0m
2026-04-02T02:03:04.2715746Z �[36;1m exit 1�[0m
2026-04-02T02:03:04.2715907Z �[36;1mfi�[0m
2026-04-02T02:03:04.2716079Z �[36;1mif [[ -n "${EXTENSIONS}" ]]; then�[0m
2026-04-02T02:03:04.2716379Z �[36;1m echo "Installing Gemini CLI extensions:"�[0m
2026-04-02T02:03:04.2716795Z �[36;1m echo "${EXTENSIONS}" | jq -r '.[]' | while IFS= read -r extension; do�[0m
2026-04-02T02:03:04.2717242Z �[36;1m extension=$(echo "${extension}" | xargs)�[0m
2026-04-02T02:03:04.2717523Z �[36;1m if [[ -n "${extension}" ]]; then�[0m
2026-04-02T02:03:04.2718078Z �[36;1m echo "Installing ${extension}..."�[0m
2026-04-02T02:03:04.2718410Z �[36;1m echo "Y" | gemini extensions install "${extension}"�[0m
2026-04-02T02:03:04.2718704Z �[36;1m fi�[0m
2026-04-02T02:03:04.2718857Z �[36;1m done�[0m
2026-04-02T02:03:04.2719013Z �[36;1mfi�[0m
2026-04-02T02:03:04.2729292Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2026-04-02T02:03:04.2729607Z env:
2026-04-02T02:03:04.2730026Z CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /tmp/runner-2/work/myProject/myProject/gha-creds-b288eabc86ee815a.json
2026-04-02T02:03:04.2730740Z GOOGLE_APPLICATION_CREDENTIALS: /tmp/runner-2/work/myProject/myProject/gha-creds-b288eabc86ee815a.json
2026-04-02T02:03:04.2731599Z GOOGLE_GHA_CREDS_PATH: /tmp/runner-2/work/myProject/myProject/gha-creds-b288eabc86ee815a.json
2026-04-02T02:03:04.2732069Z CLOUDSDK_CORE_PROJECT: myProjectId
2026-04-02T02:03:04.2732366Z CLOUDSDK_PROJECT: myProjectId
2026-04-02T02:03:04.2732633Z GCLOUD_PROJECT: myProjectId
2026-04-02T02:03:04.2733016Z GCP_PROJECT: myProjectId
2026-04-02T02:03:04.2733417Z GOOGLE_CLOUD_PROJECT: myProjectId
2026-04-02T02:03:04.2733868Z GEMINI_CLI_VERSION: latest
2026-04-02T02:03:04.2734111Z EXTENSIONS:
2026-04-02T02:03:04.2734275Z USE_PNPM: false
2026-04-02T02:03:04.2734443Z ##[endgroup]
2026-04-02T02:03:04.3863675Z Installing Gemini CLI from npm: @google/gemini-cli@latest
2026-04-02T02:03:31.3592458Z Verifying installation:
2026-04-02T02:03:33.6244314Z 0.35.3
2026-04-02T02:03:33.6532003Z ##[group]Run set -euo pipefail
2026-04-02T02:03:33.6532367Z �[36;1mset -euo pipefail�[0m
2026-04-02T02:03:33.6532593Z �[36;1m�[0m
2026-04-02T02:03:33.6532880Z �[36;1m# Create a temporary directory for storing the output, and ensure it's�[0m
2026-04-02T02:03:33.6533261Z �[36;1m# cleaned up later�[0m
2026-04-02T02:03:33.6533587Z �[36;1mTEMP_STDOUT="$(mktemp -p "${RUNNER_TEMP}" gemini-out.XXXXXXXXXX)"�[0m
2026-04-02T02:03:33.6534435Z �[36;1mTEMP_STDERR="$(mktemp -p "${RUNNER_TEMP}" gemini-err.XXXXXXXXXX)"�[0m
