Merge branch 'main' into micro-phases

* main:
  Bump requests from 2.32.4 to 2.32.5 (#1298)
  Fix output of container logs ("print-logs" flag) +  Reuse ScenarioRunner object for all files/iterations (#1290)
  Bump actions/checkout from 4 to 5 in /.github/workflows (#1295)
  Bump python from 3.13.6-slim-bookworm to 3.13.7-slim-bookworm in /docker (#1293)
  Bump actions/create-github-app-token in /.github/workflows (#1294)
  Updated Gemini Actions Workflow to latest version from upstream
  Update gemini-pr-review.yml - Only run when actively triggered via comment
  Bump orjson from 3.11.1 to 3.11.2 (#1288)

Author: ArneTR

.github/workflows/build-and-push-containers.yml

@@ -33,7 +33,7 @@ jobs:
           electricitymaps-api-token: ${{ secrets.ELECTRICITYMAPS_TOKEN }}
 
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
         ## This is needed for multi-architecture builds
       - name: Set up QEMU

.github/workflows/build-codespace-container.yml

@@ -21,7 +21,7 @@ jobs:
           electricitymaps-api-token: ${{ secrets.ELECTRICITYMAPS_TOKEN }}
 
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3

.github/workflows/gemini-pr-review.yml

@@ -1,21 +1,19 @@
 name: '🧐 Gemini Pull Request Review'
 
-# From: https://github.com/google-github-actions/run-gemini-cli/blob/main/examples/workflows/pr-review/gemini-pr-review.yml
-
 on:
-  pull_request:
-    types:
-      - 'opened'
-      - 'reopened'
+#  pull_request:
+#    types:
+#      - 'opened'
+#      - 'reopened'
   issue_comment:
     types:
       - 'created'
-  pull_request_review_comment:
-    types:
-      - 'created'
-  pull_request_review:
-    types:
-      - 'submitted'
+#  pull_request_review_comment:
+#    types:
+#      - 'created'
+#  pull_request_review:
+#    types:
+#      - 'submitted'
   workflow_dispatch:
     inputs:
       pr_number:
@@ -40,11 +38,17 @@ permissions:
 
 jobs:
   review-pr:
+    # This condition seeks to ensure the action is only run when it is triggered by a trusted user.
+    # For private repos, users who have access to the repo are considered trusted.
+    # For public repos, users who members, owners, or collaborators are considered trusted.
     if: |-
       github.event_name == 'workflow_dispatch' ||
       (
         github.event_name == 'pull_request' &&
-        contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association)
+        (
+          github.event.repository.private == true ||
+          contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association)
+        )
       ) ||
       (
         (
@@ -55,25 +59,30 @@ jobs:
           github.event_name == 'pull_request_review_comment'
         ) &&
         contains(github.event.comment.body, '@gemini-cli /review') &&
-        contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.comment.author_association)
+        (
+          github.event.repository.private == true ||
+          contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.comment.author_association)
+        )
       ) ||
       (
         github.event_name == 'pull_request_review' &&
         contains(github.event.review.body, '@gemini-cli /review') &&
-        contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.review.author_association)
+        (
+          github.event.repository.private == true ||
+          contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.review.author_association)
+        )
       )
     timeout-minutes: 5
     runs-on: 'ubuntu-latest'
-
     steps:
       - name: 'Checkout PR code'
-        uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # ratchet:actions/checkout@v4
+        uses: 'actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493' # ratchet:actions/checkout@v4
 
       - name: 'Generate GitHub App Token'
         id: 'generate_token'
         if: |-
           ${{ vars.APP_ID }}
-        uses: 'actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe' # ratchet:actions/create-github-app-token@v2
+        uses: 'actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b' # ratchet:actions/create-github-app-token@v2
         with:
           app-id: '${{ vars.APP_ID }}'
           private-key: '${{ secrets.APP_PRIVATE_KEY }}'
@@ -111,14 +120,14 @@ jobs:
           } >> "${GITHUB_OUTPUT}"
 
