Google Gemini Code Review Skill

Load with: base.md + code-review.md

Use Google's Gemini CLI for code review with Gemini 2.5 Pro - featuring a massive 1M token context window that can analyze entire repositories at once.

Sources: Gemini CLI | Code Review Extension | Gemini Code Assist | GitHub Action

Why Gemini for Code Review?

Benchmark Performance

Installation

Prerequisites

# Check Node.js version (requires 20+)
node --version

# Install Node.js 20 if needed
# macOS
brew install node@20

# Or via nvm
nvm install 20
nvm use 20

Install Gemini CLI

# Via npm (recommended)
npm install -g @google/gemini-cli

# Via Homebrew (macOS)
brew install gemini-cli

# Or run without installing
npx @google/gemini-cli

# Verify installation
gemini --version

Install Code Review Extension

# Requires Gemini CLI v0.4.0+
gemini extensions install https://github.com/gemini-cli-extensions/code-review

# Verify extension
gemini extensions list

Authentication

Option 1: Google Account (Recommended)

Free tier: 1,000 requests/day, 60 requests/min

# Run gemini and follow browser login
gemini

# Select: "Login with Google Account"
# Opens browser for OAuth

This gives you access to Gemini 2.5 Pro with the full 1M token context window.

Option 2: Gemini API Key

Free tier: 100 requests/day

# Get API key from https://aistudio.google.com/apikey

# Set environment variable
export GEMINI_API_KEY="your-api-key"

# Or add to shell profile
echo 'export GEMINI_API_KEY="your-api-key"' >> ~/.zshrc

# Run Gemini
gemini

Option 3: Vertex AI (Enterprise)

# For Google Cloud projects
export GOOGLE_API_KEY="your-api-key"
export GOOGLE_GENAI_USE_VERTEXAI=true
export GOOGLE_CLOUD_PROJECT="your-project-id"

gemini

Interactive Code Review

Using the Code Review Extension

# Start Gemini CLI
gemini

# Run code review on current branch
/code-review

The extension analyzes:

• Code changes on your current branch
• Identifies quality issues
• Suggests fixes

Manual Review Prompts

# In interactive mode
gemini

# Then ask:
> Review the changes in this branch for bugs and security issues
> Analyze src/api/users.ts for potential vulnerabilities
> What are the code quality issues in the last 3 commits?

Headless Mode (Automation)

Basic Usage

# Simple prompt execution
gemini -p "Review the code changes for bugs and security issues"

# With JSON output (for parsing)
gemini -p "Review the changes" --output-format json

# Stream JSON events (real-time)
gemini -p "Review and fix issues" --output-format stream-json

# Specify model
gemini -m gemini-2.5-pro -p "Deep code review of this PR"

Full CI/CD Example

# Get diff and review
git diff origin/main...HEAD > diff.txt

gemini -p "Review this code diff for:
1. Security vulnerabilities
2. Performance issues
3. Code quality problems
4. Missing error handling

Diff:
$(cat diff.txt)
" --output-format json > review.json

Session Tracking

# Track token usage and costs
gemini -p "Review changes" --session-summary metrics.json

# View metrics
cat metrics.json

GitHub Integration

Option 1: Gemini Code Assist App (Easiest)

Install from GitHub Marketplace:

1. Go to GitHub Marketplace → Gemini Code Assist
2. Click "Install" and select repositories
3. PRs automatically get reviewed when opened

Commands in PR comments:

/gemini review     # Request code review
/gemini summary    # Get PR summary
/gemini help       # Show available commands

Quota:

• Free: 33 PRs/day
• Enterprise: 100+ PRs/day

Option 2: GitHub Action

# .github/workflows/gemini-review.yml
name: Gemini Code Review

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Install Gemini CLI
        run: npm install -g @google/gemini-cli

      - name: Run Review
        env:
          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
        run: |
          # Get diff
          git diff origin/${{ github.base_ref }}...HEAD > diff.txt

          # Run Gemini review
          gemini -p "Review this pull request diff for bugs, security issues, and code quality problems. Be specific about file names and line numbers.

          $(cat diff.txt)" > review.md

      - name: Post Review Comment
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const review = fs.readFileSync('review.md', 'utf8');
            github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: `## 🤖 Gemini Code Review\n\n${review}`
            });

Option 3: Official GitHub Action

# .github/workflows/gemini-review.yml
name: Gemini Code Review

on:
  pull_request:
    types: [opened, synchronize]
  issue_comment:
    types: [created]

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      issues: write

    steps:
      - uses: actions/checkout@v4

      - name: Run Gemini CLI
        uses: google-github-actions/run-gemini-cli@v1
        with:
          gemini_api_key: ${{ secrets.GEMINI_API_KEY }}
          prompt: "Review this pull request for code quality, security issues, and potential bugs."

On-demand commands in comments:

@gemini-cli /review
@gemini-cli explain this code change
@gemini-cli write unit tests for this component

GitLab CI/CD

# .gitlab-ci.yml
gemini-review:
  image: node:20
  stage: review
  script:
    - npm install -g @google/gemini-cli
    - |
      gemini -p "Review the merge request changes for bugs, security issues, and code quality" > review.md
    - cat review.md
  artifacts:
    paths:
      - review.md
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  variables:
    GEMINI_API_KEY: $GEMINI_API_KEY

Configuration

Global Config

# ~/.gemini/settings.json
{
  "model": "gemini-2.5-pro",
  "theme": "dark",
  "sandbox": true
}

Project Config (GEMINI.md)

Create a GEMINI.md file in your project root for project-specific context:

# Project Context for Gemini

## Tech Stack
- TypeScript with strict mode
- React 18 with hooks
- FastAPI backend
- PostgreSQL database

## Code Review Focus Areas
1. Type safety - ensure proper TypeScript types
2. React hooks rules - check for dependency array issues
3. SQL injection - verify parameterized queries
4. Authentication - check all endpoints have proper auth

## Conventions
- Use camelCase for variables
- Use PascalCase for components
- All API errors should use AppError class

CLI Quick Reference

# Interactive
gemini                          # Start interactive mode
/code-review                    # Run code review extension

# Headless
gemini -p "prompt"              # Single prompt, exit
gemini -p "prompt" --output-format json   # JSON output
gemini -m gemini-2.5-flash -p "prompt"    # Use faster model

# Extensions
gemini extensions list          # List installed
gemini extensions install URL   # Install extension
gemini extensions update        # Update all

# Key Flags
--output-format json            # Structured output
--output-format stream-json     # Real-time events
--session-summary FILE          # Track metrics
-m MODEL                        # Select model

Comparison: Claude vs Codex vs Gemini

When to Use Each

Troubleshooting

Anti-Patterns

• Skipping authentication setup - Always configure before CI/CD
• Using API key in logs - Use secrets management
• Ignoring context limits - Even 1M tokens has limits for huge monorepos
• Running on every commit - Use on PRs only to save quota
• Not setting project context - Add GEMINI.md for better reviews