GC-201b · Module 3

GitHub Actions with Gemini CLI

4 min read

Gemini CLI's headless mode (-p flag) transforms it from an interactive coding assistant into a scriptable automation engine. In CI/CD contexts, this means Gemini can review PRs, generate documentation, validate code quality, and produce release notes — all triggered by GitHub Actions events. The pattern is: trigger on a Git event, run gemini -p with a structured prompt, parse the output, and take action based on the results.

Setting up Gemini CLI in GitHub Actions requires three things: installing the CLI in the runner, providing authentication via the GEMINI_API_KEY secret, and configuring the workflow trigger. The API key is the recommended auth path for CI/CD — Google account OAuth requires browser interaction which is not available in headless CI environments. Store the key as a GitHub repository secret and reference it in your workflow.

name: Gemini Code Review
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20

      - name: Install Gemini CLI
        run: npm install -g @google/gemini-cli

      - name: Run Code Review
        env:
          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
        run: |
          DIFF=$(git diff origin/${{ github.base_ref }}...HEAD)
          gemini -p "Review this PR diff. Focus on bugs, security issues, and style violations. Output as JSON with fields: issues[], summary, risk_level." \
            --output-format json > review.json

      - name: Post Review Comment
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const review = JSON.parse(fs.readFileSync('review.json', 'utf8'));
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: `## Gemini Code Review\n\n${review.summary}\n\nRisk: **${review.risk_level}**`
            });

Do This

  • Store GEMINI_API_KEY as a GitHub secret — never in workflow files
  • Use --output-format json for machine-readable output in CI
  • Constrain CI prompts to read-only analysis — no file writes in automated reviews

Avoid This

  • Hardcode API keys in workflow YAML files
  • Parse plain text output with regex when JSON output is available
  • Give Gemini write permissions in CI without Docker sandbox