Symptom: Connection setup fails with NO_START_LINE or similar PEM error.
Cause: The PEM key was stored or written with stripped newlines.
Fix: Ensure the secret contains the full PEM including headers, and use printf (not echo) when writing it. The action.yml already handles this correctly -- verify your secret value includes -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----.
Symptom: Model X not available in your region
Fix: Enable cross-region inference as ACCOUNTADMIN:
ALTER ACCOUNT SET CORTEX_ENABLED_CROSS_REGION = 'AWS_US';Or switch to a model available in your region.
Symptom: Action completes successfully but posts no review.
Cause: The GitHub event doesn't match any mode.
- For review mode: ensure the workflow triggers on
pull_request: [opened, synchronize] - For mention mode: ensure the workflow triggers on
issue_comment - Check that
mode: auto(default) is not overridden to a non-matching value
Fork PRs run without access to repository secrets by default (GitHub security model). The action will fail silently because SNOWFLAKE_PRIVATE_KEY is not available.
Workaround: Use pull_request_target with caution (see GitHub docs on pwn requests).
If the progress comment appears but doesn't update, check that GITHUB_TOKEN has pull-requests: write permission in the workflow.
Increase max_turns (up to 15) or add more context in prompt:
max_turns: "10"
prompt: "Focus on the dbt models in models/staging/. Check for missing tests."All security gate denials are logged to GitHub Actions output. Check the step logs for lines like:
SQL execution is permanently disabled in this action. Blocked tool: "..."
Access to sensitive file path denied: "..."
This confirms the security gate is working correctly.