mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
2ca3810005
## Why Python SDK releases pin an exact `openai-codex-cli-bin` version, so all eight platform runtime wheels must be available on PyPI before the SDK package is built and published. PyPI does not support reusable workflows as Trusted Publishers, which means OIDC-backed publishing must run from each top-level release workflow. ## What changed - add reusable `python-runtime-build.yml` to prepare and upload all eight runtime wheels without publishing - add top-level `python-runtime-release.yml` for manual runtime publication before updating an SDK pin - have `python-sdk-release.yml` publish and verify the prepared runtime wheels from its own top-level trusted job before building the SDK - verify PyPI exposes exactly the expected eight runtime wheels before either release workflow continues ## PyPI configuration - keep the trusted publisher for `.github/workflows/python-sdk-release.yml` with environment `pypi` - add a trusted publisher for `.github/workflows/python-runtime-release.yml` with environment `pypi` - no trusted publisher is needed for `.github/workflows/python-runtime-build.yml` ## Validation - parsed all three workflow YAML files - validated all embedded shell blocks with `bash -n` - no local tests run; relying on online CI
2ca3810005
ยท
2026-06-03 14:29:52 -07:00
History
Workflow Strategy
The workflows in this directory are split so that pull requests get fast, review-friendly signal while main still gets the full cross-platform verification pass.
Pull Requests
bazel.ymlis the main pre-merge verification path for Rust code. It runs Bazeltestand Bazelclippyon the supported Bazel targets, including the generated Rust test binaries needed to lint inline#[cfg(test)]code.rust-ci.ymlkeeps the Cargo-native PR checks intentionally small:cargo fmt --checkcargo shearargument-comment-linton Linux, macOS, and Windowstools/argument-comment-lintpackage tests when the lint or its workflow wiring changes
Post-Merge On main
bazel.ymlalso runs on pushes tomain. This re-verifies the merged Bazel path and helps keep the BuildBuddy caches warm.rust-ci-full.ymlis the full Cargo-native verification workflow. It keeps the heavier checks off the PR path while still validating them after merge:- the full Cargo
clippymatrix - the full Cargo
nextestmatrix via per-platform archive-backed shards - Windows ARM64 nextest archives cross-compiled on Windows x64, then replayed on native Windows ARM64 shards
- release-profile Cargo builds
- cross-platform
argument-comment-lint - Linux remote-env tests
- the full Cargo
Rule Of Thumb
- If a build/test/clippy check can be expressed in Bazel, prefer putting the PR-time version in
bazel.yml. - Keep
rust-ci.ymlfast enough that it usually does not dominate PR latency. - Reserve
rust-ci-full.ymlfor heavyweight Cargo-native coverage that Bazel does not replace yet.