Skip to content

ci: Add Gemini conflict resolution to cherry-pick#9275

Open
oxve wants to merge 2 commits intoyoutube:mainfrom
oxve:llmerge-conflicts
Open

ci: Add Gemini conflict resolution to cherry-pick#9275
oxve wants to merge 2 commits intoyoutube:mainfrom
oxve:llmerge-conflicts

Conversation

@oxve
Copy link
Contributor

@oxve oxve commented Feb 26, 2026

This change integrates the Gemini API into the cherry-pick workflow to
automatically resolve merge conflicts. When a cherry-pick fails, the
gemini-cli action is invoked to attempt to resolve any conflicts.
This reduces manual intervention for routine cherry-picks.

Bug: 488071229

@github-actions
Copy link
Contributor

🤖 Gemini Suggested Commit Message


ci: Add Gemini conflict resolution to cherry-pick

This change integrates the Gemini API into the cherry-pick workflow.
When a cherry-pick operation encounters merge conflicts, a Python
script is now automatically invoked. This script utilizes Gemini
2.0 Flash to analyze the conflict markers and generate a resolution
for the conflicting files. This automation helps to reduce manual
intervention required for routine cherry-picks, improving the
efficiency of the workflow.

Bug: 488071229

💡 Pro Tips for a Better Commit Message:

  1. Influence the Result: Want to change the output? You can write custom prompts or instructions directly in the Pull Request description. The model uses that text to generate the message.
  2. Re-run the Generator: Post a comment with: /generate-commit-message

Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a Python script to automatically resolve merge conflicts using the Gemini API, which is an innovative approach to automating a common developer task. However, it introduces significant security risks. The primary concern is the automatic staging of LLM-generated code without validation, which, when combined with prompt injection vulnerabilities, could lead to malicious code being committed. Additionally, the script leaks the Gemini API key into CI/CD logs if the API request fails. Recommendations include removing the automatic git add step, passing the API key via headers, and improving the script's readability and maintainability by using native Python libraries for HTTP requests.

cherry_pick:
runs-on: ubuntu-latest
permissions:
contents: write

Check failure

Code scanning / Scorecard

Token-Permissions High

score is 0: jobLevel 'contents' permission set to 'write'
Remediation tip: Visit https://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help
This change integrates the Gemini API into the cherry-pick workflow to
automatically resolve merge conflicts. When a cherry-pick fails, the
gemini-cli action is invoked to attempt to resolve any conflicts.
This reduces manual intervention for routine cherry-picks.

Bug: 488071229
@oxve oxve force-pushed the llmerge-conflicts branch from 0cf2a2f to 92a4df7 Compare February 26, 2026 21:56
@youtube youtube deleted a comment from gemini-code-assist bot Feb 26, 2026
@youtube youtube deleted a comment from gemini-code-assist bot Feb 26, 2026
@youtube youtube deleted a comment from gemini-code-assist bot Feb 26, 2026
@youtube youtube deleted a comment from gemini-code-assist bot Feb 26, 2026
@oxve
Copy link
Contributor Author

oxve commented Feb 26, 2026

/gemini review


- name: Resolve Merge Conflicts with Gemini CLI
if: steps.cherry-pick.outputs.conflicts != ''
uses: google-github-actions/run-gemini-cli@v0

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 0: third-party GitHubAction not pinned by hash
Click Remediation section below to solve this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant