Skip to content

run-gemini-cli does not inherit authentication from google-github-actions/auth #455

New issue
New issue
Open
Open
run-gemini-cli does not inherit authentication from google-github-actions/auth#455
Labels
area/authgithub_actionskind/bugSomething isn't workingpriority/p1Important and should be addressed in the near termstatus/gemini-cli-fix
@aoogane

Description

@aoogane
aoogane
opened on Feb 3, 2026

Summary

When using google-github-actions/auth@v3 with credentials_json before run-gemini-cli@v0, the action does not inherit the authentication and emits the following warning:

No authentication method provided. Please provide one of 'gemini_api_key', 'google_api_key', or 'gcp_workload_identity_provider'.

Even though the GOOGLE_APPLICATION_CREDENTIALS environment variable is correctly set by the auth action, run-gemini-cli does not recognize it and requires explicit authentication parameters.

Expected Behavior

The action should recognize authentication established by google-github-actions/auth@v3, similar to how other Google GitHub Actions work (e.g., google-github-actions/deploy-cloudrun).

Observed Behavior

  1. The action emits "No authentication method provided" warning
  2. Gemini CLI fails to authenticate with Vertex AI
  3. The gh CLI commands within Gemini sandbox also fail to authenticate (even with GH_TOKEN env var and sandbox: false)

Workflow Configuration

- name: Authenticate to Google Cloud
  uses: google-github-actions/auth@v3
  with:
    credentials_json: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_POC }}
    create_credentials_file: true

- name: Automatic PR Review with Gemini
  uses: google-github-actions/run-gemini-cli@v0
  with:
    use_vertex_ai: true
    gcp_project_id: 'my-project'
    gcp_location: 'global'
    gemini_debug: true
    settings: |
      {
        "model": "gemini-3-pro-preview",
        "sandbox": false
      }
    prompt: |
      Review this PR...
  env:
    GH_TOKEN: ${{ secrets.GH_PAT }}

Logs

The environment shows auth was successful:

GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/.../gha-creds-xxx.json
CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/.../gha-creds-xxx.json

But the action still warns about missing authentication.

Workaround

Currently, users must either:

  1. Use gcp_workload_identity_provider parameter (requires WIF setup)
  2. Pin to an older version (e.g., @v0.1.17)

Environment

  • Action version: v0.1.19 / v0.1.20
  • Runner: ubuntu-latest
  • Auth action: google-github-actions/auth@v3

Impact

This is a breaking change for users who were previously using credentials_json with the auth action. The action should either:

  1. Recognize GOOGLE_APPLICATION_CREDENTIALS environment variable
  2. Document that gcp_workload_identity_provider is now required

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/authgithub_actionskind/bugSomething isn't workingpriority/p1Important and should be addressed in the near termstatus/gemini-cli-fix

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions