feat: codex-linux-sandbox standalone executable (#740)

This introduces a standalone executable that run the equivalent of the `codex debug landlock` subcommand and updates `rust-release.yml` to include it in the release. The idea is that we will include this small binary with the TypeScript CLI to provide support for Linux sandboxing.
2025-04-29 19:21:26 -07:00
parent 27bc4516bf
commit 411bfeb410
9 changed files with 105 additions and 53 deletions
--- a/.github/dotslash-config.json
+++ b/.github/dotslash-config.json
@@ -25,6 +25,13 @@
        "linux-x86_64":   { "regex": "^codex-cli-x86_64-unknown-linux-musl\\.zst$",     "path": "codex-cli" },
        "linux-aarch64":  { "regex": "^codex-cli-aarch64-unknown-linux-gnu\\.zst$",     "path": "codex-cli" }
      }
+    },
+
+    "codex-linux-sandbox": {
+      "platforms": {
+        "linux-x86_64":   { "regex": "^codex-linux-sandbox-x86_64-unknown-linux-musl\\.zst$",     "path": "codex-linux-sandbox" },
+        "linux-aarch64":  { "regex": "^codex-linux-sandbox-aarch64-unknown-linux-gnu\\.zst$",     "path": "codex-linux-sandbox" }
+      }
    }
  }
 }
--- a/.github/workflows/rust-release.yml
+++ b/.github/workflows/rust-release.yml
@@ -106,6 +106,15 @@ jobs:
          cp target/${{ matrix.target }}/release/codex-exec "$dest/codex-exec-${{ matrix.target }}"
          cp target/${{ matrix.target }}/release/codex-cli "$dest/codex-cli-${{ matrix.target }}"

+      - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' }} || ${{ matrix.target == 'aarch64-unknown-linux-gnu' }}
+        name: Stage Linux-only artifacts
+        shell: bash
+        run: |
+          cp target/${{ matrix.target }}/release/codex-linux-sandbox "$dest/codex-linux-sandbox-${{ matrix.target }}"
+
+      - name: Compress artifacts
+        shell: bash
+        run: |
          zstd -T0 -19 --rm "$dest"/*

      - uses: actions/upload-artifact@v4