clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-15 08:42:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev/mzeng/codex_apps_mcp_declare
codex/.github/workflows
History
Shijie Rao e79e1b42b9 Chore: better published unsigned artifacts (#22649) 
This is the exact same change as @bolinfest made but he could not push
because of github action change permission.

## Why

The `rust-release` workflow can now be run manually with
`sign_macos=false` to skip macOS signing, but that path previously
stopped before creating a GitHub Release. That left the unsigned macOS
binaries available only as workflow-run artifacts, which are awkward to
fetch from automation and cannot be retrieved with a simple
unauthenticated `curl`.

For the unsigned path we still should not perform the normal release
side effects: no npm or Python publishing, no WinGet publishing, no
`latest-alpha-cli` branch update, and no promotion to GitHub's latest
release. The goal is only to make the build outputs easy to fetch from
the release page.

## What changed

- Allow the `release` job in `.github/workflows/rust-release.yml` to run
for `workflow_dispatch` runs with `sign_macos=false`.
- For unsigned runs, keep the unsigned macOS artifacts plus the normal
Linux and Windows release artifacts needed for DotSlash, then
create/update the GitHub Release with `make_latest: false`.
- Keep the normal publish/promote paths gated to signed releases:
  - npm staging and publish
  - Python runtime publish
  - WinGet publish
  - `latest-alpha-cli` update
  - developer-site deploy
  - normal DotSlash release files
- Add `.github/dotslash-unsigned-config.json`, which publishes
`*-unsigned` DotSlash files that use unsigned macOS artifacts and the
normal Linux/Windows artifacts.


## What I added
PLEASE READ THIS!!!
I added `codex-command-runner` and `codex-windows-sandbox-setup` entries
to `.github/dotslash-unsigned-config.json` so that with
`sign_macos=false` we would still get the dotslash files for those
artifacts which are necessary for windows builds.
2026-05-14 08:47:21 -07:00
..
bazel.yml
Shard Bazel Windows tests across jobs (#22408)
2026-05-13 12:46:51 -07:00
blob-size-policy.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
cargo-deny.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
ci.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
cla.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
close-stale-contributor-prs.yml
[codex] Fully qualify hash-pins in GitHub Actions (#21436)
2026-05-07 14:31:20 -07:00
codespell.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
Dockerfile.bazel
Remove js_repl feature (#19410)
2026-04-24 17:49:29 -07:00
issue-deduplicator.yml
[codex] Address some more GHA hygiene issues (#21622)
2026-05-08 10:19:27 -07:00
README.md
ci: align Bazel repo cache and Windows clippy target handling (#16740)
2026-04-03 20:18:33 -07:00
rust-ci-full.yml
Enable --deny-warnings for cargo shear (#21616)
2026-05-08 20:29:00 +00:00
rust-ci.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
rust-release-argument-comment-lint.yml
[codex] Address some more GHA hygiene issues (#21622)
2026-05-08 10:19:27 -07:00
rust-release-prepare.yml
[codex] Address some more GHA hygiene issues (#21622)
2026-05-08 10:19:27 -07:00
rust-release-windows.yml
[1/8] Pin Python SDK runtime dependency (#21891)
2026-05-12 00:42:26 +03:00
rust-release-zsh.yml
[codex] Address some more GHA hygiene issues (#21622)
2026-05-08 10:19:27 -07:00
rust-release.yml
Chore: better published unsigned artifacts (#22649)
2026-05-14 08:47:21 -07:00
rusty-v8-release.yml
[codex] Address some more GHA hygiene issues (#21622)
2026-05-08 10:19:27 -07:00
sdk.yml
[8/8] Add Python SDK Ruff formatting (#22021)
2026-05-12 01:10:29 +03:00
v8-canary.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
zstd
ci(windows): use DotSlash for zstd in rust-release-windows (#11542)
2026-02-11 20:57:11 -08:00

README.md

Workflow Strategy

The workflows in this directory are split so that pull requests get fast, review-friendly signal while main still gets the full cross-platform verification pass.

Pull Requests

  • bazel.yml is the main pre-merge verification path for Rust code. It runs Bazel test and Bazel clippy on the supported Bazel targets, including the generated Rust test binaries needed to lint inline #[cfg(test)] code.
  • rust-ci.yml keeps the Cargo-native PR checks intentionally small:
    • cargo fmt --check
    • cargo shear
    • argument-comment-lint on Linux, macOS, and Windows
    • tools/argument-comment-lint package tests when the lint or its workflow wiring changes

Post-Merge On main

  • bazel.yml also runs on pushes to main. This re-verifies the merged Bazel path and helps keep the BuildBuddy caches warm.
  • rust-ci-full.yml is the full Cargo-native verification workflow. It keeps the heavier checks off the PR path while still validating them after merge:
    • the full Cargo clippy matrix
    • the full Cargo nextest matrix
    • release-profile Cargo builds
    • cross-platform argument-comment-lint
    • Linux remote-env tests

Rule Of Thumb

  • If a build/test/clippy check can be expressed in Bazel, prefer putting the PR-time version in bazel.yml.
  • Keep rust-ci.yml fast enough that it usually does not dominate PR latency.
  • Reserve rust-ci-full.yml for heavyweight Cargo-native coverage that Bazel does not replace yet.
Reference in New Issue View Git Blame Copy Permalink