 
-      - name: 'Get PR details (issue_comment)'
+      - name: 'Get PR details (issue_comment & reviews)'
         id: 'get_pr_comment'
         if: |-
-          ${{ github.event_name == 'issue_comment' }}
+          ${{ github.event_name == 'issue_comment' || github.event_name == 'pull_request_review' || github.event_name == 'pull_request_review_comment' }}
         env:
           GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}'
-          COMMENT_BODY: '${{ github.event.comment.body }}'
-          PR_NUMBER: '${{ github.event.issue.number }}'
+          COMMENT_BODY: '${{ github.event.comment.body || github.event.review.body }}'
+          PR_NUMBER: '${{ github.event.issue.number || github.event.pull_request.number }}'
         run: |-
           set -euo pipefail
 
@@ -163,6 +172,7 @@ jobs:
           use_gemini_code_assist: '${{ vars.GOOGLE_GENAI_USE_GCA }}'
           settings: |-
             {
+              "debug": ${{ fromJSON(env.DEBUG || env.ACTIONS_STEP_DEBUG || false) }},
               "maxSessionTurns": 20,
               "mcpServers": {
                 "github": {
@@ -213,7 +223,7 @@ jobs:
             ## Steps
 
             Start by running these commands to gather the required data:
-            1. Run: echo $"{REPOSITORY}" to get the github repository in <OWNER>/<REPO> format
+            1. Run: echo "${REPOSITORY}" to get the github repository in <OWNER>/<REPO> format
             2. Run: echo "${PR_DATA}" to get PR details (JSON format)
             3. Run: echo "${CHANGED_FILES}" to get the list of changed files
             4. Run: echo "${PR_NUMBER}" to get the PR number
@@ -455,4 +465,4 @@ jobs:
               repo: '${{ github.repository }}'.split('/')[1],
               issue_number: '${{ steps.get_pr.outputs.pr_number || steps.get_pr_comment.outputs.pr_number }}',
               body: 'There is a problem with the Gemini CLI PR review. Please check the [action logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details.'
-            })
+            })

.github/workflows/tests-bare-metal-main.yml

@@ -34,7 +34,7 @@ jobs:
 
       - if: ${{ github.event_name == 'workflow_dispatch' || steps.check-date.outputs.should_run == 'true'}}
         name: 'Checkout repository'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: 'main'
           submodules: 'false'

.github/workflows/tests-eco-ci-energy-estimation.yaml

@@ -11,7 +11,7 @@ jobs:
       contents: read
     steps:
       - name: 'Checkout repository'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: 'main'
           submodules: 'false'

.github/workflows/tests-vm-mac.yml

@@ -18,7 +18,7 @@ jobs:
 
       - if: ${{ github.event_name == 'workflow_dispatch' || steps.check-date.outputs.should_run == 'true'}}
         name: 'Checkout repository'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.ref }}
           submodules: 'false'

.github/workflows/tests-vm-main.yml

@@ -35,7 +35,7 @@ jobs:
 
       - if: ${{ github.event_name == 'workflow_dispatch' || steps.check-date.outputs.should_run == 'true'}}
         name: 'Checkout repository'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: 'main'
           submodules: 'false'

.github/workflows/tests-vm-pr.yml

@@ -21,7 +21,7 @@ jobs:
           co2-grid-intensity-api-token: ${{ secrets.ELECTRICITYMAPS_TOKEN }}
 
       - name: 'Checkout repository'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.ref }}
           submodules: 'false'

docker/Dockerfile-gunicorn

@@ -1,4 +1,4 @@
-FROM python:3.13.6-slim-bookworm
+FROM python:3.13.7-slim-bookworm
 ENV DEBIAN_FRONTEND=noninteractive
 
 WORKDIR /var/www/startup/

docker/requirements.txt

@@ -7,13 +7,13 @@ uvicorn[standard]==0.35.0
 pandas==2.3.1
 PyYAML==6.0.2
 anybadge==1.16.0
-orjson==3.11.1
+orjson==3.11.2
 scipy==1.15.2
 schema==0.7.7
 deepdiff==8.6.0
 redis==6.4.0
 hiredis==3.2.1
-requests==2.32.4
+requests==2.32.5
 uvicorn-worker==0.3.0
 cachetools==6.1.0