MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-29 14:34:55 -07:00
Code Issues Packages Projects Releases Wiki Activity

permissions (#8800)

Browse Source
This commit is contained in:
matt korwel
2025-09-18 19:51:35 -07:00
committed by GitHub
parent 690867e433
commit 81dcef070f
2 changed files with 9 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/release-patch-1-create-pr.yml
+2 -11
View File
@@ -56,19 +56,10 @@ jobs:
git config user.name "gemini-cli-robot" git config user.name "gemini-cli-robot"
git config user.email "gemini-cli-robot@google.com" git config user.email "gemini-cli-robot@google.com"
- name: 'Generate GitHub App Token'
id: 'generate_token'
uses: 'actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b'
with:
app-id: '${{ secrets.APP_ID }}'
private-key: '${{ secrets.PRIVATE_KEY }}'
permission-pull-requests: 'write'
permission-contents: 'write'
- name: 'Create Patch' - name: 'Create Patch'
id: 'create_patch' id: 'create_patch'
env: env:
GH_TOKEN: '${{ steps.generate_token.outputs.token }}' GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
continue-on-error: true continue-on-error: true
run: | run: |
# Capture output directly to environment variable # Capture output directly to environment variable
@@ -84,7 +75,7 @@ jobs:
- name: 'Comment on Original PR' - name: 'Comment on Original PR'
if: '!inputs.dry_run && inputs.original_pr' if: '!inputs.dry_run && inputs.original_pr'
env: env:
GH_TOKEN: '${{ steps.generate_token.outputs.token }}' GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
ORIGINAL_PR: '${{ github.event.inputs.original_pr }}' ORIGINAL_PR: '${{ github.event.inputs.original_pr }}'
EXIT_CODE: '${{ steps.create_patch.outputs.EXIT_CODE }}' EXIT_CODE: '${{ steps.create_patch.outputs.EXIT_CODE }}'
COMMIT: '${{ github.event.inputs.commit }}' COMMIT: '${{ github.event.inputs.commit }}'
.github/workflows/release-patch-from-comment.yml
+7 -16
View File
@@ -19,21 +19,11 @@ jobs:
with: with:
fetch-depth: 1 fetch-depth: 1
- name: 'Generate GitHub App Token'
id: 'generate_token'
uses: 'actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b'
with:
app-id: '${{ secrets.APP_ID }}'
private-key: '${{ secrets.PRIVATE_KEY }}'
permission-pull-requests: 'write'
permission-contents: 'write'
permission-actions: 'write'
- name: 'Slash Command Dispatch' - name: 'Slash Command Dispatch'
id: 'slash_command' id: 'slash_command'
uses: 'peter-evans/slash-command-dispatch@40877f718dce0101edfc7aea2b3800cc192f9ed5' uses: 'peter-evans/slash-command-dispatch@40877f718dce0101edfc7aea2b3800cc192f9ed5'
with: with:
token: '${{ steps.generate_token.outputs.token }}' token: '${{ secrets.GITHUB_TOKEN }}'
commands: 'patch' commands: 'patch'
permission: 'write' permission: 'write'
issue-type: 'pull-request' issue-type: 'pull-request'
@@ -44,7 +34,7 @@ jobs:
id: 'pr_status' id: 'pr_status'
if: "startsWith(github.event.comment.body, '/patch')" if: "startsWith(github.event.comment.body, '/patch')"
env: env:
GH_TOKEN: '${{ steps.generate_token.outputs.token }}' GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
run: | run: |
gh pr view "${{ github.event.issue.number }}" --json mergeCommit,state > pr_status.json gh pr view "${{ github.event.issue.number }}" --json mergeCommit,state > pr_status.json
echo "MERGE_COMMIT_SHA=$(jq -r .mergeCommit.oid pr_status.json)" >> "$GITHUB_OUTPUT" echo "MERGE_COMMIT_SHA=$(jq -r .mergeCommit.oid pr_status.json)" >> "$GITHUB_OUTPUT"
@@ -57,6 +47,7 @@ jobs:
env: env:
COMMENT_BODY: '${{ github.event.comment.body }}' COMMENT_BODY: '${{ github.event.comment.body }}'
with: with:
github-token: '${{ secrets.GITHUB_TOKEN }}'
script: | script: |
// Parse the comment body directly to extract channel // Parse the comment body directly to extract channel
const commentBody = process.env.COMMENT_BODY; const commentBody = process.env.COMMENT_BODY;
@@ -123,7 +114,7 @@ jobs:
if: "startsWith(github.event.comment.body, '/patch') && steps.pr_status.outputs.STATE != 'MERGED'" if: "startsWith(github.event.comment.body, '/patch') && steps.pr_status.outputs.STATE != 'MERGED'"
uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d' uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d'
with: with:
token: '${{ steps.generate_token.outputs.token }}' token: '${{ secrets.GITHUB_TOKEN }}'
issue-number: '${{ github.event.issue.number }}' issue-number: '${{ github.event.issue.number }}'
body: | body: |
:x: The `/patch` command failed. This pull request must be merged before a patch can be created. :x: The `/patch` command failed. This pull request must be merged before a patch can be created.
@@ -132,7 +123,7 @@ jobs:
if: "always() && startsWith(github.event.comment.body, '/patch') && steps.dispatch_patch.outcome == 'success' && steps.dispatch_patch.outputs.dispatched_run_url" if: "always() && startsWith(github.event.comment.body, '/patch') && steps.dispatch_patch.outcome == 'success' && steps.dispatch_patch.outputs.dispatched_run_url"
uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d' uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d'
with: with:
token: '${{ steps.generate_token.outputs.token }}' token: '${{ secrets.GITHUB_TOKEN }}'
issue-number: '${{ github.event.issue.number }}' issue-number: '${{ github.event.issue.number }}'
body: | body: |
✅ **Patch workflow dispatched successfully!** ✅ **Patch workflow dispatched successfully!**
@@ -149,7 +140,7 @@ jobs:
if: "always() && startsWith(github.event.comment.body, '/patch') && steps.dispatch_patch.outcome == 'success' && !steps.dispatch_patch.outputs.dispatched_run_url" if: "always() && startsWith(github.event.comment.body, '/patch') && steps.dispatch_patch.outcome == 'success' && !steps.dispatch_patch.outputs.dispatched_run_url"
uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d' uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d'
with: with:
token: '${{ steps.generate_token.outputs.token }}' token: '${{ secrets.GITHUB_TOKEN }}'
issue-number: '${{ github.event.issue.number }}' issue-number: '${{ github.event.issue.number }}'
body: | body: |
✅ **Patch workflow dispatched successfully!** ✅ **Patch workflow dispatched successfully!**
@@ -166,7 +157,7 @@ jobs:
if: "always() && startsWith(github.event.comment.body, '/patch') && (steps.dispatch_patch.outcome == 'failure' || steps.dispatch_patch.outcome == 'cancelled')" if: "always() && startsWith(github.event.comment.body, '/patch') && (steps.dispatch_patch.outcome == 'failure' || steps.dispatch_patch.outcome == 'cancelled')"
uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d' uses: 'peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d'
with: with:
token: '${{ steps.generate_token.outputs.token }}' token: '${{ secrets.GITHUB_TOKEN }}'
issue-number: '${{ github.event.issue.number }}' issue-number: '${{ github.event.issue.number }}'
body: | body: |
❌ **Patch workflow dispatch failed!** ❌ **Patch workflow dispatch failed!**