Fix quoting when echoing workflow JSON

[adamfweidman]

TLDR

Load each toJSON(...) payload into an env var before echoing so the shell never reparses the JSON and handles any quotes safely.

Dive Deeper

• Previously we did echo "${{ toJSON(...) }}", so once GitHub rendered the step the raw JSON (with double quotes, semicolons, etc.) hit bash unescaped and could break the script.
• Each step now exports the JSON via env: JSON_INPUTS: ${{ toJSON(...) }} and then runs echo "$JSON_INPUTS", which keeps the value intact regardless of single or double quotes.

Example:

• Passes with chore/release: bump version to 0.9.0-nightly.20251003.93c7378d at nightly release.
• Fails with "pr-title": "chore(release): bump version to 0.8.0-nightly.20251006.327d4711" at nightly-release

Reviewer Test Plan

Passing Nightly Release: https://github.com/google-gemini/gemini-cli/actions/runs/18287811721

Testing Matrix

	🍏	🪟	🐧
npm run	x	❓	❓
npx	❓	❓	❓
Docker	❓	❓	❓
Podman	❓	-	-
Seatbelt	❓	-	-

[gemini-code-assist]

Summary of Changes

Hello @adamfweidman, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a critical issue in GitHub Actions workflows where the direct echoing of toJSON output could lead to shell syntax errors if the JSON contained specific metacharacters. The fix involves updating the echo commands to properly quote the JSON string using single quotes within multiline run blocks. This ensures that the JSON content is passed to the shell exactly as intended, preventing unexpected failures and making the affected workflows more stable and reliable when handling diverse JSON payloads.

Highlights

• Fixing Shell Metacharacter Issues: Addressed a bug where GitHub Actions workflows would fail when JSON output from toJSON contained shell metacharacters (e.g., (, ;) due to improper quoting during echo operations.
• Improved JSON Quoting: Modified echo statements across multiple workflow files to use single quotes (') around the toJSON expression and implemented multiline run blocks. This ensures the JSON payload is emitted verbatim to the shell, preventing syntax errors.
• Enhanced Workflow Robustness: The changes improve the overall reliability and robustness of GitHub Actions workflows that process JSON data, making them resilient to special characters within the JSON content.

Ignored Files

• Ignored by pattern: .github/workflows/** (4)
  • .github/workflows/release-manual.yml
  • .github/workflows/release-nightly.yml
  • .github/workflows/release-patch-3-release.yml
  • .github/workflows/release-promote.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: -2 B (0%)

Total Size: 17.6 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	17.5 MB	-2 B (0%)
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	830 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request aims to fix an issue with shell metacharacters in JSON strings within GitHub Actions workflows. The approach of switching from double to single quotes is a good step, but it's not fully robust as it fails if the JSON content includes a single quote. I've left comments on all affected files with a more robust solution using an environment variable. This is a critical fix to ensure the workflows are stable.

[richieforeman]

PR Metacomment: Most of these things were added as debugging artifacts, which we realistically don't need in PROD. Consider just killing/removing these?

[richieforeman]

LG