feat: Add Gemini CLI workflows

[JeongJaeSoon]

• Add Gemini CLI workflow to interact with the repository.
• Add Gemini Issue Triage workflow to automatically triage issues.
• Add Gemini Scheduled Issue Triage workflow to periodically triage issues.
• Add Gemini PR Review workflow to automatically review pull requests.

Summary by CodeRabbit

• New Features
  • AI-assisted replies available via “@gemini-cli” on issues, PRs, and comments.
  • Automated pull request reviews, triggered by PR events, “/review” mentions, or manual dispatch.
  • Automated issue triage on new/reopened issues, via “/triage” mentions, or on an hourly schedule.
  • Progress updates and failure notifications posted directly to the relevant issue or PR.
• Chores
  • Added CI workflows to enable Gemini-powered assistance, triage, and reviews with appropriate permissions and concurrency safeguards.

[coderabbitai]

Walkthrough

Adds four new GitHub Actions workflows integrating Gemini CLI: a general CLI responder, automated issue triage, scheduled triage, and PR review. Each workflow sets permissions, concurrency, conditional triggers, and runs google-github-actions/run-gemini-cli with context extracted via gh CLI and optional GitHub App authentication.

Changes

Cohort / File(s)	Summary
Gemini CLI Orchestration .github/workflows/gemini-cli.yml	Introduces a workflow to handle @gemini-cli mentions across issues/PRs/comments, with conditional execution, token generation, repo checkout, context extraction, acknowledgment comments, and a comprehensive prompt for Gemini CLI execution.
Automated Issue Triage .../gemini-issue-automated-triage.yml	Adds on-demand/triggered issue triage using Gemini CLI; enforces permissions/concurrency, supports app token auth, and labels issues via gh commands per prompt rules with failure comment handling.
Scheduled Issue Triage .../gemini-issue-scheduled-triage.yml	Adds hourly triage workflow that discovers untriaged issues (no labels or status/needs-triage), deduplicates via jq, and applies labels using Gemini CLI with restricted tools and settings.
PR Review Automation .../gemini-pr-review.yml	Adds PR review workflow triggered by PR events, comments, reviews, or manual dispatch; gathers PR metadata and changed files via gh, runs Gemini CLI with structured prompt, and posts failure comments on errors.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant GitHub as GitHub Events
  participant GHA as GitHub Actions (Workflow)
  participant GH as GitHub API (gh)
  participant Gemini as Gemini CLI

  User->>GitHub: Open PR / Issue or comment @gemini-cli
  GitHub-->>GHA: Trigger workflow (conditional)
  GHA->>GH: Generate App token (optional)
  GHA->>GH: Fetch context (issue/PR details, comments)
  GHA->>GHA: Checkout repository/branch
  GHA->>Gemini: Run with prompt + context + settings
  Gemini-->>GH: Perform actions (comments/labels/edits)
  GHA-->>User: Acknowledge / post outputs (if configured)

Loading

sequenceDiagram
  autonumber
  participant Cron as Scheduler (cron)
  participant GHA as Scheduled Triage Workflow
  participant GH as GitHub API (gh)
  participant Gemini as Gemini CLI

  Cron->>GHA: Hourly trigger
  GHA->>GH: List untriaged issues (gh issue list)
  GHA->>GHA: Merge/dedupe issues via jq
  alt Issues found
    GHA->>Gemini: Run triage with ISSUES_TO_TRIAGE
    Gemini-->>GH: Apply labels / remove needs-triage
  else None
    GHA-->>GHA: Exit
  end

Loading

sequenceDiagram
  autonumber
  actor Reviewer
  participant GitHub as GitHub Events
  participant GHA as PR Review Workflow
  participant GH as GitHub API (gh)
  participant Gemini as Gemini CLI

  Reviewer->>GitHub: PR opened / @gemini-cli /review
  GitHub-->>GHA: Trigger workflow (guarded)
  GHA->>GH: Fetch PR metadata and changed files
  GHA->>Gemini: Run review with PR data + settings
  Gemini-->>GH: Post review comments/status
  GHA-->>Reviewer: Failure comment if errors