2026-04-02T02:03:33.6534791Z �[36;1mfunction cleanup {�[0m
2026-04-02T02:03:33.6535060Z �[36;1m rm -f "${TEMP_STDOUT}" "${TEMP_STDERR}"�[0m
2026-04-02T02:03:33.6535328Z �[36;1m}�[0m
2026-04-02T02:03:33.6535495Z �[36;1mtrap cleanup EXIT�[0m
2026-04-02T02:03:33.6535694Z �[36;1m�[0m
2026-04-02T02:03:33.6535880Z �[36;1m# Keep track of whether we've failed�[0m
2026-04-02T02:03:33.6536140Z �[36;1mFAILED=false�[0m
2026-04-02T02:03:33.6536324Z �[36;1m�[0m
2026-04-02T02:03:33.6536594Z �[36;1m# Run Gemini CLI with the provided prompt, using JSON output format�[0m
2026-04-02T02:03:33.6537060Z �[36;1m# We capture stdout (JSON) to TEMP_STDOUT and stderr to TEMP_STDERR�[0m
2026-04-02T02:03:33.6537786Z �[36;1mif [[ "${GEMINI_DEBUG}" = true ]]; then�[0m
2026-04-02T02:03:33.6538495Z �[36;1m echo "::warning::Gemini CLI debug logging is enabled. This will stream responses, which could reveal sensitive information if processed with untrusted inputs."�[0m
2026-04-02T02:03:33.6539216Z �[36;1m echo "::: Start Gemini CLI STDOUT :::"�[0m
2026-04-02T02:03:33.6539913Z �[36;1m if ! gemini --debug --yolo --prompt "${PROMPT}" --output-format json 2> >(tee "${TEMP_STDERR}" >&2) | tee "${TEMP_STDOUT}"; then�[0m
2026-04-02T02:03:33.6540465Z �[36;1m FAILED=true�[0m
2026-04-02T02:03:33.6540661Z �[36;1m fi�[0m
2026-04-02T02:03:33.6541222Z �[36;1m # Wait for async stderr logging to complete. This is because process substitution in Bash is async so let tee finish writing to ${TEMP_STDERR}�[0m
2026-04-02T02:03:33.6541970Z �[36;1m sleep 1�[0m
2026-04-02T02:03:33.6542210Z �[36;1m echo "::: End Gemini CLI STDOUT :::"�[0m
2026-04-02T02:03:33.6542470Z �[36;1melse�[0m
2026-04-02T02:03:33.6542877Z �[36;1m if ! gemini --yolo --prompt "${PROMPT}" --output-format json 2> "${TEMP_STDERR}" 1> "${TEMP_STDOUT}"; then�[0m
2026-04-02T02:03:33.6543353Z �[36;1m FAILED=true�[0m
2026-04-02T02:03:33.6543547Z �[36;1m fi�[0m
2026-04-02T02:03:33.6543707Z �[36;1mfi�[0m
2026-04-02T02:03:33.6543862Z �[36;1m�[0m
2026-04-02T02:03:33.6544082Z �[36;1m# Create the artifacts directory and copy full logs�[0m
2026-04-02T02:03:33.6544405Z �[36;1mmkdir -p gemini-artifacts�[0m
2026-04-02T02:03:33.6544698Z �[36;1mcp "${TEMP_STDOUT}" gemini-artifacts/stdout.log�[0m
2026-04-02T02:03:33.6545043Z �[36;1mcp "${TEMP_STDERR}" gemini-artifacts/stderr.log�[0m
2026-04-02T02:03:33.6545359Z �[36;1mif [[ -f .gemini/telemetry.log ]]; then�[0m
2026-04-02T02:03:33.6545708Z �[36;1m cp .gemini/telemetry.log gemini-artifacts/telemetry.log�[0m
2026-04-02T02:03:33.6546027Z �[36;1melse�[0m
