From 0968fb1b5b4956980f3011e95275618d12e3de41 Mon Sep 17 00:00:00 2001
From: Nathan Zylbersztejn <nathan.zylbersztejn@gmail.com>
Date: Thu, 21 May 2026 14:43:37 +0200
Subject: [PATCH] fix(ci): pass GOOGLE_API_KEY and BLOB_READ_WRITE_TOKEN to
 analyze
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The analyzer was silently disabling feature-image generation in every
deploy workflow because neither the Gemini API key nor the Vercel Blob
token were exported to `gitpulse analyze`. CI logs show
`images: skipped (GEMINI_API_KEY or GOOGLE_API_KEY missing)` on each
run — emitted once at startup, then per-PR processing proceeds without
ever entering the image branch.

Wire both secrets through the analyze step in all three workflows
(self-deploy, deploy-vercel, deploy-vercel-staging). They must be
added together: the AI key alone would then trip the Vercel Blob
storage constructor (cli/src/image/storage/vercel-blob.ts), which
requires BLOB_READ_WRITE_TOKEN.
---
 .github/workflows/deploy-vercel-staging.yml | 5 +++++
 .github/workflows/deploy-vercel.yml         | 5 +++++
 .github/workflows/self-deploy.yml           | 5 +++++
 3 files changed, 15 insertions(+)

diff --git a/.github/workflows/deploy-vercel-staging.yml b/.github/workflows/deploy-vercel-staging.yml
index 2b320b5..6885508 100644
--- a/.github/workflows/deploy-vercel-staging.yml
+++ b/.github/workflows/deploy-vercel-staging.yml
@@ -59,6 +59,11 @@ jobs:
           GITPULSE_SITE_URL: ${{ vars.VERCEL_SITE_URL }}
           OPENAI_API_KEY: ${{ secrets.MINIMAX_API_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Image generation: Gemini for the model, Vercel Blob for hosting.
+          # Both must be set together — adding only one trips the other half
+          # of the pipeline (cfg.imageAi vs createStorage).
+          GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+          BLOB_READ_WRITE_TOKEN: ${{ secrets.BLOB_READ_WRITE_TOKEN }}
 
       - name: Build site from main source
         run: |
diff --git a/.github/workflows/deploy-vercel.yml b/.github/workflows/deploy-vercel.yml
index d91ee8d..984da22 100644
--- a/.github/workflows/deploy-vercel.yml
+++ b/.github/workflows/deploy-vercel.yml
@@ -68,6 +68,11 @@ jobs:
           GITPULSE_SITE_URL: ${{ vars.VERCEL_SITE_URL }}
           OPENAI_API_KEY: ${{ secrets.MINIMAX_API_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Image generation: Gemini for the model, Vercel Blob for hosting.
+          # Both must be set together — adding only one trips the other half
+          # of the pipeline (cfg.imageAi vs createStorage).
+          GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+          BLOB_READ_WRITE_TOKEN: ${{ secrets.BLOB_READ_WRITE_TOKEN }}
 
       - name: Build site (gitpulse build)
         run: gitpulse build
diff --git a/.github/workflows/self-deploy.yml b/.github/workflows/self-deploy.yml
index 94414d3..62e58cb 100644
--- a/.github/workflows/self-deploy.yml
+++ b/.github/workflows/self-deploy.yml
@@ -73,6 +73,11 @@ jobs:
           GITPULSE_SITE_URL: ${{ vars.VERCEL_SITE_URL }}
           OPENAI_API_KEY: ${{ secrets.MINIMAX_API_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Image generation: Gemini for the model, Vercel Blob for hosting.
+          # Both must be set together — adding only one trips the other half
+          # of the pipeline (cfg.imageAi vs createStorage).
+          GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
+          BLOB_READ_WRITE_TOKEN: ${{ secrets.BLOB_READ_WRITE_TOKEN }}
 
       - name: Stage analyzer output for the in-repo site
         run: |