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

I twitch my ears at cron’s soft chime,
Hop into issues, right on time.
With nimble paws, I label, review—
A garden of PRs, freshly chewed.
Stars blink “approved” across the sky,
Gemini whispers; I hop by.
Thump-thump—automation, oh my! 🐇✨

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/gemini-cli-workflows

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[claude]

Claude finished @JeongJaeSoon's task —— View job

---

PR Review: Gemini CLI Workflows

I've completed my review of the 4 Gemini CLI workflow files. Here's my comprehensive feedback:

📋 Review Summary

This PR adds comprehensive Gemini CLI automation to the repository with 4 well-structured workflow files. The implementation covers interactive CLI functionality, automated issue triage, scheduled maintenance, and PR reviews. The workflows are generally well-designed but have several security and best practices concerns that should be addressed.

🔍 Security Concerns

🔴 Critical: Workflow File Modification Permissions

File: .github/workflows/gemini-cli.yml:24

• Issue: contents: 'write' permission allows the workflow to modify any file in the repository, including workflow files themselves
• Risk: This creates a potential security vulnerability where the AI could modify workflow files or other sensitive repository content
• Recommendation: Restrict to contents: 'read' unless file modification is absolutely necessary for the AI functionality

🟠 High: Broad Shell Command Access

Files: All workflow files

• Issue: Multiple workflows allow broad shell command execution through coreTools
• Risk: Commands like gh issue edit, gh pr diff, cat, head, tail, grep provide extensive repository access
• Recommendation: Consider implementing a more restrictive command whitelist and validate command parameters

🟡 Medium: Token Exposure in Environment

Files: All workflow files

• Issue: GitHub tokens are passed as environment variables which could be logged
• Recommendation: Consider using GitHub's built-in GITHUB_TOKEN when possible and ensure logs don't expose tokens

🔍 Best Practices Issues

🟡 Medium: Concurrency Group Inconsistencies

Files: Multiple workflows

• Issue: Different concurrency group patterns across workflows may cause conflicts:
  • gemini-cli.yml:15: Uses github.event.issue.number
  • gemini-pr-review.yml:25: Uses github.head_ref || github.ref
• Recommendation: Standardize concurrency group patterns and ensure they don't interfere with each other

🟡 Medium: Complex Conditional Logic

File: gemini-cli.yml:32-57, gemini-pr-review.yml:41-62

• Issue: Very complex if conditions that are difficult to read and maintain
• Recommendation: Consider breaking into multiple jobs or using a matrix strategy for better readability

🟡 Medium: Missing Error Handling

Files: Multiple workflows

• Issue: Limited error handling for shell commands and API calls
• Recommendation: Add proper error handling and fallback mechanisms

🟠 High: Resource Usage Concerns

File: gemini-issue-scheduled-triage.yml:5

• Issue: Scheduled to run every hour (0 * * * *) which may be excessive
• Risk: Could lead to API rate limiting and unnecessary resource consumption
• Recommendation: Consider reducing frequency to every 6-12 hours or daily

🔍 Code Quality Issues

🟢 Low: Hardcoded Values

Files: Multiple workflows

• Issue: Some hardcoded values like maxSessionTurns could be configurable
• Recommendation: Consider using repository variables for these settings

🟢 Low: Documentation

• Issue: Workflows lack inline comments explaining complex logic
• Recommendation: Add comments to explain the purpose of complex conditional statements

🟡 Medium: Action Version Pinning

Files: All workflows

• Issue: Some actions use full commit hashes (good) while others use version tags
• Current: Mix of @v4 and commit hashes like @11bd71901bbe5b1630ceea73d27597364c9af683
• Recommendation: Consistently use commit hashes for better security

🔍 Performance Considerations

🟡 Medium: Timeout Settings

Files: Various workflows

• Issue: Different timeout values (5, 10 minutes) may not be optimized
• Recommendation: Review and standardize timeout values based on actual usage patterns