2026-04-02T02:03:33.6546355Z �[36;1m # Create an empty file so the artifact upload doesn't fail if telemetry is missing�[0m
2026-04-02T02:03:33.6546797Z �[36;1m touch gemini-artifacts/telemetry.log�[0m
2026-04-02T02:03:33.6547056Z �[36;1mfi�[0m
2026-04-02T02:03:33.6547213Z �[36;1m�[0m
2026-04-02T02:03:33.6547436Z �[36;1m# Parse JSON output to extract response and errors�[0m
2026-04-02T02:03:33.6547905Z �[36;1m# If output is not valid JSON, RESPONSE will be empty and we'll rely on stderr for errors�[0m
2026-04-02T02:03:33.6548330Z �[36;1mRESPONSE=""�[0m
2026-04-02T02:03:33.6548525Z �[36;1mERROR_JSON=""�[0m
2026-04-02T02:03:33.6548773Z �[36;1mif jq -e . "${TEMP_STDOUT}" >/dev/null 2>&1; then�[0m
2026-04-02T02:03:33.6549131Z �[36;1m RESPONSE=$(jq -r '.response // ""' "${TEMP_STDOUT}")�[0m
2026-04-02T02:03:33.6549430Z �[36;1mfi�[0m
2026-04-02T02:03:33.6549644Z �[36;1mif jq -e . "${TEMP_STDERR}" >/dev/null 2>&1; then�[0m
2026-04-02T02:03:33.6549999Z �[36;1m ERROR_JSON=$(jq -c '.error // empty' "${TEMP_STDERR}")�[0m
2026-04-02T02:03:33.6550304Z �[36;1mfi�[0m
2026-04-02T02:03:33.6550457Z �[36;1m�[0m
2026-04-02T02:03:33.6550745Z �[36;1mif { [[ -s "${TEMP_STDERR}" ]] && ! jq -e . "${TEMP_STDERR}" >/dev/null 2>&1; }; then�[0m
2026-04-02T02:03:33.6551188Z �[36;1m echo "::warning::Gemini CLI stderr was not valid JSON"�[0m
2026-04-02T02:03:33.6551489Z �[36;1mfi�[0m
2026-04-02T02:03:33.6551641Z �[36;1m�[0m
2026-04-02T02:03:33.6551923Z �[36;1mif { [[ -s "${TEMP_STDOUT}" ]] && ! jq -e . "${TEMP_STDOUT}" >/dev/null 2>&1; }; then�[0m
2026-04-02T02:03:33.6552365Z �[36;1m echo "::warning::Gemini CLI stdout was not valid JSON"�[0m
2026-04-02T02:03:33.6552671Z �[36;1mfi�[0m
2026-04-02T02:03:33.6552824Z �[36;1m�[0m
2026-04-02T02:03:33.6552979Z �[36;1m�[0m
2026-04-02T02:03:33.6553253Z �[36;1m# Set the captured response as a step output, supporting multiline�[0m
2026-04-02T02:03:33.6553672Z �[36;1mecho "gemini_response<<EOF" >> "${GITHUB_OUTPUT}"�[0m
2026-04-02T02:03:33.6553982Z �[36;1mif [[ -n "${RESPONSE}" ]]; then�[0m
2026-04-02T02:03:33.6554260Z �[36;1m echo "${RESPONSE}" >> "${GITHUB_OUTPUT}"�[0m
2026-04-02T02:03:33.6554726Z �[36;1melse�[0m
2026-04-02T02:03:33.6554932Z �[36;1m cat "${TEMP_STDOUT}" >> "${GITHUB_OUTPUT}"�[0m
2026-04-02T02:03:33.6555191Z �[36;1mfi�[0m
2026-04-02T02:03:33.6555370Z �[36;1mecho "EOF" >> "${GITHUB_OUTPUT}"�[0m
2026-04-02T02:03:33.6555604Z �[36;1m�[0m
2026-04-02T02:03:33.6555862Z �[36;1m# Set the captured errors as a step output, supporting multiline�[0m
2026-04-02T02:03:33.6556259Z �[36;1mecho "gemini_errors<<EOF" >> "${GITHUB_OUTPUT}"�[0m
