Shijie Rao
0f2b589d5e
Revert "feat: windows codesign with Azure trusted signing" ( #7753 )
...
Reverts openai/codex#7675
2025-12-08 16:09:28 -08:00
Shijie Rao
badda736c6
feat: windows codesign with Azure trusted signing ( #7675 )
...
### Summary
Set up codesign for windows dist with [Azure trusted
signing](https://azure.microsoft.com/en-us/products/trusted-signing ) and
[its github action
integration](https://github.com/Azure/trusted-signing-action ).
2025-12-08 15:12:01 -08:00
Shijie Rao
28e7218c0b
feat: linux codesign with sigstore ( #7674 )
...
### Summary
Linux codesigning with sigstore and test run output at
https://github.com/openai/codex/actions/runs/19994328162?pr=7662 .
Sigstore is one of the few ways for codesigning for linux platform.
Linux is open sourced and therefore binary/dist validation comes with
the build itself instead of a central authority like Windows or Mac.
Alternative here is to use GPG which again a public key included with
the bundle for validation. Advantage with Sigstore is that we do not
have to create a private key for signing but rather with[ keyless
signing](https://docs.sigstore.dev/cosign/signing/overview/ ).
This should be sufficient for us at this point and if we want to we can
support GPG in the future.
2025-12-08 11:13:50 -08:00
Michael Bolin
3c3d3d1adc
fix: add integration tests for codex-exec-mcp-server with execpolicy ( #7617 )
...
This PR introduces integration tests that run
[codex-shell-tool-mcp](https://www.npmjs.com/package/@openai/codex-shell-tool-mcp )
as a user would. Note that this requires running our fork of Bash, so we
introduce a [DotSlash](https://dotslash-cli.com/ ) file for `bash` so
that we can run the integration tests on multiple platforms without
having to check the binaries into the repository. (As noted in the
DotSlash file, it is slightly more heavyweight than necessary, which may
be worth addressing as disk space in CI is limited:
https://github.com/openai/codex/pull/7678 .)
To start, this PR adds two tests:
- `list_tools()` makes the `list_tools` request to the MCP server and
verifies we get the expected response
- `accept_elicitation_for_prompt_rule()` defines a `prefix_rule()` with
`decision="prompt"` and verifies the elicitation flow works as expected
Though the `accept_elicitation_for_prompt_rule()` test **only works on
Linux**, as this PR reveals that there are currently issues when running
the Bash fork in a read-only sandbox on Linux. This will have to be
fixed in a follow-up PR.
Incidentally, getting this test run to correctly on macOS also requires
a recent fix we made to `brew` that hasn't hit a mainline release yet,
so getting CI green in this PR required
https://github.com/openai/codex/pull/7680 .
2025-12-07 06:39:38 +00:00
Michael Bolin
3c087e8fda
fix: ensure macOS CI runners for Rust tests include recent Homebrew fixes ( #7680 )
...
As noted in the code comment, we introduced a key fix for `brew` in
https://github.com/Homebrew/brew/pull/21157 that Codex needs, but it has
not hit stable yet, so we update our CI job to use latest `brew` from
`origin/main`.
This is necessary for the new integration tests introduced in
https://github.com/openai/codex/pull/7617 .
2025-12-06 22:11:07 -08:00
Michael Bolin
7386e2efbc
fix: clear out space on ubuntu runners before running Rust tests ( #7678 )
...
When I put up https://github.com/openai/codex/pull/7617 for review,
initially I started seeing failures on the `ubuntu-24.04` runner used
for Rust test runs for the `x86_64-unknown-linux-gnu` architecture. Chat
suggested a number of things that could be removed to save space, which
seems to help.
2025-12-06 21:46:07 -08:00
Eric Traut
14df5c9492
Fixed CLA action to properly exempt dependabot ( #7429 )
2025-11-30 20:45:17 -08:00
jif-oai
865e225bde
tmp: drop flaky ubuntu ( #7300 )
2025-11-25 18:15:19 +00:00
jif-oai
d8a7a63959
fix: Drop MacOS 13 ( #7295 )
2025-11-25 16:25:44 +00:00
iceweasel-oai
99e5340c54
Windows Sandbox: treat <workspace_root>/.git as read-only in workspace-write mode ( #7142 )
...
this functionality is
[supported](https://github.com/openai/codex/blob/main/codex-rs/protocol/src/protocol.rs#L421-L422 )
in the MacOs sandbox as well. Adding it to Windows for parity
This PR also changes `rust-ci.yaml` to work around a github `hashFiles`
issue. Others have done something
[similar](https://github.com/openai/superassistant/pull/32156 ) today
2025-11-24 12:41:21 -08:00
Josh McKinney
ec49b56874
chore: add cargo-deny configuration ( #7119 )
...