🟢 Low: Unnecessary Checkouts

File: gemini-issue-automated-triage.yml:46

• Issue: Full repository checkout may be unnecessary for triage operations
• Recommendation: Consider if checkout is needed or if it can be optimized

🔍 Positive Aspects

• Well-structured: Clear separation of concerns across different workflow files
• Comprehensive: Covers multiple use cases (CLI, triage, PR review)
• Security-conscious: Uses GitHub App tokens when available
• Flexible: Supports both manual and automated triggers
• Error reporting: Includes failure notification mechanisms

🔍 Test Coverage Considerations

• Missing: No test workflows for validating these GitHub Actions
• Recommendation: Consider adding test workflows or documentation on how to test these workflows safely

📝 Final Recommendations

1. Immediate: Address the critical security concern about contents: 'write' permissions
2. High Priority: Review and reduce the scheduled triage frequency
3. Medium Priority: Simplify complex conditional logic and standardize patterns
4. Low Priority: Add documentation and consider making hardcoded values configurable

The workflows are well-implemented overall but should address the security concerns before merging.

---

[github-actions]

There is a problem with the Gemini CLI PR review. Please check the action logs for details.

[coderabbitai]

Actionable comments posted: 9

🧹 Nitpick comments (4)

.github/workflows/gemini-issue-automated-triage.yml (1)

103-106: Typo in prompt ("accoridng").

Minor typo; polish improves trust.

-               cleanup, etc) and their priority (p0, p1, p2, p3). Set the
-               labels accoridng to the format `kind/*` and `priority/*` patterns.
+               cleanup, etc) and their priority (p0, p1, p2, p3). Set the
+               labels according to the format `kind/*` and `priority/*` patterns.

.github/workflows/gemini-cli.yml (1)

135-142: Remove unused env var (REQUEST_TYPE).

REQUEST_TYPE isn’t set anywhere; drop to reduce confusion.

       env:
         GITHUB_ACTOR: '${{ github.actor }}'
         GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
         ISSUE_NUMBER: '${{ steps.get_context.outputs.issue_number }}'
         REPOSITORY: '${{ github.repository }}'
-        REQUEST_TYPE: '${{ steps.get_context.outputs.request_type }}'

.github/workflows/gemini-issue-scheduled-triage.yml (1)

66-73: Optional: cap batch size to avoid timeouts.

If many issues are found, triage can exceed 5 minutes. Consider triaging a fixed-size batch per run.

Example change (limit to first 25 issues):

-          ISSUES="$(echo "${NO_LABEL_ISSUES}" "${NEED_TRIAGE_ISSUES}" | jq -c -s 'add | unique_by(.number)')"
+          ISSUES="$(echo "${NO_LABEL_ISSUES}" "${NEED_TRIAGE_ISSUES}" | jq -c -s 'add | unique_by(.number) | .[:25]')"

Also applies to: 84-97

.github/workflows/gemini-pr-review.yml (1)

63-65: Optional: increase timeout.

PR reviews that spin a container and fetch patches often exceed 5 minutes. Consider 10–15 minutes.

-    timeout-minutes: 5
+    timeout-minutes: 15

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 10c60d3 and e5f3796.

📒 Files selected for processing (4)

• .github/workflows/gemini-cli.yml (1 hunks)
• .github/workflows/gemini-issue-automated-triage.yml (1 hunks)
• .github/workflows/gemini-issue-scheduled-triage.yml (1 hunks)
• .github/workflows/gemini-pr-review.yml (1 hunks)

🔇 Additional comments (1)

.github/workflows/gemini-pr-review.yml (1)

160-184: Verify MCP env interpolation to Docker.

The MCP server is started via docker and expects GITHUB_PERSONAL_ACCESS_TOKEN to be passed. Confirm that settings.mcpServers.env values are exported to the docker process so that -e GITHUB_PERSONAL_ACCESS_TOKEN picks it up; some runners don’t interpolate ${GITHUB_TOKEN} inside JSON strings.

Would you like me to add a small probe (that does not print the token) to validate presence inside the container, or refactor to pass the token directly via args using an explicit value expansion?