2026-04-02T02:03:33.6556665Z �[36;1mif [[ -n "${ERROR_JSON}" ]]; then�[0m
2026-04-02T02:03:33.6556953Z �[36;1m echo "${ERROR_JSON}" >> "${GITHUB_OUTPUT}"�[0m
2026-04-02T02:03:33.6557214Z �[36;1melse�[0m
2026-04-02T02:03:33.6557564Z �[36;1m cat "${TEMP_STDERR}" >> "${GITHUB_OUTPUT}"�[0m
2026-04-02T02:03:33.6557830Z �[36;1mfi�[0m
2026-04-02T02:03:33.6558008Z �[36;1mecho "EOF" >> "${GITHUB_OUTPUT}"�[0m
2026-04-02T02:03:33.6558241Z �[36;1m�[0m
2026-04-02T02:03:33.6558404Z �[36;1m# Generate Job Summary�[0m
2026-04-02T02:03:33.6558663Z �[36;1mif [[ -n "${GITHUB_STEP_SUMMARY:-}" ]]; then�[0m
2026-04-02T02:03:33.6558930Z �[36;1m {�[0m
2026-04-02T02:03:33.6559113Z �[36;1m echo "### Gemini CLI Execution"�[0m
2026-04-02T02:03:33.6559360Z �[36;1m echo�[0m
2026-04-02T02:03:33.6559538Z �[36;1m echo "#### Prompt"�[0m
2026-04-02T02:03:33.6559748Z �[36;1m echo�[0m
2026-04-02T02:03:33.6559918Z �[36;1m echo "\`\`\`"�[0m
2026-04-02T02:03:33.6560124Z �[36;1m echo "${PROMPT}"�[0m
2026-04-02T02:03:33.6560333Z �[36;1m echo "\`\`\`"�[0m
2026-04-02T02:03:33.6560529Z �[36;1m echo�[0m
2026-04-02T02:03:33.6560718Z �[36;1m if [[ -n "${RESPONSE}" ]]; then�[0m
2026-04-02T02:03:33.6560976Z �[36;1m echo "#### Response"�[0m
2026-04-02T02:03:33.6561200Z �[36;1m echo�[0m
2026-04-02T02:03:33.6561390Z �[36;1m echo "${RESPONSE}"�[0m
2026-04-02T02:03:33.6561606Z �[36;1m echo�[0m
2026-04-02T02:03:33.6561782Z �[36;1m fi�[0m
2026-04-02T02:03:33.6562125Z �[36;1m if [[ -n "${ERROR_JSON}" ]]; then�[0m
2026-04-02T02:03:33.6562392Z �[36;1m echo "#### Error"�[0m
2026-04-02T02:03:33.6562609Z �[36;1m echo�[0m
2026-04-02T02:03:33.6562799Z �[36;1m echo "\`\`\`json"�[0m
2026-04-02T02:03:33.6563025Z �[36;1m echo "${ERROR_JSON}"�[0m
2026-04-02T02:03:33.6563254Z �[36;1m echo "\`\`\`"�[0m
2026-04-02T02:03:33.6563450Z �[36;1m echo�[0m
2026-04-02T02:03:33.6563663Z �[36;1m elif [[ "${FAILED}" == "true" ]]; then�[0m
2026-04-02T02:03:33.6563939Z �[36;1m echo "#### Error Output"�[0m
2026-04-02T02:03:33.6564174Z �[36;1m echo�[0m
2026-04-02T02:03:33.6564353Z �[36;1m echo "\`\`\`"�[0m
2026-04-02T02:03:33.6564568Z �[36;1m cat "${TEMP_STDERR}"�[0m
2026-04-02T02:03:33.6564799Z �[36;1m echo "\`\`\`"�[0m
2026-04-02T02:03:33.6564994Z �[36;1m echo�[0m
2026-04-02T02:03:33.6565175Z �[36;1m fi�[0m
2026-04-02T02:03:33.6565363Z �[36;1m } >> "${GITHUB_STEP_SUMMARY}"�[0m
2026-04-02T02:03:33.6565596Z �[36;1mfi�[0m
2026-04-02T02:03:33.6565748Z �[36;1m�[0m
2026-04-02T02:03:33.6565921Z �[36;1mif [[ "${FAILED}" = true ]]; then�[0m
2026-04-02T02:03:33.6566290Z �[36;1m # If we have a structured error from JSON, use it for the error message�[0m
