Skip to content
Codex auto review

Remove Black Duck security scan workflow #150

Sign in to view logs

Remove Black Duck security scan workflow

Remove Black Duck security scan workflow #150

Workflow file for this run

.github/workflows/codex-review.yml at f5b850b
name: Codex auto review
on:
pull_request_target:
types: [opened, reopened, synchronize]
jobs:
codex:
# Only run Codex for PRs authored by allowed users
if: |
github.event.pull_request.draft == false && (
github.event.pull_request.user.login == 'EmelyanenkoK' ||
github.event.pull_request.user.login == 'tolya-yanot' ||
github.event.pull_request.user.login == 'SpyCheese' ||
github.event.pull_request.user.login == 'neodix42' ||
github.event.pull_request.user.login == 'dungeon-master-666' ||
github.event.pull_request.user.login == 'igroman787' ||
github.event.pull_request.user.login == 'kdimentionaltree' ||
github.event.pull_request.user.login == 'sonofmom' ||
github.event.pull_request.user.login == 'Trinketer22' ||
github.event.pull_request.user.login == 'xssnick' ||
github.event.pull_request.user.login == 'tolk-vm' ||
github.event.pull_request.user.login == 'DanShaders' ||
github.event.pull_request.user.login == 'birydrad' ||
github.event.pull_request.user.login == 'abacabadabacaba' ||
github.event.pull_request.user.login == 'Mustang98' ||
github.event.pull_request.user.login == 'avevad' ||
github.event.pull_request.user.login == 'tvorogme' ||
github.event.pull_request.user.login == 'krigga'
)
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
outputs:
final_message: ${{ steps.run_codex.outputs['final-message'] }}
steps:
- uses: actions/checkout@v5
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- name: Pre-fetch base and head refs for the PR
run: |
git fetch --no-tags origin \
${{ github.event.pull_request.base.ref }} \
+refs/pull/${{ github.event.pull_request.number }}/head
- name: Run Codex
id: run_codex
uses: openai/codex-action@02e7b2943818fbac9f077c3d1249a198ab358352 # v1.2
with:
openai-api-key: ${{ secrets.OPENAI_API_KEY }}
prompt: |
This is PR #${{ github.event.pull_request.number }} for ${{ github.repository }}.
Review ONLY the changes introduced by the PR, so consider:
git log --oneline ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }}
${{ github.event.pull_request.user.login == 'DanShaders' && 'Commits are supposed to be atomic, so review them one-by-one. Commit descriptions might contain some helpful context.' || '' }}
CI automatically compiles C++ code and builds, lints, and typechecks all Python code, so
disregard any issues that will be found by these checks (this includes presumed
compilation errors, wrong Python package/Git submodule versions, or issues that will
fail the build in any other way). Even though CI runs unit and integration tests, do not
disregard issues that will potentially be found by the tests, as this may help PR
author with debugging and test coverage is far from perfect.
Suggest any improvements, potential bugs, or issues.
Be concise and specific in your feedback. Do not summarize changes in any way unless the
issue is not localized to a single line/function and adding context will help
understanding the issue. if no issues are found, output only "No issues found."
Pull request title and body:
----
${{ github.event.pull_request.title }}
${{ github.event.pull_request.body }}
post_feedback:
runs-on: ubuntu-latest
needs: codex
if: needs.codex.outputs.final_message != ''
permissions:
issues: write
pull-requests: write
steps:
- name: Report Codex feedback
uses: actions/github-script@v7
env:
CODEX_FINAL_MESSAGE: ${{ needs.codex.outputs.final_message }}
with:
github-token: ${{ github.token }}
script: |
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
body: process.env.CODEX_FINAL_MESSAGE,
});