Also applies to: 200-205

[coderabbitai]

🛠️ Refactor suggestion

Workflow is missing triggers referenced in job condition.

The job if-condition handles workflow_dispatch and issues events, but the workflow doesn’t declare these triggers. Add them or drop the dead condition branch.

 on:
   pull_request_review_comment:
     types:
       - 'created'
   pull_request_review:
     types:
       - 'submitted'
   issue_comment:
     types:
       - 'created'
+  issues:
+    types:
+      - 'opened'
+  workflow_dispatch:

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	on:
	pull_request_review_comment:
	types:
	- 'created'
	pull_request_review:
	types:
	- 'submitted'
	issue_comment:
	types:
	- 'created'
	on:
	pull_request_review_comment:
	types:
	- 'created'
	pull_request_review:
	types:
	- 'submitted'
	issue_comment:
	types:
	- 'created'
	issues:
	types:
	- 'opened'
	workflow_dispatch:

🤖 Prompt for AI Agents

In .github/workflows/gemini-cli.yml around lines 3 to 13 the workflow declares
pull_request_review_comment, pull_request_review, and issue_comment triggers but
the job's if-condition also checks for workflow_dispatch and issues events which
are not declared; either add the missing triggers or remove the dead branch:
update the on: section to include workflow_dispatch and issues (with the
appropriate types if needed) so the job condition can be true, or simplify the
job if-condition to only reference events declared in this file.

[coderabbitai]

🛠️ Refactor suggestion

Concurrency group/cancel logic references fields not present for all events.

github.event.issue.number and github.event.issue.author_association are undefined for review events. Add safe fallbacks.

 concurrency:
-  group: '${{ github.workflow }}-${{ github.event.issue.number }}'
-  cancel-in-progress: |-
-    ${{ github.event.sender.type == 'User' && ( github.event.issue.author_association == 'OWNER' || github.event.issue.author_association == 'MEMBER' || github.event.issue.author_association == 'COLLABORATOR') }}
+  group: '${{ github.workflow }}-${{ github.event.issue.number || github.event.pull_request.number || github.run_id }}'
+  cancel-in-progress: >-
+    ${{ github.event.sender.type == 'User' &&
+        contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'),
+          (github.event.issue.author_association ||
+           github.event.comment.author_association ||
+           github.event.review.author_association || '')) }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	concurrency:
	group: '${{ github.workflow }}-${{ github.event.issue.number }}'
	cancel-in-progress: |-
	${{ github.event.sender.type == 'User' && ( github.event.issue.author_association == 'OWNER' || github.event.issue.author_association == 'MEMBER' || github.event.issue.author_association == 'COLLABORATOR') }}
	concurrency:
	group: '${{ github.workflow }}-${{ github.event.issue.number || github.event.pull_request.number || github.run_id }}'
	cancel-in-progress: >-
	${{ github.event.sender.type == 'User' &&
	contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'),
	(github.event.issue.author_association ||
	github.event.comment.author_association ||
	github.event.review.author_association || '')) }}

🤖 Prompt for AI Agents

In .github/workflows/gemini-cli.yml around lines 14 to 18, the concurrency group
and cancel-in-progress expressions assume github.event.issue exists (using
github.event.issue.number and github.event.issue.author_association) which
breaks for review/pull_request events; update the expressions to safely fall
back by using a ternary/OR chain for the group (e.g. use
github.event.issue.number || github.event.pull_request.number || github.run_id)
and guard the cancel-in-progress checks so you only evaluate author_association
when issue or pull_request is present (e.g. check github.event.issue or
github.event.pull_request exists before referencing their author_association),
ensuring undefined fields are not accessed.

[coderabbitai]

🛠️ Refactor suggestion

Harden output writing for potential newlines in user_request.

Bodies can contain newlines; write outputs using multiline heredoc to avoid truncation.

