mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
1168254bd9
## Why It's hard to change the set of required jobs when they're managed in the GitHub UI, and when each workflow is responsible for choosing it's own scheduling it's easy to end up with skew between what we enforce on PRs vs. on main. ## What - add a `blocking-ci` caller workflow, triggered by pull requests and pushes to `main`, for Bazel, blob size, cargo-deny, Codespell, `repo-checks`, rust CI, and SDK CI - add an `always()` terminal job named `CI required` that fails unless every called workflow succeeds - add a `postmerge-ci` caller workflow for `rust-ci-full` and `v8-canary`, with a terminal `Postmerge CI results` job - centralize V8 relevance detection in `v8_canary_changes.py`; unrelated PR and postmerge runs execute metadata only and skip the expensive build matrices - leave `v8-canary` outside the blocking gate and leave the external `cla` check independent ## Rollout A repository admin must replace the existing required GitHub Actions contexts with `CI required` in the main-branch ruleset. Retain `cla` as a separate required check. Until that change is coordinated, this PR cannot satisfy the old standalone check names. In-flight PRs will need to be rebased after this lands.
94 lines
3.4 KiB
YAML
94 lines
3.4 KiB
YAML
name: repo-checks
|
|
|
|
on:
|
|
workflow_call:
|
|
|
|
jobs:
|
|
build-test:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 10
|
|
env:
|
|
NODE_OPTIONS: --max-old-space-size=4096
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
|
|
persist-credentials: false
|
|
|
|
- name: Verify codex-rs Cargo manifests inherit workspace settings
|
|
run: python3 .github/scripts/verify_cargo_workspace_manifests.py
|
|
|
|
- name: Verify codex-tui does not import codex-core directly
|
|
run: python3 .github/scripts/verify_tui_core_boundary.py
|
|
|
|
- name: Verify Bazel clippy flags match Cargo workspace lints
|
|
run: python3 .github/scripts/verify_bazel_clippy_lints.py
|
|
|
|
- name: Test Codex package builder
|
|
run: python3 -m unittest discover -s scripts/codex_package -p 'test_*.py'
|
|
|
|
- name: Setup pnpm
|
|
uses: pnpm/action-setup@a8198c4bff370c8506180b035930dea56dbd5288 # v5
|
|
with:
|
|
run_install: false
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
|
with:
|
|
node-version: 22
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Stage npm package
|
|
id: stage_npm_package
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
set -euo pipefail
|
|
# Use a recent successful rust-release run that published the full
|
|
# cross-platform native payload required by the npm package layout.
|
|
# Passing the workflow URL directly avoids relying on old rust-v*
|
|
# branches remaining discoverable via `gh run list --branch ...`.
|
|
CODEX_VERSION=0.133.0-alpha.4
|
|
WORKFLOW_URL="https://github.com/openai/codex/actions/runs/26201494185"
|
|
OUTPUT_DIR="${RUNNER_TEMP}"
|
|
python3 ./scripts/stage_npm_packages.py \
|
|
--release-version "$CODEX_VERSION" \
|
|
--workflow-url "$WORKFLOW_URL" \
|
|
--package codex \
|
|
--output-dir "$OUTPUT_DIR"
|
|
PACK_OUTPUT="${OUTPUT_DIR}/codex-npm-${CODEX_VERSION}.tgz"
|
|
echo "pack_output=$PACK_OUTPUT" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Upload staged npm package artifact
|
|
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
|
with:
|
|
name: codex-npm-staging
|
|
path: ${{ steps.stage_npm_package.outputs.pack_output }}
|
|
|
|
- name: Ensure root README.md contains only ASCII and certain Unicode code points
|
|
run: ./scripts/asciicheck.py README.md
|
|
- name: Check root README ToC
|
|
run: python3 scripts/readme_toc.py README.md
|
|
|
|
- uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
|
|
with:
|
|
tool: just@1.51.0
|
|
- name: Install uv
|
|
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
|
|
with:
|
|
version: "0.11.3"
|
|
- name: Install DotSlash
|
|
uses: facebook/install-dotslash@1e4e7b3e07eaca387acb98f1d4720e0bee8dbb6a # v2
|
|
- name: Check formatting (run `just fmt` to fix)
|
|
run: just fmt-check
|
|
|
|
- name: Prettier (run `pnpm run format:fix` to fix)
|
|
run: pnpm run format
|
|
|
|
- name: Check for a clean worktree
|
|
if: always() && !cancelled()
|
|
uses: ./.github/actions/check-clean-worktree
|