feat: add auth input validation #289
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
🤖 Hi @jerop, I've received your request, and I'm working on it now! You can track my progress in the logs for more details. |
There was a problem hiding this comment.
📋 Review Summary
The pull request introduces a validation script to check the authentication inputs, which is a great addition to improve the action's robustness and user experience. The script is well-structured and covers all the necessary validation cases.
🔍 General Feedback
- I have provided a few minor suggestions to improve the script's style and adherence to shell scripting best practices.
- Overall, this is a great contribution that will help users avoid common configuration errors.
7600234 to
2a17056
Compare
Adds a validation step to the action to ensure that authentication inputs are configured correctly. This prevents common misconfigurations and improves security. The validation is performed by a new script, `scripts/validate-inputs.sh`, which is called as the first step in the action. Key changes: - A new `validate-inputs.sh` script is added to check authentication configuration. - The `action.yml` is updated to call this script. - Follows principle of least privilege by using boolean flags to indicate whether inputs are set. - The validation enforces that exactly one authentication method is used, providing clear error messages to the user if the configuration is invalid. This makes the action more robust, secure, and easier to debug.
2a17056 to
5544b34
Compare
Contributor
Author
|
@gemini-cli /review |
|
🤖 Hi @jerop, I've received your request, and I'm working on it now! You can track my progress in the logs for more details. |
There was a problem hiding this comment.
📋 Review Summary
This pull request introduces a robust validation step for authentication inputs, significantly improving the action's security and usability. By adding the scripts/validate-inputs.sh script, the action now provides clear, early feedback on misconfigurations, preventing common user errors.
🔍 General Feedback
- The use of a dedicated script for validation is a clean approach that keeps the
action.ymlfile tidy. - The error messages are clear and will help users to debug their workflows more easily.
- The logic in the script correctly handles the different authentication methods and their requirements.
galz10
approved these changes
Sep 17, 2025
Contributor
leehagoodjames
left a comment
There was a problem hiding this comment.
This looks good.
It is unclear if all of these are examples of failing fast, or if some of these checks will cause existing user's workflows - which are WAI but configured in a way that would fail this validation - to suddenly start failing.
Merged
google-github-actions-bot
added a commit
that referenced
this pull request
Oct 9, 2025
## What's Changed * chore: script to generate examples by @leehagoodjames in #244 * chore: update readme to state user must copy gemini-dispatch.yml by @leehagoodjames in #249 * Relax node requirement and bump actions-utils by @sethvargo in #253 * feat: support /fix slash command and workflow by @leehagoodjames in #190 * feat(docs): improve manual setup instructions for workflows by @jerop in #263 * feat: improve action input descriptions by @jerop in #264 * fix: enforce COMMENT event type for submit_pending_pull_request_review by @jerop in #271 * docs: add fork support documentation for PR review workflow by @jerop in #268 * feat(action): add support for preview and nightly versions by @jerop in #281 * feat(workflows): add gemini_cli_version to all workflows by @jerop in #279 * feat: migrate to new Gemini CLI configuration format by @jerop in #284 * feat: clean up temp fix for empty API key by @jerop in #285 * Sort inputs alphabetically in action.yml by @jerop in #286 * chore: organize workflow inputs alphabetically and add missing parameters by @jerop in #288 * feat: add auth input validation by @jerop in #289 * fix(action): correct quoting in workflow expressions by @jerop in #293 * fix(validation): improve validation error messages by @jerop in #297 * fix(validate-inputs): surface errors in logs, annotation, and step summary by @jerop in #299 * feat(validate-inputs): downgrade validation failures to warnings by @jerop in #300 * fix(validate-inputs): use env-based bash shebang for portability by @jerop in #303 * feat: simplify input validation logic by @jerop in #304 * fix(action): correct input validation script behavior by @jerop in #309 * feat: add command substitution security warning by @jerop in #306 * fix(triage): correct duplicate step numbering in workflow by @aladh in #331 * feat: Optionally install extensions by @CallumHYoung in #329 * docs(extensions): add documentation for extensions by @jerop in #340 * chore(workflows): Apply formatting and fix example prompt by @jerop in #339 * refactor(workflows): improve prompts to use env vars directly by @jerop in #342 * fix(review): Remove --source argument to match CLI 8.0 release by @CallumHYoung in #347 ## New Contributors * @aladh made their first contribution in #331 * @CallumHYoung made their first contribution in #329 **Full Changelog**: v0.1.12...v0.1.13
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a validation step to the action to ensure that authentication inputs are configured correctly. This prevents common misconfigurations and improves security.
The validation is performed by a new script,
scripts/validate-inputs.sh, which is called as the first step in the action.Key changes:
validate-inputs.shscript is added to check authentication configuration.action.ymlis updated to call this script.Fixes #257 #258