-          {
-            echo "user_request=${USER_REQUEST}"
-            echo "issue_number=${ISSUE_NUMBER}"
-            echo "is_pr=${IS_PR}"
-          } >> "${GITHUB_OUTPUT}"
+          {
+            echo "user_request<<EOF"
+            echo "${USER_REQUEST}"
+            echo "EOF"
+            echo "issue_number=${ISSUE_NUMBER}"
+            echo "is_pr=${IS_PR}"
+          } >> "${GITHUB_OUTPUT}"

🤖 Prompt for AI Agents

.github/workflows/gemini-cli.yml around lines 102 to 110: the current echo-based
write to GITHUB_OUTPUT will truncate or mangle USER_REQUEST if it contains
newlines; replace the echo block with a single append using a multiline heredoc
to safely emit user_request (preserving newlines) and the other fields into
GITHUB_OUTPUT — write user_request using a unique marker/quoted heredoc so the
variable contents are preserved, then append issue_number and is_pr in the same
heredoc, and ensure proper EOF markers and >> redirection to "${GITHUB_OUTPUT}".

[coderabbitai]

🛠️ Refactor suggestion

Fix concurrency group for non-issue triggers (workflow_dispatch).

Referencing github.event.issue.number fails for workflow_dispatch (no issue in payload), collapsing runs into the same group or erroring. Use a safe fallback.

-concurrency:
-  group: '${{ github.workflow }}-${{ github.event.issue.number }}'
-  cancel-in-progress: true
+concurrency:
+  group: '${{ github.workflow }}-${{ github.event.issue.number || github.event.inputs.issue_number || github.run_id }}'
+  cancel-in-progress: true

🤖 Prompt for AI Agents

In .github/workflows/gemini-issue-automated-triage.yml around lines 18 to 21,
the concurrency group uses github.event.issue.number which is undefined for
workflow_dispatch runs and causes grouping collisions or errors; change the
expression to provide a safe fallback (for example use github.run_id) so
non-issue triggers work correctly, e.g. replace the group with an expression
that falls back to github.run_id when issue.number is absent: ${{
github.workflow }}-${{ github.event.issue.number || github.run_id }}.

[coderabbitai]

⚠️ Potential issue

ISSUE_NUMBER is empty under workflow_dispatch.

The triage step relies on ISSUE_NUMBER, but for workflow_dispatch there is no github.event.issue.number. Provide a fallback to the input.

       env:
         GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
         ISSUE_TITLE: '${{ github.event.issue.title }}'
         ISSUE_BODY: '${{ github.event.issue.body }}'
-        ISSUE_NUMBER: '${{ github.event.issue.number }}'
+        ISSUE_NUMBER: '${{ github.event.issue.number || github.event.inputs.issue_number }}'
         REPOSITORY: '${{ github.repository }}'

Also applies to: 68-76

🤖 Prompt for AI Agents

In .github/workflows/gemini-issue-automated-triage.yml around lines 61-67 (and
similarly lines 68-76), ISSUE_NUMBER is set from github.event.issue.number which
is empty for workflow_dispatch; update the env assignment to fallback to an
input (e.g. inputs.issue_number) when github.event.issue.number is undefined by
using the expressions operator (or equivalent) to prefer
github.event.issue.number and fall back to the workflow input, and apply the
same fallback for any other ISSUE_* variables that may be missing under
workflow_dispatch so the triage step has a valid ISSUE_NUMBER.

[coderabbitai]

⚠️ Potential issue

Don’t override GITHUB_OUTPUT; it’s provided by the runner.

Setting GITHUB_OUTPUT to an invalid context breaks step outputs. Remove this env entry.

       env:
         GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
         GITHUB_REPOSITORY: '${{ github.repository }}'
-        GITHUB_OUTPUT: '${{ github.output }}'

🤖 Prompt for AI Agents

In .github/workflows/gemini-issue-scheduled-triage.yml around lines 42 to 47,
the workflow sets GITHUB_OUTPUT in env which overrides the runner-provided
variable and can break step outputs; remove the GITHUB_OUTPUT env entry so the
runner supplies it natively and keep only the needed env entries (GITHUB_TOKEN
and GITHUB_REPOSITORY) or any other custom vars that don’t conflict with
runner-provided names.