- add GitHub workflow running cargo-deny on push/PR
- document cargo-deny allowlist with workspace-dep notes and advisory
ignores
- align workspace crates to inherit version/edition/license for
consistent checks
2025-11-24 12:22:18 -08:00
Eric Traut
2c885edefa
Added alternate form of dependabot to CLA allow list ( #7260 )
...
This fixes the CI check for CLA, which recently started to flag the
GitHub dependabot as "not having signed the CLA".
2025-11-24 12:04:27 -08:00
dependabot[bot]
6dd3606773
chore(deps): bump actions/checkout from 5 to 6 ( #7230 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5 to
6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases ">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc "><code>@salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248 ">actions/checkout#2248</a></li>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286 ">actions/checkout#2286</a></li>
<li>v6-beta by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2298 ">actions/checkout#2298</a></li>
<li>update readme/changelog for v6 by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2311 ">actions/checkout#2311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0 ">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0 </a></p>
<h2>v6-beta</h2>
<h2>What's Changed</h2>
<p>Updated persist-credentials to store the credentials under
<code>$RUNNER_TEMP</code> instead of directly in the local git
config.</p>
<p>This requires a minimum Actions Runner version of <a
href="https://github.com/actions/runner/releases/tag/v2.329.0 ">v2.329.0</a>
to access the persisted credentials for <a
href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action ">Docker
container action</a> scenarios.</p>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301 ">actions/checkout#2301</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5...v5.0.1 ">https://github.com/actions/checkout/compare/v5...v5.0.1 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md ">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>V6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286 ">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc "><code>@salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248 ">actions/checkout#2248</a></li>
</ul>
<h2>V5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301 ">actions/checkout#2301</a></li>
</ul>
<h2>V5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226 ">actions/checkout#2226</a></li>
</ul>
<h2>V4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple "><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305 ">actions/checkout#2305</a></li>
</ul>
<h2>V4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss "><code>@motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971 ">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail "><code>@mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977 ">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells "><code>@benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043 ">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044 ">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89 "><code>@nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194 ">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang "><code>@TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224 ">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236 ">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3 "><code>@jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941 ">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946 ">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy "><code>@orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924 ">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome "><code>@lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180 ">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777 ">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872 ">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739 ">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697 ">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy "><code>@orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774 ">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3 "><code>@jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776 ">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732 ">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703 ">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694 ">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696 ">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695 ">actions/checkout#1695</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1af3b93b68https://redirect.github.com/actions/checkout/issues/2311 ">#2311</a>)</li>
<li><a
href="71cf2267d8https://redirect.github.com/actions/checkout/issues/2298 ">#2298</a>)</li>
<li><a
href="069c695914https://redirect.github.com/actions/checkout/issues/2286 ">#2286</a>)</li>
<li><a
href="ff7abcd0c3https://redirect.github.com/actions/checkout/issues/2248 ">#2248</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/v5...v6 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-24 11:45:57 -08:00
dependabot[bot]
35850caff6
chore(deps): bump actions/upload-artifact from 4 to 5 ( #7229 )
...
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact )
from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases ">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p><strong>BREAKING CHANGE:</strong> this update supports Node
<code>v24.x</code>. This is not a breaking change per-se but we're
treating it as such.</p>
<ul>
<li>Update README.md by <a
href="https://github.com/GhadimiR "><code>@GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/681 ">actions/upload-artifact#681</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89 "><code>@nebuk89</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/712 ">actions/upload-artifact#712</a></li>
<li>Readme: spell out the first use of GHES by <a
href="https://github.com/danwkennedy "><code>@danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/727 ">actions/upload-artifact#727</a></li>
<li>Update GHES guidance to include reference to Node 20 version by <a
href="https://github.com/patrikpolyak "><code>@patrikpolyak</code></a>
in <a