2026-04-02T02:03:33.6566677Z �[36;1m if [[ -n "${ERROR_JSON}" ]]; then�[0m
2026-04-02T02:03:33.6566991Z �[36;1m ERROR_MSG=$(jq -r '.message // .' <<< "${ERROR_JSON}")�[0m
2026-04-02T02:03:33.6567399Z �[36;1m echo "::error title=Gemini CLI execution failed::${ERROR_MSG}"�[0m
2026-04-02T02:03:33.6567734Z �[36;1m fi�[0m
2026-04-02T02:03:33.6567935Z �[36;1m echo "::: Start Gemini CLI STDERR :::"�[0m
2026-04-02T02:03:33.6568204Z �[36;1m cat "${TEMP_STDERR}"�[0m
2026-04-02T02:03:33.6568446Z �[36;1m echo "::: End Gemini CLI STDERR :::"�[0m
2026-04-02T02:03:33.6568698Z �[36;1m exit 1�[0m
2026-04-02T02:03:33.6568866Z �[36;1mfi�[0m
2026-04-02T02:03:33.6580929Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2026-04-02T02:03:33.6581246Z env:
2026-04-02T02:03:33.6581841Z CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /tmp/runner-2/work/myProject/myProject/gha-creds-b288eabc86ee815a.json
2026-04-02T02:03:33.6583016Z GOOGLE_APPLICATION_CREDENTIALS: /tmp/runner-2/work/myProject/myProject/gha-creds-b288eabc86ee815a.json
2026-04-02T02:03:33.6583679Z GOOGLE_GHA_CREDS_PATH: /tmp/runner-2/work/myProject/myProject/gha-creds-b288eabc86ee815a.json
2026-04-02T02:03:33.6584156Z CLOUDSDK_CORE_PROJECT: myProjectId
2026-04-02T02:03:33.6584458Z CLOUDSDK_PROJECT: myProjectId
2026-04-02T02:03:33.6584740Z GCLOUD_PROJECT: myProjectId
2026-04-02T02:03:33.6585139Z GCP_PROJECT: myProjectId
2026-04-02T02:03:33.6585427Z GOOGLE_CLOUD_PROJECT: myProjectId
2026-04-02T02:03:33.6585700Z GEMINI_DEBUG: false
2026-04-02T02:03:33.6585890Z GEMINI_API_KEY:
2026-04-02T02:03:33.6586066Z SURFACE: GitHub
2026-04-02T02:03:33.6586252Z GOOGLE_CLOUD_LOCATION: global
2026-04-02T02:03:33.6586482Z GOOGLE_GENAI_USE_VERTEXAI: false
2026-04-02T02:03:33.6586703Z GOOGLE_API_KEY:
2026-04-02T02:03:33.6586888Z GOOGLE_GENAI_USE_GCA: true
2026-04-02T02:03:33.6592162Z GOOGLE_CLOUD_ACCESS_TOKEN: ***
2026-04-02T02:03:33.6592406Z PROMPT: You are a helpful assistant.
2026-04-02T02:03:33.6592645Z GEMINI_MODEL:
2026-04-02T02:03:33.6592837Z GH_WORKFLOW_NAME: gemini_pr_review
2026-04-02T02:03:33.6593063Z ##[endgroup]
2026-04-02T02:03:38.9351743Z ##[warning]Gemini CLI stderr was not valid JSON
2026-04-02T02:03:38.9370121Z ::: Start Gemini CLI STDERR :::
2026-04-02T02:03:38.9375125Z YOLO mode is enabled. All tool calls will be automatically approved.
2026-04-02T02:03:38.9376175Z Keychain initialization encountered an error: libsecret-1.so.0: cannot open shared object file: No such file or directory
2026-04-02T02:03:38.9377407Z Using FileKeychain fallback for secure storage.