[coderabbitai]

🛠️ Refactor suggestion

Make concurrency grouping resilient across all triggers.

Use a reliable key when head_ref/ref may be empty (e.g., review_comment events). Fall back to PR/issue number or run_id.

 concurrency:
-  group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}'
+  group: '${{ github.workflow }}-${{ github.event.pull_request.number || github.event.issue.number || github.head_ref || github.ref || github.run_id }}'
   cancel-in-progress: true

🤖 Prompt for AI Agents

In .github/workflows/gemini-pr-review.yml around lines 24 to 27, the concurrency
group currently uses head_ref/ref which can be empty for some triggers; update
the concurrency.group to fall back to a stable identifier so grouping is
resilient across events — use head_ref then ref, then
github.event.pull_request.number, then github.event.issue.number, and finally
github.run_id as the last resort; keep cancel-in-progress: true.

[coderabbitai]

⚠️ Potential issue

Missing PR context for pull_request_review(_comment) events.

For review/review_comment events, neither get_pr nor get_pr_comment runs, leaving PR_NUMBER/PR_DATA/CHANGED_FILES empty. Add a step to populate outputs for these events.

       - name: 'Get PR details (issue_comment)'
         id: 'get_pr_comment'
         if: |-
           ${{ github.event_name == 'issue_comment' }}
         env:
@@
           } >> "${GITHUB_OUTPUT}"
 
+      - name: 'Get PR details (pull_request_review & pull_request_review_comment)'
+        id: 'get_pr_review'
+        if: |-
+          ${{ github.event_name == 'pull_request_review' || github.event_name == 'pull_request_review_comment' }}
+        env:
+          GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
+          EVENT_NAME: '${{ github.event_name }}'
+          PR_NUMBER: '${{ github.event.pull_request.number }}'
+          COMMENT_BODY: '${{ github.event.comment.body }}'
+          REVIEW_BODY: '${{ github.event.review.body }}'
+        run: |-
+          set -euo pipefail
+          echo "pr_number=${PR_NUMBER}" >> "${GITHUB_OUTPUT}"
+          # Extract additional instructions from the review/comment body
+          BODY_SRC="${COMMENT_BODY}"
+          if [[ "${EVENT_NAME}" = "pull_request_review" ]]; then
+            BODY_SRC="${REVIEW_BODY}"
+          fi
+          ADDITIONAL_INSTRUCTIONS="$(echo "${BODY_SRC}" | sed 's/.*@gemini-cli \/review//' | xargs)"
+          echo "additional_instructions=${ADDITIONAL_INSTRUCTIONS}" >> "${GITHUB_OUTPUT}"
+          # Get PR details
+          PR_DATA="$(gh pr view "${PR_NUMBER}" --json title,body,additions,deletions,changedFiles,baseRefName,headRefName)"
+          echo "pr_data=${PR_DATA}" >> "${GITHUB_OUTPUT}"
+          # Get file changes
+          CHANGED_FILES="$(gh pr diff "${PR_NUMBER}" --name-only)"
+          {
+            echo "changed_files<<EOF"
+            echo "${CHANGED_FILES}"
+            echo "EOF"
+          } >> "${GITHUB_OUTPUT}"
 
       - name: 'Run Gemini PR Review'
         uses: 'google-github-actions/run-gemini-cli@v0'
         id: 'gemini_pr_review'
         env:
           GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
-          PR_NUMBER: '${{ steps.get_pr.outputs.pr_number || steps.get_pr_comment.outputs.pr_number }}'
-          PR_DATA: '${{ steps.get_pr.outputs.pr_data || steps.get_pr_comment.outputs.pr_data }}'
-          CHANGED_FILES: '${{ steps.get_pr.outputs.changed_files || steps.get_pr_comment.outputs.changed_files }}'
-          ADDITIONAL_INSTRUCTIONS: '${{ steps.get_pr.outputs.additional_instructions || steps.get_pr_comment.outputs.additional_instructions }}'
+          PR_NUMBER: '${{ steps.get_pr.outputs.pr_number || steps.get_pr_comment.outputs.pr_number || steps.get_pr_review.outputs.pr_number }}'
+          PR_DATA: '${{ steps.get_pr.outputs.pr_data || steps.get_pr_comment.outputs.pr_data || steps.get_pr_review.outputs.pr_data }}'
+          CHANGED_FILES: '${{ steps.get_pr.outputs.changed_files || steps.get_pr_comment.outputs.changed_files || steps.get_pr_review.outputs.changed_files }}'
+          ADDITIONAL_INSTRUCTIONS: '${{ steps.get_pr.outputs.additional_instructions || steps.get_pr_comment.outputs.additional_instructions || steps.get_pr_review.outputs.additional_instructions }}'