href="https://redirect.github.com/actions/upload-artifact/pull/725 ">actions/upload-artifact#725</a></li>
<li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li>
<li>Prepare <code>v5.0.0</code> by <a
href="https://github.com/danwkennedy "><code>@danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/734 ">actions/upload-artifact#734</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/GhadimiR "><code>@GhadimiR</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/681 ">actions/upload-artifact#681</a></li>
<li><a href="https://github.com/nebuk89 "><code>@nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/712 ">actions/upload-artifact#712</a></li>
<li><a
href="https://github.com/danwkennedy "><code>@danwkennedy</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/727 ">actions/upload-artifact#727</a></li>
<li><a
href="https://github.com/patrikpolyak "><code>@patrikpolyak</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/725 ">actions/upload-artifact#725</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v5.0.0 ">https://github.com/actions/upload-artifact/compare/v4...v5.0.0 </a></p>
<h2>v4.6.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.3.2 package & prepare for new
upload-artifact release by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685 ">actions/upload-artifact#685</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc "><code>@salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685 ">actions/upload-artifact#685</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2 ">https://github.com/actions/upload-artifact/compare/v4...v4.6.2 </a></p>
<h2>v4.6.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.2.2 package by <a
href="https://github.com/yacaovsnc "><code>@yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/673 ">actions/upload-artifact#673</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.1 ">https://github.com/actions/upload-artifact/compare/v4...v4.6.1 </a></p>
<h2>v4.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Expose env vars to control concurrency and timeout by <a
href="https://github.com/yacaovsnc "><code>@yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/662 ">actions/upload-artifact#662</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.0 ">https://github.com/actions/upload-artifact/compare/v4...v4.6.0 </a></p>
<h2>v4.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: deprecated <code>Node.js</code> version in action by <a
href="https://github.com/hamirmahal "><code>@hamirmahal</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/578 ">actions/upload-artifact#578</a></li>
<li>Add new <code>artifact-digest</code> output by <a
href="https://github.com/bdehamer "><code>@bdehamer</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/656 ">actions/upload-artifact#656</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/hamirmahal "><code>@hamirmahal</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/578 ">actions/upload-artifact#578</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="330a01c490https://redirect.github.com/actions/upload-artifact/issues/734 ">#734</a>
from actions/danwkennedy/prepare-5.0.0</li>
<li><a
href="03f2824452905a1ecb592d9f9cdfa9https://redirect.github.com/actions/upload-artifact/issues/725 ">#725</a>
from patrikpolyak/patch-1</li>
<li><a
href="9687587dec2848b2cda0https://redirect.github.com/actions/upload-artifact/issues/727 ">#727</a>
from danwkennedy/patch-1</li>
<li><a
href="9b511775fdcd231ca1edde65e23aa2https://redirect.github.com/actions/upload-artifact/issues/712 ">#712</a>
from actions/nebuk89-patch-1</li>
<li><a
href="8747d8cd76https://github.com/actions/upload-artifact/compare/v4...v5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-24 11:45:29 -08:00
Michael Bolin
af63e6eccc
fix: start publishing @openai/codex-shell-tool-mcp to npm ( #7123 )
...
Start publishing as part of the normal release process.
2025-11-21 15:03:50 -08:00
Michael Bolin
40d14c0756
fix: clear out duplicate entries for bash in the GitHub release ( #7103 )
...
https://github.com/openai/codex/pull/7005 introduced a new part of the
release process that added multiple files named `bash` in the `dist/`
folder used as the basis of the GitHub Release. I believe that all file
names in a GitHub Release have to be unique, which is why the recent
release build failed:
https://github.com/openai/codex/actions/runs/19577669780/job/56070183504
Based on the output of the **List** step, I believe these are the
appropriate artifacts to delete as a quick fix.
2025-11-21 09:59:30 -08:00
Michael Bolin
d363a0968e
feat: codex-shell-tool-mcp ( #7005 )
...
This adds a GitHub workflow for building a new npm module we are
experimenting with that contains an MCP server for running Bash
commands. The new workflow, `shell-tool-mcp`, is a dependency of the
general `release` workflow so that we continue to use one version number
for all artifacts across the project in one GitHub release.
`.github/workflows/shell-tool-mcp.yml` is the primary workflow
introduced by this PR, which does the following:
- builds the `codex-exec-mcp-server` and `codex-execve-wrapper`
executables for both arm64 and x64 versions of Mac and Linux (preferring
the MUSL version for Linux)
- builds Bash (dynamically linked) for a [comically] large number of
platforms (both x64 and arm64 for most) with a small patch specified by
`shell-tool-mcp/patches/bash-exec-wrapper.patch`:
- `debian-11`
- `debian-12`
- `ubuntu-20.04`
- `ubuntu-22.04`
- `ubuntu-24.04`
- `centos-9`
- `macos-13` (x64 only)
- `macos-14` (arm64 only)
- `macos-15` (arm64 only)
- builds the TypeScript for the [new] Node module declared in the
`shell-tool-mcp/` folder, which creates `bin/mcp-server.js`
- adds all of the native binaries to `shell-tool-mcp/vendor/` folder;
`bin/mcp-server.js` does a runtime check to determine which ones to
execute
- uses `npm pack` to create the `.tgz` for the module
- if `publish: true` is set, invokes the `npm publish` call with the
`.tgz`
The justification for building Bash for so many different operating
systems is because, since it is dynamically linked, we want to increase
our confidence that the version we build is compatible with the glibc
whatever OS we end up running on. (Note this is less of a concern with
`codex-exec-mcp-server` and `codex-execve-wrapper` on Linux, as they are
statically linked.)