2026-04-02T02:03:38.9379415Z Error authenticating: GaxiosError: Cloud Code Private API has not been used in project 271520206934 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudcode-pa.googleapis.com/overview?project=271520206934 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
2026-04-02T02:03:38.9381332Z at Gaxios._request (/home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/gaxios/build/src/gaxios.js:142:23)
2026-04-02T02:03:38.9382301Z at process.processTicksAndRejections (node:internal/process/task_queues:104:5)
2026-04-02T02:03:38.9383246Z at async OAuth2Client.requestAsync (/home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/google-auth-library/build/src/auth/oauth2client.js:429:18)
2026-04-02T02:03:38.9384592Z at async CodeAssistServer.requestPost (file:///home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/@google/gemini-cli-core/dist/src/code_assist/server.js:219:21)
2026-04-02T02:03:38.9387097Z at async CodeAssistServer.loadCodeAssist (file:///home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/@google/gemini-cli-core/dist/src/code_assist/server.js:129:20)
2026-04-02T02:03:38.9389276Z at async _doSetupUser (file:///home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/@google/gemini-cli-core/dist/src/code_assist/setup.js:96:19) {
2026-04-02T02:03:38.9390593Z config: {
2026-04-02T02:03:38.9391216Z url: 'https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist',
2026-04-02T02:03:38.9391842Z method: 'POST',
2026-04-02T02:03:38.9392083Z headers: {
2026-04-02T02:03:38.9392400Z 'Content-Type': 'application/json',
2026-04-02T02:03:38.9393177Z 'User-Agent': 'GeminiCLI/0.35.3/gemini-3-pro-preview (linux; x64; GitHub) google-api-nodejs-client/9.15.1',
2026-04-02T02:03:38.9393874Z Authorization: '<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.',
2026-04-02T02:03:38.9394323Z 'x-goog-api-client': 'gl-node/24.14.0',
2026-04-02T02:03:38.9394588Z Accept: 'application/json'
2026-04-02T02:03:38.9395204Z },
2026-04-02T02:03:38.9395373Z responseType: 'json',
2026-04-02T02:03:38.9396158Z body: '{"cloudaicompanionProject":"myProjectId","metadata":{"ideType":"IDE_UNSPECIFIED","platform":"PLATFORM_UNSPECIFIED","pluginType":"GEMINI","duetProject":"myProjectId"}}',
2026-04-02T02:03:38.9397382Z retryConfig: {
2026-04-02T02:03:38.9397579Z retryDelay: 100,
2026-04-02T02:03:38.9397773Z retry: 3,
2026-04-02T02:03:38.9397995Z noResponseRetries: 3,
2026-04-02T02:03:38.9398419Z statusCodesToRetry: [Array],
2026-04-02T02:03:38.9398672Z currentRetryAttempt: 0,
2026-04-02T02:03:38.9398908Z httpMethodsToRetry: [Array],
2026-04-02T02:03:38.9399149Z retryDelayMultiplier: 2,
2026-04-02T02:03:38.9399553Z timeOfFirstRequest: 1775095418679,
2026-04-02T02:03:38.9399812Z totalTimeout: 9007199254740991,
2026-04-02T02:03:38.9400052Z maxRetryDelay: 9007199254740991
2026-04-02T02:03:38.9400270Z },
2026-04-02T02:03:38.9400488Z paramsSerializer: [Function: paramsSerializer],
2026-04-02T02:03:38.9400808Z validateStatus: [Function: validateStatus],
2026-04-02T02:03:38.9401120Z errorRedactor: [Function: defaultErrorRedactor]
2026-04-02T02:03:38.9401387Z },
2026-04-02T02:03:38.9401540Z response: {
2026-04-02T02:03:38.9401705Z config: {
2026-04-02T02:03:38.9401999Z url: 'https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist',
2026-04-02T02:03:38.9402367Z method: 'POST',
2026-04-02T02:03:38.9402564Z headers: [Object],
2026-04-02T02:03:38.9402770Z responseType: 'json',
2026-04-02T02:03:38.9403557Z body: '{"cloudaicompanionProject":"myProjectId","metadata":{"ideType":"IDE_UNSPECIFIED","platform":"PLATFORM_UNSPECIFIED","pluginType":"GEMINI","duetProject":"myProjectId"}}',
2026-04-02T02:03:38.9404380Z retryConfig: [Object],
2026-04-02T02:03:38.9404646Z paramsSerializer: [Function: paramsSerializer],
