fix: add auth checks and trust workspace in gemini workflows

Author: utkarsh232005

.github/workflows/gemini-invoke.yml

@@ -40,6 +40,13 @@ jobs:
       - name: 'Checkout Code'
         uses: 'actions/checkout@v4' # ratchet:exclude
 
+      - name: 'Check for Gemini Authentication'
+        run: |
+          if [[ -z "${{ secrets.GEMINI_API_KEY }}" && -z "${{ secrets.GOOGLE_API_KEY }}" && -z "${{ vars.GCP_WIF_PROVIDER }}" ]]; then
+            echo "::error::Gemini API authentication is not configured. Please add GEMINI_API_KEY or GOOGLE_API_KEY to your repository secrets, or configure Google Cloud Workload Identity Federation."
+            exit 1
+          fi
+
       - name: 'Run Gemini CLI'
         id: 'run_gemini'
         uses: 'google-github-actions/run-gemini-cli@v0' # ratchet:exclude
@@ -52,6 +59,7 @@ jobs:
           ISSUE_NUMBER: '${{ github.event.pull_request.number || github.event.issue.number }}'
           REPOSITORY: '${{ github.repository }}'
           ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}'
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
         with:
           gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}'
           gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}'

.github/workflows/gemini-plan-execute.yml

@@ -42,6 +42,13 @@ jobs:
       - name: 'Checkout Code'
         uses: 'actions/checkout@v4' # ratchet:exclude
 
+      - name: 'Check for Gemini Authentication'
+        run: |
+          if [[ -z "${{ secrets.GEMINI_API_KEY }}" && -z "${{ secrets.GOOGLE_API_KEY }}" && -z "${{ vars.GCP_WIF_PROVIDER }}" ]]; then
+            echo "::error::Gemini API authentication is not configured. Please add GEMINI_API_KEY or GOOGLE_API_KEY to your repository secrets, or configure Google Cloud Workload Identity Federation."
+            exit 1
+          fi
+
       - name: 'Run Gemini CLI'
         id: 'run_gemini'
         uses: 'google-github-actions/run-gemini-cli@v0' # ratchet:exclude
@@ -54,6 +61,7 @@ jobs:
           ISSUE_NUMBER: '${{ github.event.pull_request.number || github.event.issue.number }}'
           REPOSITORY: '${{ github.repository }}'
           ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}'
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
         with:
           gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}'
           gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}'

.github/workflows/gemini-review.yml

@@ -41,6 +41,13 @@ jobs:
       - name: 'Checkout repository'
         uses: 'actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8' # ratchet:actions/checkout@v6
 
+      - name: 'Check for Gemini Authentication'
+        run: |
+          if [[ -z "${{ secrets.GEMINI_API_KEY }}" && -z "${{ secrets.GOOGLE_API_KEY }}" && -z "${{ vars.GCP_WIF_PROVIDER }}" ]]; then
+            echo "::error::Gemini API authentication is not configured. Please add GEMINI_API_KEY or GOOGLE_API_KEY to your repository secrets, or configure Google Cloud Workload Identity Federation."
+            exit 1
+          fi
+
       - name: 'Run Gemini pull request review'
         uses: 'google-github-actions/run-gemini-cli@v0' # ratchet:exclude
         id: 'gemini_pr_review'
@@ -52,6 +59,7 @@ jobs:
           REPOSITORY: '${{ github.repository }}'
           ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}'
           GEMINI_API_KEY: '${{ secrets.GEMINI_API_KEY }}'
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
         with:
           gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}'
           gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}'

.github/workflows/gemini-scheduled-triage.yml

@@ -88,6 +88,13 @@ jobs:
           ISSUE_COUNT="$(echo "${ISSUES}" | jq 'length')"
           echo "✅ Found ${ISSUE_COUNT} issue(s) to triage! 🎯"
 
+      - name: 'Check for Gemini Authentication'
+        run: |
+          if [[ -z "${{ secrets.GEMINI_API_KEY }}" && -z "${{ secrets.GOOGLE_API_KEY }}" && -z "${{ vars.GCP_WIF_PROVIDER }}" ]]; then
+            echo "::error::Gemini API authentication is not configured. Please add GEMINI_API_KEY or GOOGLE_API_KEY to your repository secrets, or configure Google Cloud Workload Identity Federation."
+            exit 1
+          fi
+
       - name: 'Run Gemini Issue Analysis'
         id: 'gemini_issue_analysis'
         if: |-
@@ -98,6 +105,7 @@ jobs:
           ISSUES_TO_TRIAGE: '${{ steps.find_issues.outputs.issues_to_triage }}'
           REPOSITORY: '${{ github.repository }}'
           AVAILABLE_LABELS: '${{ steps.get_labels.outputs.available_labels }}'
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
         with:
           gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}'
           gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}'

.github/workflows/gemini-triage.yml

@@ -55,6 +55,13 @@ jobs:
             core.info(`Found ${labelNames.length} labels: ${labelNames.join(', ')}`);
             return labelNames;
 
+      - name: 'Check for Gemini Authentication'
+        run: |
+          if [[ -z "${{ secrets.GEMINI_API_KEY }}" && -z "${{ secrets.GOOGLE_API_KEY }}" && -z "${{ vars.GCP_WIF_PROVIDER }}" ]]; then
+            echo "::error::Gemini API authentication is not configured. Please add GEMINI_API_KEY or GOOGLE_API_KEY to your repository secrets, or configure Google Cloud Workload Identity Federation."
+            exit 1
+          fi
+
       - name: 'Run Gemini issue analysis'
         id: 'gemini_analysis'
         if: |-
@@ -65,6 +72,7 @@ jobs:
           ISSUE_TITLE: '${{ github.event.issue.title }}'
           ISSUE_BODY: '${{ github.event.issue.body }}'
           AVAILABLE_LABELS: '${{ steps.get_labels.outputs.available_labels }}'
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
         with:
           gcp_location: '${{ vars.GOOGLE_CLOUD_LOCATION }}'
           gcp_project_id: '${{ vars.GOOGLE_CLOUD_PROJECT }}'