This PR also introduces the code for the npm module in `shell-tool-mcp/`
(the proposed module name is `@openai/codex-shell-tool-mcp`). Initially,
I intended the module to be a single file of vanilla JavaScript (like
[`codex-cli/bin/codex.js`](ab5972d447/codex-cli/bin/codex.jshttps://github.com/bolinfest/codex/actions/runs/19564311320
Admittedly, the graph looks a bit wild now:
<img width="5115" height="2969" alt="Screenshot 2025-11-20 at 11 44
58 PM"
src="https://github.com/user-attachments/assets/cc5ef306-efc1-4ed7-a137-5347e394f393 "
/>
But when it finished, I was able to download `codex-shell-tool-mcp-npm`
from the **Artifacts** for the workflow in an empty temp directory,
unzip the `.zip` and then the `.tgz` inside it, followed by `xattr -rc
.` to remove the quarantine bits. Then I ran:
```shell
npx @modelcontextprotocol/inspector node /private/tmp/foobar4/package/bin/mcp-server.js
```
which launched the MCP Inspector and I was able to use it as expected!
This bodes well that this should work once the package is published to
npm:
```shell
npx @modelcontextprotocol/inspector npx @openai/codex-shell-tool-mcp
```
Also, to verify the package contains what I expect:
```shell
/tmp/foobar4/package$ tree
.
├── bin
│ └── mcp-server.js
├── package.json
├── README.md
└── vendor
├── aarch64-apple-darwin
│ ├── bash
│ │ ├── macos-14
│ │ │ └── bash
│ │ └── macos-15
│ │ └── bash
│ ├── codex-exec-mcp-server
│ └── codex-execve-wrapper
├── aarch64-unknown-linux-musl
│ ├── bash
│ │ ├── centos-9
│ │ │ └── bash
│ │ ├── debian-11
│ │ │ └── bash
│ │ ├── debian-12
│ │ │ └── bash
│ │ ├── ubuntu-20.04
│ │ │ └── bash
│ │ ├── ubuntu-22.04
│ │ │ └── bash
│ │ └── ubuntu-24.04
│ │ └── bash
│ ├── codex-exec-mcp-server
│ └── codex-execve-wrapper
├── x86_64-apple-darwin
│ ├── bash
│ │ └── macos-13
│ │ └── bash
│ ├── codex-exec-mcp-server
│ └── codex-execve-wrapper
└── x86_64-unknown-linux-musl
├── bash
│ ├── centos-9
│ │ └── bash
│ ├── debian-11
│ │ └── bash
│ ├── debian-12
│ │ └── bash
│ ├── ubuntu-20.04
│ │ └── bash
│ ├── ubuntu-22.04
│ │ └── bash
│ └── ubuntu-24.04
│ └── bash
├── codex-exec-mcp-server
└── codex-execve-wrapper
26 directories, 26 files
```
2025-11-21 08:16:36 -08:00
Eric Traut
b315b22f7b
Fixed the deduplicator github action ( #7070 )
...
It stopped working (found zero duplicates) starting three days ago when
the model was switched from `gpt-5` to `gpt-5.1`. I'm not sure why it
stopped working. This is an attempt to get it working again by using the
default model for the codex action (which is presumably
`gpt-5.1-codex-max`).
2025-11-20 22:46:55 -08:00
Ahmed Ibrahim
ddcc60a085
Update defaults to gpt-5.1 ( #6652 )
...
## Summary
- update documentation, example configs, and automation defaults to
reference gpt-5.1 / gpt-5.1-codex
- bump the CLI and core configuration defaults, model presets, and error
messaging to the new models while keeping the model-family/tool coverage
for legacy slugs
- refresh tests, fixtures, and TUI snapshots so they expect the upgraded
defaults
## Testing
- `cargo test -p codex-core
config::tests::test_precedence_fixture_with_gpt5_profile`
------
[Codex
Task](https://chatgpt.com/codex/tasks/task_i_6916c5b3c2b08321ace04ee38604fc6b )
2025-11-17 17:40:11 -08:00
jif-oai
98a90a3bb2
tmp: drop sccache for windows 2 ( #6775 )
2025-11-17 16:39:15 +00:00
Eric Traut
a52cf4d2b4
Exempt the "codex" github user from signing the CLA ( #6724 )
...
This fixes bug #6697
2025-11-16 20:49:31 -08:00
dependabot[bot]
e70c52a3af
chore(deps): bump actions/github-script from 7 to 8 ( #6755 )
...
