mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-05-20 08:42:39 -07:00
Christian Gunderman
4449f3f43c
This adds a settings.json file to the bot's configuration to explicitly allow GH_TOKEN and GITHUB_TOKEN to bypass the environment variable redaction engine. This is required because the bot runs in GitHub Actions, which enforces strict redaction mode by default. The workflow file was also simplified by removing the wrapper script that was previously used to bypass redaction.
25 lines
721 B
TOML
25 lines
721 B
TOML
# Custom CI Policy for Gemini CLI Bot
|
|
# This policy guarantees permission for shell commands and file writing in the bot's CI environment.
|
|
|
|
[[rule]]
|
|
toolName = ["run_shell_command", "write_file", "replace", "activate_skill"]
|
|
decision = "allow"
|
|
# Max priority to ensure it overrides all default and workspace rules.
|
|
priority = 999
|
|
# Explicitly target the headless environment to match the specificity of default denial rules.
|
|
interactive = false
|
|
# Capture output without triggering a policy downgrade to ASK_USER.
|
|
allowRedirection = true
|
|
|
|
[[rule]]
|
|
toolName = "invoke_agent"
|
|
decision = "allow"
|
|
priority = 999
|
|
interactive = false
|
|
|
|
[[rule]]
|
|
toolName = "google_web_search"
|
|
decision = "deny"
|
|
priority = 999
|
|
interactive = false
|