clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-13 15:52:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d1bc9b4e6230f03ca2b38c769f2155cdfd161ff7
codex/.github/workflows
History
Michael Bolin 95599f4544 release: bundle bwrap with Linux codex DotSlash artifact (#21312) 
## Why

#21255 changed the Linux sandbox fallback so Codex can use a bundled
`codex-resources/bwrap` executable when no suitable system `bwrap` is
available. That lookup is relative to the native Codex executable
returned by
`std::env::current_exe()`, as implemented in
[`bundled_bwrap.rs`](9766d3d51c/codex-rs/linux-sandbox/src/bundled_bwrap.rs (L83-L93)).

The release already publishes a separate `bwrap` DotSlash output, but
the Linux `codex` DotSlash output still pointed at a single-binary
`.zst` payload. Running the `codex` DotSlash manifest only materializes
the native `codex` executable; it does not also create sibling files
from the separate `bwrap` manifest. The fallback path therefore needs
the Linux `codex` DotSlash artifact itself to include the real `bwrap`
executable at `codex-resources/bwrap`.

## What changed

- stage a Linux primary `codex-<target>-bundle.tar.zst` release artifact
containing `codex` and `codex-resources/bwrap`
- point the Linux `codex` DotSlash outputs at that bundle tarball
- leave the standalone `bwrap` DotSlash output in place for consumers
that want to fetch `bwrap` directly

## Verification

- `jq . .github/dotslash-config.json`
- Ruby YAML parse of `.github/workflows/rust-release.yml`
2026-05-06 12:23:17 -07:00
..
bazel.yml
linux-sandbox: use standalone bundled bwrap (#21255)
2026-05-06 12:23:16 -07:00
blob-size-policy.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
cargo-deny.yml
fix: cargo deny (#20627)
2026-05-01 18:15:38 +02:00
ci.yml
release/npm: bundle standalone bwrap on Linux (#21257)
2026-05-06 12:23:16 -07:00
cla.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
close-stale-contributor-prs.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
codespell.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
Dockerfile.bazel
Remove js_repl feature (#19410)
2026-04-24 17:49:29 -07:00
issue-deduplicator.yml
ci: pin codex-action v1.7 (#19472)
2026-04-25 00:44:04 +00:00
issue-labeler.yml
[codex] Add issue labeler area labels (#20893)
2026-05-03 09:25:42 -07:00
README.md
ci: align Bazel repo cache and Windows clippy target handling (#16740)
2026-04-03 20:18:33 -07:00
rust-ci-full.yml
Remove js_repl feature (#19410)
2026-04-24 17:49:29 -07:00
rust-ci.yml
test: set Rust test thread stack size (#19067)
2026-04-22 19:51:49 -07:00
rust-release-argument-comment-lint.yml
fix: pin inputs (#17471)
2026-04-14 01:45:41 +00:00
rust-release-prepare.yml
Remove unused models.json (#18585)
2026-04-19 11:58:55 -07:00
rust-release-windows.yml
ci: increase Windows release workflow timeouts (#20343)
2026-04-29 23:27:04 -07:00
rust-release-zsh.yml
[codex] Pin GitHub Actions workflow references (#15828)
2026-03-27 23:00:05 +00:00
rust-release.yml
release: bundle bwrap with Linux codex DotSlash artifact (#21312)
2026-05-06 12:23:17 -07:00
rusty-v8-release.yml
ci: trigger rusty-v8 releases from tags (#21259)
2026-05-05 16:56:43 -07:00
sdk.yml
ci: run SDK tests with a Bazel-built codex (#16046)
2026-03-27 17:17:22 -07:00
v8-canary.yml
Enable V8 sandboxing for source-built builds (#21146)
2026-05-05 14:36:37 -07:00
zstd
ci(windows): use DotSlash for zstd in rust-release-windows (#11542)
2026-02-11 20:57:11 -08:00

README.md

Workflow Strategy

The workflows in this directory are split so that pull requests get fast, review-friendly signal while main still gets the full cross-platform verification pass.

Pull Requests

  • bazel.yml is the main pre-merge verification path for Rust code. It runs Bazel test and Bazel clippy on the supported Bazel targets, including the generated Rust test binaries needed to lint inline #[cfg(test)] code.
  • rust-ci.yml keeps the Cargo-native PR checks intentionally small:
    • cargo fmt --check
    • cargo shear
    • argument-comment-lint on Linux, macOS, and Windows
    • tools/argument-comment-lint package tests when the lint or its workflow wiring changes

Post-Merge On main

  • bazel.yml also runs on pushes to main. This re-verifies the merged Bazel path and helps keep the BuildBuddy caches warm.
  • rust-ci-full.yml is the full Cargo-native verification workflow. It keeps the heavier checks off the PR path while still validating them after merge:
    • the full Cargo clippy matrix
    • the full Cargo nextest matrix
    • release-profile Cargo builds
    • cross-platform argument-comment-lint
    • Linux remote-env tests

Rule Of Thumb

  • If a build/test/clippy check can be expressed in Bazel, prefer putting the PR-time version in bazel.yml.
  • Keep rust-ci.yml fast enough that it usually does not dominate PR latency.
  • Reserve rust-ci-full.yml for heavyweight Cargo-native coverage that Bazel does not replace yet.
Reference in New Issue View Git Blame Copy Permalink