Bumps [actions/github-script](https://github.com/actions/github-script )
from 7 to 8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases ">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update Node.js version support to 24.x by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/637 ">actions/github-script#637</a></li>
<li>README for updating actions/github-script from v7 to v8 by <a
href="https://github.com/sneha-krip "><code>@sneha-krip</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/653 ">actions/github-script#653</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p><strong>v2.327.1</strong><br />
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1 ">Release
Notes</a></p>
<p>Make sure your runner is updated to this version or newer to use this
release.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc "><code>@salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/637 ">actions/github-script#637</a></li>
<li><a
href="https://github.com/sneha-krip "><code>@sneha-krip</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/653 ">actions/github-script#653</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v7.1.0...v8.0.0 ">https://github.com/actions/github-script/compare/v7.1.0...v8.0.0 </a></p>
<h2>v7.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade husky to v9 by <a
href="https://github.com/benelan "><code>@benelan</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/482 ">actions/github-script#482</a></li>
<li>Add workflow file for publishing releases to immutable action
package by <a
href="https://github.com/Jcambass "><code>@Jcambass</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/485 ">actions/github-script#485</a></li>
<li>Upgrade IA Publish by <a
href="https://github.com/Jcambass "><code>@Jcambass</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/486 ">actions/github-script#486</a></li>
<li>Fix workflow status badges by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/497 ">actions/github-script#497</a></li>
<li>Update usage of <code>actions/upload-artifact</code> by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/512 ">actions/github-script#512</a></li>
<li>Clear up package name confusion by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/514 ">actions/github-script#514</a></li>
<li>Update dependencies with <code>npm audit fix</code> by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/515 ">actions/github-script#515</a></li>
<li>Specify that the used script is JavaScript by <a
href="https://github.com/timotk "><code>@timotk</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/478 ">actions/github-script#478</a></li>
<li>chore: Add Dependabot for NPM and Actions by <a
href="https://github.com/nschonni "><code>@nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/472 ">actions/github-script#472</a></li>
<li>Define <code>permissions</code> in workflows and update actions by
<a href="https://github.com/joshmgross "><code>@joshmgross</code></a> in
<a
href="https://redirect.github.com/actions/github-script/pull/531 ">actions/github-script#531</a></li>
<li>chore: Add Dependabot for .github/actions/install-dependencies by <a
href="https://github.com/nschonni "><code>@nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/532 ">actions/github-script#532</a></li>
<li>chore: Remove .vscode settings by <a
href="https://github.com/nschonni "><code>@nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/533 ">actions/github-script#533</a></li>
<li>ci: Use github/setup-licensed by <a
href="https://github.com/nschonni "><code>@nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/473 ">actions/github-script#473</a></li>
<li>make octokit instance available as octokit on top of github, to make
it easier to seamlessly copy examples from GitHub rest api or octokit
documentations by <a
href="https://github.com/iamstarkov "><code>@iamstarkov</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/508 ">actions/github-script#508</a></li>
<li>Remove <code>octokit</code> README updates for v7 by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/557 ">actions/github-script#557</a></li>
<li>docs: add "exec" usage examples by <a
href="https://github.com/neilime "><code>@neilime</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/546 ">actions/github-script#546</a></li>
<li>Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/github-script/pull/563 ">actions/github-script#563</a></li>
<li>Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/github-script/pull/575 ">actions/github-script#575</a></li>
<li>Clearly document passing inputs to the <code>script</code> by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/603 ">actions/github-script#603</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89 "><code>@nebuk89</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/610 ">actions/github-script#610</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/benelan "><code>@benelan</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/482 ">actions/github-script#482</a></li>
<li><a href="https://github.com/Jcambass "><code>@Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/485 ">actions/github-script#485</a></li>
<li><a href="https://github.com/timotk "><code>@timotk</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/478 ">actions/github-script#478</a></li>
<li><a
href="https://github.com/iamstarkov "><code>@iamstarkov</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/508 ">actions/github-script#508</a></li>
<li><a href="https://github.com/neilime "><code>@neilime</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/546 ">actions/github-script#546</a></li>
<li><a href="https://github.com/nebuk89 "><code>@nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/610 ">actions/github-script#610</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v7...v7.1.0 ">https://github.com/actions/github-script/compare/v7...v7.1.0 </a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ed597411d8https://redirect.github.com/actions/github-script/issues/653 ">#653</a>
from actions/sneha-krip/readme-for-v8</li>
<li><a
href="2dc352e4ba01e118c8d08b222ac82ehttps://github.com/salmanmkc "><code>@salmanmkc</code></a></li>
<li><a
href="adc0eeac9920fe497b3fhttps://redirect.github.com/actions/github-script/issues/637 ">#637</a>
from actions/node24</li>
<li><a
href="e7b7f222b12c81ba05f3https://github.com/actions/github-script/compare/v7...v8 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-16 19:53:19 -08:00
Eric Traut
fa5f6e76c9
Revert "tmp: drop sccache for windows ( #6673 )" ( #6751 )
...
This reverts commit 4719cba19a
2025-11-16 18:37:12 -08:00
Ahmed Ibrahim
b560c5cef1
Revert "templates and build step for validating/submitting winget package" ( #6696 )
...
Reverts openai/codex#6485
2025-11-15 03:47:58 +00:00
Josh McKinney
4ae986967c
ci: only run CLA assistant for openai org repos ( #6687 )
...
