mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
dev
10 Commits
-
make rust-release-prepare use env secret (#22702)
made a `rust-release-prepare` environment with the necessary API key as an environment secret. use this in the workflow rather than the action secret. once this merges and i confirm it works as intended, ill rm the action secret.
sayan-oai 路
2026-05-14 21:45:53 +00:00 -
[codex] Address some more GHA hygiene issues (#21622)
This does two things: - We use `persist-credentials: false` everywhere now. This is unfortunately not the default in GitHub Actions, but it prevents `actions/checkout` from dropping `secrets.GITHUB_TOKEN` onto disk. - We interpose (some) template expansions through environment variables. I've limited this to contexts that have non-fixed values; contexts that are fixed (like `*.result`) are not dangerous to expand directly inline (but maybe we should clean those up in the future for consistency anyways). This is a medium-risk change in terms of CI breakage: I did a scan for usage of `git push` and other commands that implicitly use the persisted credential, but couldn't find any. Even still, some implicit usages of the persisted credentials may be lurking. Please ping ww@ if any issues arise.
William Woodruff 路
2026-05-08 10:19:27 -07:00 -
[codex] Fully qualify hash-pins in GitHub Actions (#21436)
This builds on top of https://github.com/openai/codex/pull/15828 by ensuring that hash-pinned actions with version comments are fully qualified, rather than referencing floating/mutable comments like "v7". This makes actions management tools behave more consistently. This shouldn't break anything, since it's comment only. But if it does, ping ww@ 馃檪
William Woodruff 路
2026-05-07 14:31:20 -07:00 -
Remove unused models.json (#18585)
- Remove the stale core models catalog. - Update the release workflow to refresh the active models-manager catalog.
Ahmed Ibrahim 路
2026-04-19 11:58:55 -07:00 -
[codex] Pin GitHub Actions workflow references (#15828)
Pin floating external GitHub Actions workflow refs to immutable SHAs. Why are we doing this? Please see the rationale doc: https://docs.google.com/document/d/1qOURCNx2zszQ0uWx7Fj5ERu4jpiYjxLVWBWgKa2wTsA/edit?tab=t.0 Did this break you? Please roll back and let hintz@ know
Drew Hintz 路
2026-03-27 23:00:05 +00:00 -
ci: prevent workflows from running on forks (#8629)
## Summary Forked repositories inherit GitHub Actions workflows including scheduled ones. This causes: 1. **Wasted Actions minutes** - Scheduled workflows run on forks even though they will fail 2. **Failed runs** - Workflows requiring `CODEX_OPENAI_API_KEY` fail immediately on forks 3. **Noise** - Fork owners see failed workflow runs they didn't trigger This PR adds `if: github.repository == 'openai/codex'` guards to workflows that should only run on the upstream repository. ### Affected workflows | Workflow | Trigger | Issue | |----------|---------|-------| | `rust-release-prepare` | `schedule: */4 hours` | Runs 6x/day on every fork | | `close-stale-contributor-prs` | `schedule: daily` | Runs daily on every fork | | `issue-deduplicator` | `issues: opened` | Requires `CODEX_OPENAI_API_KEY` | | `issue-labeler` | `issues: opened` | Requires `CODEX_OPENAI_API_KEY` | ### Note `cla.yml` already has this guard (`github.repository_owner == 'openai'`), so it was not modified. ## Test plan - [ ] Verify workflows still run correctly on `openai/codex` - [ ] Verify workflows are skipped on forks (can check via Actions tab on any fork)
leezenn 路
2026-01-03 13:12:16 -07:00 -
chore(deps): bump peter-evans/create-pull-request from 7 to 8 (#8410)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7 to 8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's releases</a>.</em></p> <blockquote> <h2>Create Pull Request v8.0.0</h2> <h2>What's new in v8</h2> <ul> <li>Requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later if you are using a self-hosted runner for Node 24 support.</li> </ul> <h2>What's Changed</h2> <ul> <li>chore: Update checkout action version to v6 by <a href="https://github.com/yonas"><code>@鈥媦onas</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4258">peter-evans/create-pull-request#4258</a></li> <li>Update actions/checkout references to <a href="https://github.com/v6"><code>@鈥媣6</code></a> in docs by <a href="https://github.com/Copilot"><code>@鈥婥opilot</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4259">peter-evans/create-pull-request#4259</a></li> <li>feat: v8 by <a href="https://github.com/peter-evans"><code>@鈥媝eter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4260">peter-evans/create-pull-request#4260</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yonas"><code>@鈥媦onas</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4258">peter-evans/create-pull-request#4258</a></li> <li><a href="https://github.com/Copilot"><code>@鈥婥opilot</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4259">peter-evans/create-pull-request#4259</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.11...v8.0.0">https://github.com/peter-evans/create-pull-request/compare/v7.0.11...v8.0.0</a></p> <h2>Create Pull Request v7.0.11</h2> <h2>What's Changed</h2> <ul> <li>fix: restrict remote prune to self-hosted runners by <a href="https://github.com/peter-evans"><code>@鈥媝eter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4250">peter-evans/create-pull-request#4250</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11">https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11</a></p> <h2>Create Pull Request v7.0.10</h2> <p>鈿欙笍 Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.