Also applies to: 143-146

🤖 Prompt for AI Agents

.github/workflows/gemini-pr-review.yml around lines 112-116 (and similarly
143-146): the workflow currently only sets PR outputs for issue_comment and
pull_request events, so pull_request_review and pull_request_review_comment
events leave PR_NUMBER/PR_DATA/CHANGED_FILES empty; add a step that runs for
pull_request_review and pull_request_review_comment events which derives the PR
number from the event payload (e.g. github.event.pull_request.number or
github.event.pull_request_review.pull_request.number as appropriate), calls the
GitHub REST API to fetch the PR data and list changed files (same logic as
get_pr/get_pr_comment), and sets the same outputs (PR_NUMBER, PR_DATA,
CHANGED_FILES) so subsequent steps can rely on those variables.

[coderabbitai]

🛠️ Refactor suggestion

Ensure failure-comment resolves PR number for all events.

Add fallback to github.event.pull_request.number so the comment posts for review/review_comment events.

           script: |-
             github.rest.issues.createComment({
               owner: '${{ github.repository }}'.split('/')[0],
               repo: '${{ github.repository }}'.split('/')[1],
-              issue_number: '${{ steps.get_pr.outputs.pr_number || steps.get_pr_comment.outputs.pr_number }}',
+              issue_number: '${{ steps.get_pr.outputs.pr_number || steps.get_pr_comment.outputs.pr_number || github.event.pull_request.number }}',
               body: 'There is a problem with the Gemini CLI PR review. Please check the [action logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.'
             })

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: 'Post PR review failure comment'
	if: |-
	${{ failure() && steps.gemini_pr_review.outcome == 'failure' }}
	uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea'
	with:
	github-token: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
	script: |-
	github.rest.issues.createComment({
	owner: '${{ github.repository }}'.split('/')[0],
	repo: '${{ github.repository }}'.split('/')[1],
	issue_number: '${{ steps.get_pr.outputs.pr_number || steps.get_pr_comment.outputs.pr_number }}',
	body: 'There is a problem with the Gemini CLI PR review. Please check the [action logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.'
	})
	- name: 'Post PR review failure comment'
	if: |-
	${{ failure() && steps.gemini_pr_review.outcome == 'failure' }}
	uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea'
	with:
	github-token: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
	script: |-
	github.rest.issues.createComment({
	owner: '${{ github.repository }}'.split('/')[0],
	repo: '${{ github.repository }}'.split('/')[1],
	issue_number: '${{ steps.get_pr.outputs.pr_number || steps.get_pr_comment.outputs.pr_number || github.event.pull_request.number }}',
	body: 'There is a problem with the Gemini CLI PR review. Please check the [action logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.'
	})

🤖 Prompt for AI Agents

.github/workflows/gemini-pr-review.yml around lines 444 to 456: the current
createComment call only falls back to steps.get_pr.outputs.pr_number or
steps.get_pr_comment.outputs.pr_number and can miss events like
review/review_comment; update the issue_number expression to also fall back to
github.event.pull_request.number (e.g. use steps.get_pr.outputs.pr_number ||
steps.get_pr_comment.outputs.pr_number || github.event.pull_request.number) so
the comment can be posted for review/review_comment events; keep the rest of the
call unchanged and ensure the templated string uses the same interpolation style
as the other fields.