clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-16 17:23:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
302149d9793173343f5bf3770ee51fe2f56fef73
codex/.github/workflows
History
Shijie Rao 302149d979 Fix signed macOS release promotion follow-up jobs (#22788) 
## Why

The `release_mode=promote_signed` path intentionally skips the build
jobs after signed macOS artifacts are staged, then runs the `release`
job from the signed handoff. In the `rust-v0.131.0-alpha.19` promotion
run, `release` succeeded but the npm, PyPI, and `latest-alpha-cli`
follow-up jobs were skipped because their custom job `if:` expressions
let GitHub Actions apply the implicit `success()` status check before
reading `needs.release.outputs.*`.

The unsigned build handoff does not need DotSlash manifests. Publishing
unsigned DotSlash manifests creates release assets that can conflict
with the later signed promotion, especially shared outputs such as
`bwrap`, `codex-command-runner`, and `codex-windows-sandbox-setup`.

## What Changed

- Stop publishing DotSlash manifests when `SIGN_MACOS == 'false'`.
- Delete `.github/dotslash-unsigned-config.json`.
- Gate post-release jobs with the `!cancelled()` status function plus an
explicit `needs.release.result == 'success'` check before consulting
release outputs.
- Keep the existing publish eligibility rules for npm, PyPI, WinGet, and
`latest-alpha-cli`.

## Verification

- `rg -n "dotslash-unsigned-config|SIGN_MACOS ==
'false'.*dotslash|unsigned-config" .github/workflows/rust-release.yml
.github || true`
- `git diff --check -- .github/workflows/rust-release.yml
.github/dotslash-unsigned-config.json`
2026-05-15 00:43:23 -07:00
..
bazel.yml
Shard Bazel Windows tests across jobs (#22408)
2026-05-13 12:46:51 -07:00
blob-size-policy.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
cargo-deny.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
ci.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
cla.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
close-stale-contributor-prs.yml
[codex] Fully qualify hash-pins in GitHub Actions (#21436)
2026-05-07 14:31:20 -07:00
codespell.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
Dockerfile.bazel
Remove js_repl feature (#19410)
2026-04-24 17:49:29 -07:00
issue-deduplicator.yml
[codex] Address some more GHA hygiene issues (#21622)
2026-05-08 10:19:27 -07:00
README.md
ci: align Bazel repo cache and Windows clippy target handling (#16740)
2026-04-03 20:18:33 -07:00
rust-ci-full.yml
Enable --deny-warnings for cargo shear (#21616)
2026-05-08 20:29:00 +00:00
rust-ci.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
rust-release-argument-comment-lint.yml
[codex] Address some more GHA hygiene issues (#21622)
2026-05-08 10:19:27 -07:00
rust-release-prepare.yml
make rust-release-prepare use env secret (#22702)
2026-05-14 21:45:53 +00:00
rust-release-windows.yml
[1/8] Pin Python SDK runtime dependency (#21891)
2026-05-12 00:42:26 +03:00
rust-release-zsh.yml
[codex] Address some more GHA hygiene issues (#21622)
2026-05-08 10:19:27 -07:00
rust-release.yml
Fix signed macOS release promotion follow-up jobs (#22788)
2026-05-15 00:43:23 -07:00
rusty-v8-release.yml
[codex] Address some more GHA hygiene issues (#21622)
2026-05-08 10:19:27 -07:00
sdk.yml
[8/8] Add Python SDK Ruff formatting (#22021)
2026-05-12 01:10:29 +03:00
v8-canary.yml
ci: check out PR head commits in workflows (#21835)
2026-05-08 15:14:33 -07:00
zstd
ci(windows): use DotSlash for zstd in rust-release-windows (#11542)
2026-02-11 20:57:11 -08:00

README.md

Workflow Strategy

The workflows in this directory are split so that pull requests get fast, review-friendly signal while main still gets the full cross-platform verification pass.

Pull Requests

  • bazel.yml is the main pre-merge verification path for Rust code. It runs Bazel test and Bazel clippy on the supported Bazel targets, including the generated Rust test binaries needed to lint inline #[cfg(test)] code.
  • rust-ci.yml keeps the Cargo-native PR checks intentionally small:
    • cargo fmt --check
    • cargo shear
    • argument-comment-lint on Linux, macOS, and Windows
    • tools/argument-comment-lint package tests when the lint or its workflow wiring changes

Post-Merge On main

  • bazel.yml also runs on pushes to main. This re-verifies the merged Bazel path and helps keep the BuildBuddy caches warm.
  • rust-ci-full.yml is the full Cargo-native verification workflow. It keeps the heavier checks off the PR path while still validating them after merge:
    • the full Cargo clippy matrix
    • the full Cargo nextest matrix
    • release-profile Cargo builds
    • cross-platform argument-comment-lint
    • Linux remote-env tests

Rule Of Thumb

  • If a build/test/clippy check can be expressed in Bazel, prefer putting the PR-time version in bazel.yml.
  • Keep rust-ci.yml fast enough that it usually does not dominate PR latency.
  • Reserve rust-ci-full.yml for heavyweight Cargo-native coverage that Bazel does not replace yet.
Reference in New Issue View Git Blame Copy Permalink