This prevents notifications coming from PRs on forked repos
2025-11-14 17:34:14 -08:00
iceweasel-oai
37fba28ac3
templates and build step for validating/submitting winget package ( #6485 )
2025-11-14 11:06:44 -08:00
jif-oai
4719cba19a
tmp: drop sccache for windows ( #6673 )
2025-11-14 17:29:05 +01:00
pakrym-oai
547be54ee8
Only list failed tests ( #6619 )
...
Makes output easier to parse
2025-11-13 13:50:33 -08:00
pakrym-oai
c95bd345ea
Enable close-stale-contributor-prs.yml workflow ( #6615 )
...
Tested on https://github.com/openai/codex/pull/3036
2025-11-13 11:50:54 -08:00
pakrym-oai
6cda3de3a4
Close stale PRs workflow ( #6594 )
...
Closes stale PRs from OpenAI employees.
2025-11-13 10:01:51 -08:00
iceweasel-oai
9aff64e017
upload Windows .exe file artifacts for CLI releases ( #6478 )
...
This PR is to unlock future WinGet installation. WinGet struggles to
create command aliases when installing from nested ZIPs on some clients,
so adding raw Windows x64/Arm64 executables lets the manifest use
InstallerType: portable with direct EXEs, which reliably registers the
codex alias. This makes “winget install → codex” work out of the box
without PATH changes.
---------
Co-authored-by: Michael Bolin <mbolin@openai.com>
2025-11-10 23:31:06 +00:00
Eric Traut
5916153157
Don't lock PRs that have been closed without merging ( #6422 )
...
The CLA action is designed to automatically lock a PR when it is closed.
This preserves the CLA agreement statements, preventing the contributor
from deleting them after the fact. However, this action is currently
locking PRs that are closed without merging. I'd like to keep such PRs
open so the contributor can respond with additional comments. I'm
currently manually unlocking PRs that I close, but I'd like to eliminate
this manual step.
2025-11-10 08:46:11 -08:00
dependabot[bot]
082d2fa19a
chore(deps): bump taiki-e/install-action from 2.60.0 to 2.62.49 ( #6438 )
...
Bumps
[taiki-e/install-action](https://github.com/taiki-e/install-action ) from
2.60.0 to 2.62.49.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/releases ">taiki-e/install-action's
releases</a>.</em></p>
<blockquote>
<h2>2.62.49</h2>
<ul>
<li>
<p>Update <code>cargo-binstall@latest</code> to 1.15.11.</p>
</li>
<li>
<p>Update <code>cargo-auditable@latest</code> to 0.7.2.</p>
</li>
<li>
<p>Update <code>vacuum@latest</code> to 0.20.2.</p>
</li>
</ul>
<h2>2.62.48</h2>
<ul>
<li>
<p>Update <code>mise@latest</code> to 2025.11.3.</p>
</li>
<li>
<p>Update <code>cargo-audit@latest</code> to 0.22.0.</p>
</li>
<li>
<p>Update <code>vacuum@latest</code> to 0.20.1.</p>
</li>
<li>
<p>Update <code>uv@latest</code> to 0.9.8.</p>
</li>
<li>
<p>Update <code>cargo-udeps@latest</code> to 0.1.60.</p>
</li>
<li>
<p>Update <code>zizmor@latest</code> to 1.16.3.</p>
</li>
</ul>
<h2>2.62.47</h2>
<ul>
<li>
<p>Update <code>vacuum@latest</code> to 0.20.0.</p>
</li>
<li>
<p>Update <code>cargo-nextest@latest</code> to 0.9.111.</p>
</li>
<li>
<p>Update <code>cargo-shear@latest</code> to 1.6.2.</p>
</li>
</ul>
<h2>2.62.46</h2>
<ul>
<li>
<p>Update <code>vacuum@latest</code> to 0.19.5.</p>
</li>
<li>
<p>Update <code>syft@latest</code> to 1.37.0.</p>
</li>
<li>
<p>Update <code>mise@latest</code> to 2025.11.2.</p>
</li>
<li>
<p>Update <code>knope@latest</code> to 0.21.5.</p>
</li>
</ul>
<h2>2.62.45</h2>
<ul>
<li>
<p>Update <code>zizmor@latest</code> to 1.16.2.</p>
</li>
<li>
<p>Update <code>cargo-binstall@latest</code> to 1.15.10.</p>
</li>
<li>
<p>Update <code>ubi@latest</code> to 0.8.4.</p>
</li>
<li>
<p>Update <code>mise@latest</code> to 2025.11.1.</p>
</li>
<li>
<p>Update <code>cargo-semver-checks@latest</code> to 0.45.0.</p>
</li>
</ul>
<h2>2.62.44</h2>
<ul>
<li>Update <code>mise@latest</code> to 2025.11.0.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md ">taiki-e/install-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>This project adheres to <a href="https://semver.org ">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased]</h2>
<h2>[2.62.49] - 2025-11-09</h2>
<ul>
<li>
<p>Update <code>cargo-binstall@latest</code> to 1.15.11.</p>
</li>
<li>
<p>Update <code>cargo-auditable@latest</code> to 0.7.2.</p>
</li>
<li>
<p>Update <code>vacuum@latest</code> to 0.20.2.</p>
</li>
</ul>
<h2>[2.62.48] - 2025-11-08</h2>
<ul>
<li>
<p>Update <code>mise@latest</code> to 2025.11.3.</p>
</li>
<li>
<p>Update <code>cargo-audit@latest</code> to 0.22.0.</p>
</li>
<li>
<p>Update <code>vacuum@latest</code> to 0.20.1.</p>
</li>
<li>
<p>Update <code>uv@latest</code> to 0.9.8.</p>
</li>
<li>
<p>Update <code>cargo-udeps@latest</code> to 0.1.60.</p>
</li>
<li>
<p>Update <code>zizmor@latest</code> to 1.16.3.</p>
</li>
</ul>
<h2>[2.62.47] - 2025-11-05</h2>
<ul>
<li>
<p>Update <code>vacuum@latest</code> to 0.20.0.</p>
