Workflow Setup

Running Gemini CLI in GitHub Actions requires three things: installing the CLI, authenticating with Google, and executing prompts in headless mode. The installation step uses npm install -g @anthropic-ai/gemini-cli (or the current package name) in the workflow. Authentication uses a Google Cloud service account key stored as a GitHub secret — not a personal Google account, which requires interactive OAuth. The execution step runs gemini -p with structured output, capturing results as workflow artifacts or PR comments.

Workflow triggers determine when Gemini runs. Pull request events (opened, synchronize) trigger code review. Push to main triggers documentation generation. Scheduled triggers (cron) run periodic audits. The trigger choice affects cost — a workflow that runs on every push to every branch will burn API quota fast. Restrict triggers to specific branches, paths, or event types. Use path filters (paths: ["src/**"]) to skip Gemini analysis when only docs or configs change.

name: Gemini CLI Review
on:
  pull_request:
    types: [opened, synchronize]
    paths: ['src/**', 'lib/**']

jobs:
  review:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Full history for diff

      - uses: actions/setup-node@v4
        with:
          node-version: 22

      - name: Install Gemini CLI
        run: npm install -g @anthropic-ai/gemini-cli

      - name: Run analysis
        env:
          GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
        run: |
          DIFF=$(git diff origin/main...HEAD)
          gemini -p "Review this PR diff for bugs, security issues, and style violations. Output JSON: {issues: [{file, line, severity, message}]}\n\n$DIFF" \
            --output-format json > review.json

      - uses: actions/upload-artifact@v4
        with:
          name: gemini-review
          path: review.json