2026-04-02T02:03:38.9404968Z validateStatus: [Function: validateStatus],
2026-04-02T02:03:38.9405289Z errorRedactor: [Function: defaultErrorRedactor]
2026-04-02T02:03:38.9405561Z },
2026-04-02T02:03:38.9405726Z data: { error: [Object] },
2026-04-02T02:03:38.9405935Z headers: {
2026-04-02T02:03:38.9406159Z 'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
2026-04-02T02:03:38.9406467Z 'content-encoding': 'gzip',
2026-04-02T02:03:38.9406750Z 'content-type': 'application/json; charset=UTF-8',
2026-04-02T02:03:38.9407056Z date: 'Thu, 02 Apr 2026 02:03:39 GMT',
2026-04-02T02:03:38.9407295Z server: 'ESF',
2026-04-02T02:03:38.9407497Z 'server-timing': 'gfet4t7; dur=27',
2026-04-02T02:03:38.9407757Z 'transfer-encoding': 'chunked',
2026-04-02T02:03:38.9408010Z vary: 'Origin, X-Origin, Referer',
2026-04-02T02:03:38.9408279Z 'x-content-type-options': 'nosniff',
2026-04-02T02:03:38.9408658Z 'x-frame-options': 'SAMEORIGIN',
2026-04-02T02:03:38.9408903Z 'x-xss-protection': '0'
2026-04-02T02:03:38.9409111Z },
2026-04-02T02:03:38.9409259Z status: 403,
2026-04-02T02:03:38.9409443Z statusText: 'Forbidden',
2026-04-02T02:03:38.9409650Z request: {
2026-04-02T02:03:38.9409960Z responseURL: 'https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist'
2026-04-02T02:03:38.9410348Z }
2026-04-02T02:03:38.9410497Z },
2026-04-02T02:03:38.9410651Z error: undefined,
2026-04-02T02:03:38.9411015Z status: 403,
2026-04-02T02:03:38.9411189Z code: 403,
2026-04-02T02:03:38.9411354Z errors: [
2026-04-02T02:03:38.9411506Z {
2026-04-02T02:03:38.9412738Z message: 'Cloud Code Private API has not been used in project 271520206934 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudcode-pa.googleapis.com/overview?project=271520206934 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.',
2026-04-02T02:03:38.9414468Z domain: 'usageLimits',
2026-04-02T02:03:38.9415061Z reason: 'accessNotConfigured',
2026-04-02T02:03:38.9415384Z extendedHelp: 'https://console.developers.google.com'
2026-04-02T02:03:38.9415683Z }
2026-04-02T02:03:38.9415833Z ],
2026-04-02T02:03:38.9416006Z Symbol(gaxios-gaxios-error): '6.7.1'
2026-04-02T02:03:38.9416238Z }
2026-04-02T02:03:38.9416486Z YOLO mode is enabled. All tool calls will be automatically approved.
2026-04-02T02:03:38.9418188Z An unexpected critical error occurred:Error: Cloud Code Private API has not been used in project 271520206934 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudcode-pa.googleapis.com/overview?project=271520206934 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
2026-04-02T02:03:38.9420012Z at Gaxios._request (/home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/gaxios/build/src/gaxios.js:142:23)
2026-04-02T02:03:38.9420780Z at process.processTicksAndRejections (node:internal/process/task_queues:104:5)
2026-04-02T02:03:38.9421705Z at async OAuth2Client.requestAsync (/home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/google-auth-library/build/src/auth/oauth2client.js:429:18)
2026-04-02T02:03:38.9423086Z at async CodeAssistServer.requestPost (file:///home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/@google/gemini-cli-core/dist/src/code_assist/server.js:219:21)
2026-04-02T02:03:38.9424519Z at async CodeAssistServer.loadCodeAssist (file:///home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/@google/gemini-cli-core/dist/src/code_assist/server.js:129:20)
2026-04-02T02:03:38.9425831Z at async _doSetupUser (file:///home/runner/.nvm/versions/node/v24.14.0/lib/node_modules/@google/gemini-cli/node_modules/@google/gemini-cli-core/dist/src/code_assist/setup.js:96:19)
2026-04-02T02:03:38.9426762Z ::: End Gemini CLI STDERR :::
2026-04-02T02:03:38.9429814Z ##[error]Process completed with exit code 1.