</li>
<li>
<p>Update <code>cargo-nextest@latest</code> to 0.9.111.</p>
</li>
<li>
<p>Update <code>cargo-shear@latest</code> to 1.6.2.</p>
</li>
</ul>
<h2>[2.62.46] - 2025-11-04</h2>
<ul>
<li>
<p>Update <code>vacuum@latest</code> to 0.19.5.</p>
</li>
<li>
<p>Update <code>syft@latest</code> to 1.37.0.</p>
</li>
<li>
<p>Update <code>mise@latest</code> to 2025.11.2.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="44c6d64aa63a701df4c24242e04eb83df5533ef8e797ba6a25bcf91e02ace78113b60c0ef486444e5eda7b19853853a413e60c5db7f7f8...44c6d64aa6https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=taiki-e/install-action&package-manager=github_actions&previous-version=2.60.0&new-version=2.62.49 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-09 22:00:08 -08:00
dependabot[bot]
7c7c7567d5
chore(deps): bump codespell-project/actions-codespell from 2.1 to 2.2 ( #6437 )
...
Bumps
[codespell-project/actions-codespell](https://github.com/codespell-project/actions-codespell )
from 2.1 to 2.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codespell-project/actions-codespell/releases ">codespell-project/actions-codespell's
releases</a>.</em></p>
<blockquote>
<h2>v2.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Add the config file option and tests by <a
href="https://github.com/rdimaio "><code>@rdimaio</code></a> in <a
href="https://redirect.github.com/codespell-project/actions-codespell/pull/80 ">codespell-project/actions-codespell#80</a></li>
<li>Use <code>pip install</code> with <code>--no-cache-dir</code> in the
Dockerfile by <a
href="https://github.com/PeterDaveHello "><code>@PeterDaveHello</code></a>
in <a
href="https://redirect.github.com/codespell-project/actions-codespell/pull/89 ">codespell-project/actions-codespell#89</a></li>
<li>Upgrade to Python 3.13 by <a
href="https://github.com/candrews "><code>@candrews</code></a> in <a
href="https://redirect.github.com/codespell-project/actions-codespell/pull/82 ">codespell-project/actions-codespell#82</a></li>
<li>Add checkout action and problem matcher to README by <a
href="https://github.com/vadi2 "><code>@vadi2</code></a> in <a
href="https://redirect.github.com/codespell-project/actions-codespell/pull/32 ">codespell-project/actions-codespell#32</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/rdimaio "><code>@rdimaio</code></a> made
their first contribution in <a
href="https://redirect.github.com/codespell-project/actions-codespell/pull/80 ">codespell-project/actions-codespell#80</a></li>
<li><a
href="https://github.com/PeterDaveHello "><code>@PeterDaveHello</code></a>
made their first contribution in <a
href="https://redirect.github.com/codespell-project/actions-codespell/pull/89 ">codespell-project/actions-codespell#89</a></li>
<li><a href="https://github.com/candrews "><code>@candrews</code></a>
made their first contribution in <a
href="https://redirect.github.com/codespell-project/actions-codespell/pull/82 ">codespell-project/actions-codespell#82</a></li>
<li><a href="https://github.com/vadi2 "><code>@vadi2</code></a> made
their first contribution in <a
href="https://redirect.github.com/codespell-project/actions-codespell/pull/32 ">codespell-project/actions-codespell#32</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codespell-project/actions-codespell/compare/v2...v2.2 ">https://github.com/codespell-project/actions-codespell/compare/v2...v2.2 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8f01853be123a4abea24https://redirect.github.com/codespell-project/actions-codespell/issues/32 ">#32</a>)</li>
<li><a
href="906f13fba1https://redirect.github.com/codespell-project/actions-codespell/issues/82 ">#82</a>)</li>
<li><a
href="df0bba344dhttps://redirect.github.com/codespell-project/actions-codespell/issues/85 ">#85</a>)</li>
<li><a
href="c460eef33ehttps://redirect.github.com/codespell-project/actions-codespell/issues/89 ">#89</a>)</li>
<li><a
href="037a23a348https://redirect.github.com/codespell-project/actions-codespell/issues/80 ">#80</a>)</li>
<li><a
href="8d1a4b1bd9https://redirect.github.com/codespell-project/actions-codespell/issues/92 ">#92</a>)</li>
<li><a
href="71286cb40fhttps://redirect.github.com/codespell-project/actions-codespell/issues/91 ">#91</a>)</li>
<li><a
href="fad9339798https://redirect.github.com/codespell-project/actions-codespell/issues/84 ">#84</a>)</li>
<li>See full diff in <a
href="406322ec52...8f01853be1https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codespell-project/actions-codespell&package-manager=github_actions&previous-version=2.1&new-version=2.2 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-09 21:58:51 -08:00
Eric Traut
039a4b070e
Updated the AI labeler rules to match the most recent issue tracker labels ( #6347 )
...