</p> <h2>What's Changed</h2> <ul> <li>build(deps): bump the github-actions group with 2 updates by <a href="https://github.com/dependabot"><code>@鈥媎ependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4235">peter-evans/create-pull-request#4235</a></li> <li>build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by <a href="https://github.com/dependabot"><code>@鈥媎ependabot</code></a>[bot] in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4240">peter-evans/create-pull-request#4240</a></li> <li>fix: provider list pulls fallback for multi fork same owner by <a href="https://github.com/peter-evans"><code>@鈥媝eter-evans</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4245">peter-evans/create-pull-request#4245</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/obnyis"><code>@鈥媜bnyis</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4064">peter-evans/create-pull-request#4064</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10">https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10</a></p> <h2>Create Pull Request v7.0.9</h2> <p>鈿欙笍 Fixes an <a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4228">incompatibility</a> with the recently released <code>actions/checkout@v6</code>.</p> <h2>What's Changed</h2> <ul> <li>~70 dependency updates by <a href="https://github.com/dependabot"><code>@鈥媎ependabot</code></a></li> <li>docs: fix workaround description about <code>ready_for_review</code> by <a href="https://github.com/ybiquitous"><code>@鈥媦biquitous</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3939">peter-evans/create-pull-request#3939</a></li> <li>Docs: <code>add-paths</code> default behavior by <a href="https://github.com/joeflack4"><code>@鈥媕oeflack4</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3928">peter-evans/create-pull-request#3928</a></li> <li>docs: update to create-github-app-token v2 by <a href="https://github.com/Goooler"><code>@鈥婫oooler</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4063">peter-evans/create-pull-request#4063</a></li> <li>Fix compatibility with actions/checkout@v6 by <a href="https://github.com/ericsciple"><code>@鈥媏ricsciple</code></a> in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4230">peter-evans/create-pull-request#4230</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/joeflack4"><code>@鈥媕oeflack4</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/3928">peter-evans/create-pull-request#3928</a></li> <li><a href="https://github.com/Goooler"><code>@鈥婫oooler</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4063">peter-evans/create-pull-request#4063</a></li> <li><a href="https://github.com/ericsciple"><code>@鈥媏ricsciple</code></a> made their first contribution in <a href="https://redirect.github.com/peter-evans/create-pull-request/pull/4230">peter-evans/create-pull-request#4230</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/peter-evans/create-pull-request/commit/98357b18bf14b5342f975ff684046ec3b2a07725"><code>98357b1</code></a> feat: v8 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4260">#4260</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/41c0e4b7899a4a0922bf899d64c5f25738cfe356"><code>41c0e4b</code></a> Update actions/checkout references to <a href="https://github.com/v6"><code>@鈥媣6</code></a> in docs (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4259">#4259</a>)</li> <li><a href="https://github.com/peter-evans/create-pull-request/commit/994332de4c8124517167807167073cf397678768"><code>994332d</code></a> chore: Update checkout action version to v6 (<a href="https://redirect.github.com/peter-evans/create-pull-request/issues/4258">#4258</a>)</li> <li>See full diff in <a href="https://github.com/peter-evans/create-pull-request/compare/v7...v8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] 路
2025-12-22 08:31:58 -07:00 -
fix the models script (#8163)
look at [failure](https://github.com/openai/codex/actions/runs/20294685253/job/58285812472)
Ahmed Ibrahim 路
2025-12-16 23:16:54 -08:00 -
Add
user_agentheader (#8149)add `user_agent` header and remove rust tool chain
Ahmed Ibrahim 路
2025-12-16 16:23:24 -08:00 -
Add a workflow for a hardcoded version of models (#8118)
- Fetch the endpoint - Make a PR
Ahmed Ibrahim 路
2025-12-16 15:39:36 -08:00