2026-04-02T02:03:38.9784873Z Post job cleanup.
2026-04-02T02:03:38.9843118Z Post job cleanup.
2026-04-02T02:03:39.0654874Z Removed exported credentials at "/tmp/runner-2/work/myProject/myProject/gha-creds-b288eabc86ee815a.json".
2026-04-02T02:03:39.0771889Z Post job cleanup.
2026-04-02T02:03:39.1549228Z [command]/usr/bin/git version
2026-04-02T02:03:39.1586867Z git version 2.43.0
2026-04-02T02:03:39.1629645Z Temporarily overriding HOME='/tmp/runner-2/work/_temp/577d7163-e168-45a2-bd50-d3bd6f463214' before making global git config changes
2026-04-02T02:03:39.1630511Z Adding repository directory to the temporary git global config as a safe directory
2026-04-02T02:03:39.1636241Z [command]/usr/bin/git config --global --add safe.directory /tmp/runner-2/work/myProject/myProject
2026-04-02T02:03:39.1672251Z Removing SSH command configuration
2026-04-02T02:03:39.1679852Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2026-04-02T02:03:39.1718338Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2026-04-02T02:03:39.1957115Z Removing HTTP extra header
2026-04-02T02:03:39.1962489Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2026-04-02T02:03:39.2001008Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2026-04-02T02:03:39.2238261Z Removing includeIf entries pointing to credentials config files
2026-04-02T02:03:39.2246102Z [command]/usr/bin/git config --local --name-only --get-regexp ^includeIf\.gitdir:
2026-04-02T02:03:39.2278369Z includeif.gitdir:/tmp/runner-2/work/myProject/myProject/.git.path
2026-04-02T02:03:39.2279703Z includeif.gitdir:/tmp/runner-2/work/myProject/myProject/.git/worktrees/*.path
2026-04-02T02:03:39.2281462Z includeif.gitdir:/github/workspace/.git.path
2026-04-02T02:03:39.2282016Z includeif.gitdir:/github/workspace/.git/worktrees/*.path
2026-04-02T02:03:39.2291272Z [command]/usr/bin/git config --local --get-all includeif.gitdir:/tmp/runner-2/work/myProject/myProject/.git.path
2026-04-02T02:03:39.2316639Z /tmp/runner-2/work/_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:39.2327737Z [command]/usr/bin/git config --local --unset includeif.gitdir:/tmp/runner-2/work/myProject/myProject/.git.path /tmp/runner-2/work/_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:39.2368033Z [command]/usr/bin/git config --local --get-all includeif.gitdir:/tmp/runner-2/work/myProject/myProject/.git/worktrees/*.path
2026-04-02T02:03:39.2394696Z /tmp/runner-2/work/_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:39.2405587Z [command]/usr/bin/git config --local --unset includeif.gitdir:/tmp/runner-2/work/myProject/myProject/.git/worktrees/*.path /tmp/runner-2/work/_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:39.2442049Z [command]/usr/bin/git config --local --get-all includeif.gitdir:/github/workspace/.git.path
2026-04-02T02:03:39.2467995Z /github/runner_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:39.2477024Z [command]/usr/bin/git config --local --unset includeif.gitdir:/github/workspace/.git.path /github/runner_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:39.2518102Z [command]/usr/bin/git config --local --get-all includeif.gitdir:/github/workspace/.git/worktrees/*.path
2026-04-02T02:03:39.2545614Z /github/runner_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:39.2556196Z [command]/usr/bin/git config --local --unset includeif.gitdir:/github/workspace/.git/worktrees/*.path /github/runner_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config
2026-04-02T02:03:39.2591223Z [command]/usr/bin/git submodule foreach --recursive git config --local --show-origin --name-only --get-regexp remote.origin.url
2026-04-02T02:03:39.2819247Z Removing credentials config '/tmp/runner-2/work/_temp/git-credentials-1e5f8213-648c-4858-82b4-e1ac130d42d7.config'
2026-04-02T02:03:39.2967297Z Cleaning up orphan processes
Additional information
No response