baa92f37e0
This is a first cut at a GitHub Action that lets you define prompt
templates in `.md` files under `.github/codex/labels` that will run
Codex with the associated prompt when the label is added to a GitHub
pull request.
For example, this PR includes these files:
```
.github/codex/labels/codex-attempt.md
.github/codex/labels/codex-code-review.md
.github/codex/labels/codex-investigate-issue.md
```
And the new `.github/workflows/codex.yml` workflow declares the
following triggers:
```yaml
on:
issues:
types: [opened, labeled]
pull_request:
branches: [main]
types: [labeled]
```
as well as the following expression to gate the action:
```
jobs:
codex:
if: |
(github.event_name == 'issues' && (
(github.event.action == 'labeled' && (github.event.label.name == 'codex-attempt' || github.event.label.name == 'codex-investigate-issue'))
)) ||
(github.event_name == 'pull_request' && github.event.action == 'labeled' && github.event.label.name == 'codex-code-review')
```
Note the "actor" who added the label must have write access to the repo
for the action to take effect.
After adding a label, the action will "ack" the request by replacing the
original label (e.g., `codex-review`) with an `-in-progress` suffix
(e.g., `codex-review-in-progress`). When it is finished, it will swap
the `-in-progress` label with a `-completed` one (e.g.,
`codex-review-completed`).
Users of the action are responsible for providing an `OPENAI_API_KEY`
and making it available as a secret to the action.
77 lines
2.8 KiB
YAML
77 lines
2.8 KiB
YAML
name: Codex
|
|
|
|
on:
|
|
issues:
|
|
types: [opened, labeled]
|
|
pull_request:
|
|
branches: [main]
|
|
types: [labeled]
|
|
|
|
jobs:
|
|
codex:
|
|
# This `if` check provides complex filtering logic to avoid running Codex
|
|
# on every PR. Admittedly, one thing this does not verify is whether the
|
|
# sender has write access to the repo: that must be done as part of a
|
|
# runtime step.
|
|
#
|
|
# Note the label values should match the ones in the .github/codex/labels
|
|
# folder.
|
|
if: |
|
|
(github.event_name == 'issues' && (
|
|
(github.event.action == 'labeled' && (github.event.label.name == 'codex-attempt' || github.event.label.name == 'codex-triage'))
|
|
)) ||
|
|
(github.event_name == 'pull_request' && github.event.action == 'labeled' && github.event.label.name == 'codex-review')
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write # can push or create branches
|
|
issues: write # for comments + labels on issues/PRs
|
|
pull-requests: write # for PR comments/labels
|
|
steps:
|
|
# TODO: Consider adding an optional mode (--dry-run?) to actions/codex
|
|
# that verifies whether Codex should actually be run for this event.
|
|
# (For example, it may be rejected because the sender does not have
|
|
# write access to the repo.) The benefit would be two-fold:
|
|
# 1. As the first step of this job, it gives us a chance to add a reaction
|
|
# or comment to the PR/issue ASAP to "ack" the request.
|
|
# 2. It saves resources by skipping the clone and setup steps below if
|
|
# Codex is not going to run.
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
# We install the dependencies like we would for an ordinary CI job,
|
|
# particularly because Codex will not have network access to install
|
|
# these dependencies.
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 22
|
|
|
|
- name: Install dependencies (codex-cli)
|
|
working-directory: codex-cli
|
|
run: npm ci
|
|
|
|
- uses: dtolnay/rust-toolchain@1.87
|
|
with:
|
|
targets: x86_64-unknown-linux-gnu
|
|
components: clippy
|
|
|
|
- uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cargo/bin/
|
|
~/.cargo/registry/index/
|
|
~/.cargo/registry/cache/
|
|
~/.cargo/git/db/
|
|
${{ github.workspace }}/codex-rs/target/
|
|
key: cargo-ubuntu-24.04-x86_64-unknown-linux-gnu-${{ hashFiles('**/Cargo.lock') }}
|
|
|
|
# Note it is possible that the `verify` step internal to Run Codex will
|
|
# fail, in which case the work to setup the repo was worthless :(
|
|
- name: Run Codex
|
|
uses: ./.github/actions/codex
|
|
with:
|
|
openai_api_key: ${{ secrets.CODEX_OPENAI_API_KEY }}
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
codex_home: ./.github/codex/home
|