clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-14 08:12:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
80c9922a323dd846fb235ed94696797a9be2bec7
codex/.github/workflows
History
jif-oai 5744b85b9a fix: cargo deny (#20627) 
Fix cargo deny by ack the `RUSTSEC` while a fix land
```
  RUSTSEC-2026-0118
  NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

  RUSTSEC-2026-0119
  CPU exhaustion during message encoding due to O(n²) name compression

  Dependency path:

  hickory-proto 0.25.2
  └── hickory-resolver 0.25.2
      └── rama-dns 0.3.0-alpha.4
          └── rama-tcp 0.3.0-alpha.4
              └── codex-network-proxy
```

Also upgrade some workers version to prevent this:
```
warning[license-not-encountered]: license was not encountered
    ┌─ ./codex-rs/deny.toml:131:6
    │
131 │     "OpenSSL",
    │      ━━━━━━━ unmatched license allowance

warning[duplicate]: found 2 duplicate entries for crate 'base64'
   ┌─ /github/workspace/codex-rs/Cargo.lock:79:1
   │
79 │ ╭ base64 0.21.7 registry+https://github.com/rust-lang/crates.io-index
80 │ │ base64 0.22.1 registry+https://github.com/rust-lang/crates.io-index
   │ ╰───────────────────────────────────────────────────────────────────┘ lock entries
```
2026-05-01 18:15:38 +02:00
..
bazel.yml
fix: restore 30-minute timeout for Bazel builds (#19609)
2026-04-25 16:34:06 -07:00
blob-size-policy.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
cargo-deny.yml
fix: cargo deny (#20627)
2026-05-01 18:15:38 +02:00
ci.yml
ci: pin npm staging smoke test to a recent rust-release run (#19854)
2026-04-27 11:32:48 -07:00
cla.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
close-stale-contributor-prs.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
codespell.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
Dockerfile.bazel
Remove js_repl feature (#19410)
2026-04-24 17:49:29 -07:00
issue-deduplicator.yml
ci: pin codex-action v1.7 (#19472)
2026-04-25 00:44:04 +00:00
issue-labeler.yml
ci: pin codex-action v1.7 (#19472)
2026-04-25 00:44:04 +00:00
README.md
ci: align Bazel repo cache and Windows clippy target handling (#16740)
2026-04-03 20:18:33 -07:00
rust-ci-full.yml
Remove js_repl feature (#19410)
2026-04-24 17:49:29 -07:00
rust-ci.yml
test: set Rust test thread stack size (#19067)
2026-04-22 19:51:49 -07:00
rust-release-argument-comment-lint.yml
fix: pin inputs (#17471)
2026-04-14 01:45:41 +00:00
rust-release-prepare.yml
Remove unused models.json (#18585)
2026-04-19 11:58:55 -07:00
rust-release-windows.yml
ci: increase Windows release workflow timeouts (#20343)
2026-04-29 23:27:04 -07:00
rust-release-zsh.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
rust-release.yml
fix: cargo deny (#20627)
2026-05-01 18:15:38 +02:00
rusty-v8-release.yml
ci: migrate Bazel setup away from archived setup-bazelisk (#19851)
2026-04-27 11:37:30 -07:00
sdk.yml
ci: run SDK tests with a Bazel-built codex (#16046)
2026-03-27 17:17:22 -07:00
v8-canary.yml
ci: migrate Bazel setup away from archived setup-bazelisk (#19851)
2026-04-27 11:37:30 -07:00
zstd
ci(windows): use DotSlash for zstd in rust-release-windows (#11542)
2026-02-11 20:57:11 -08:00

README.md

Workflow Strategy

The workflows in this directory are split so that pull requests get fast, review-friendly signal while main still gets the full cross-platform verification pass.

Pull Requests

  • bazel.yml is the main pre-merge verification path for Rust code. It runs Bazel test and Bazel clippy on the supported Bazel targets, including the generated Rust test binaries needed to lint inline #[cfg(test)] code.
  • rust-ci.yml keeps the Cargo-native PR checks intentionally small:
    • cargo fmt --check
    • cargo shear
    • argument-comment-lint on Linux, macOS, and Windows
    • tools/argument-comment-lint package tests when the lint or its workflow wiring changes

Post-Merge On main

  • bazel.yml also runs on pushes to main. This re-verifies the merged Bazel path and helps keep the BuildBuddy caches warm.
  • rust-ci-full.yml is the full Cargo-native verification workflow. It keeps the heavier checks off the PR path while still validating them after merge:
    • the full Cargo clippy matrix
    • the full Cargo nextest matrix
    • release-profile Cargo builds
    • cross-platform argument-comment-lint
    • Linux remote-env tests

Rule Of Thumb

  • If a build/test/clippy check can be expressed in Bazel, prefer putting the PR-time version in bazel.yml.
  • Keep rust-ci.yml fast enough that it usually does not dominate PR latency.
  • Reserve rust-ci-full.yml for heavyweight Cargo-native coverage that Bazel does not replace yet.
Reference in New Issue View Git Blame Copy Permalink