This PR updates the AI prompt used for the workflow that adds automated
labels to incoming issues. I've been updating and refining the list of
labels as I work through the issue backlog, and the old prompt was
becoming somewhat outdated.
2025-11-06 16:02:12 -08:00
Dylan Hurd
3a22018edd
Revert "fix: pin musl 1.2.5 for DNS fixes" ( #6222 )
...
Reverts openai/codex#6189
2025-11-04 11:56:40 -08:00
Dylan Hurd
cb6584de46
fix: pin musl 1.2.5 for DNS fixes ( #6189 )
...
## Summary
musl 1.2.5 includes [several fixes to DNS over
TCP](https://www.openwall.com/lists/musl/2024/03/01/2 ), which appears to
be the root cause of #6116 .
This approach is a bit janky, but according to codex:
> On the Ubuntu 24.04 runners we use, apt-cache policy musl-tools shows
only the distro build (1.2.4-2ubuntu2)"
We should build with this version and confirm.
## Testing
- [ ] TODO: test and see if this fixes Azure issues
2025-11-04 09:17:16 -08:00
dependabot[bot]
f5945d7c03
chore(deps): bump actions/upload-artifact from 4 to 5 ( #6137 )
...
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact )
from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases ">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p><strong>BREAKING CHANGE:</strong> this update supports Node
<code>v24.x</code>. This is not a breaking change per-se but we're
treating it as such.</p>
<ul>
<li>Update README.md by <a
href="https://github.com/GhadimiR "><code>@GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/681 ">actions/upload-artifact#681</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89 "><code>@nebuk89</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/712 ">actions/upload-artifact#712</a></li>
<li>Readme: spell out the first use of GHES by <a
href="https://github.com/danwkennedy "><code>@danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/727 ">actions/upload-artifact#727</a></li>
<li>Update GHES guidance to include reference to Node 20 version by <a
href="https://github.com/patrikpolyak "><code>@patrikpolyak</code></a>
in <a
href="https://redirect.github.com/actions/upload-artifact/pull/725 ">actions/upload-artifact#725</a></li>
<li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li>
<li>Prepare <code>v5.0.0</code> by <a
href="https://github.com/danwkennedy "><code>@danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/734 ">actions/upload-artifact#734</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/GhadimiR "><code>@GhadimiR</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/681 ">actions/upload-artifact#681</a></li>
<li><a href="https://github.com/nebuk89 "><code>@nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/712 ">actions/upload-artifact#712</a></li>
<li><a
href="https://github.com/danwkennedy "><code>@danwkennedy</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/727 ">actions/upload-artifact#727</a></li>
<li><a
href="https://github.com/patrikpolyak "><code>@patrikpolyak</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/725 ">actions/upload-artifact#725</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v5.0.0 ">https://github.com/actions/upload-artifact/compare/v4...v5.0.0 </a></p>
<h2>v4.6.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.3.2 package & prepare for new
upload-artifact release by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685 ">actions/upload-artifact#685</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc "><code>@salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685 ">actions/upload-artifact#685</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2 ">https://github.com/actions/upload-artifact/compare/v4...v4.6.2 </a></p>
<h2>v4.6.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.2.2 package by <a
href="https://github.com/yacaovsnc "><code>@yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/673 ">actions/upload-artifact#673</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.1 ">https://github.com/actions/upload-artifact/compare/v4...v4.6.1 </a></p>
<h2>v4.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Expose env vars to control concurrency and timeout by <a
href="https://github.com/yacaovsnc "><code>@yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/662 ">actions/upload-artifact#662</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.0 ">https://github.com/actions/upload-artifact/compare/v4...v4.6.0 </a></p>
<h2>v4.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: deprecated <code>Node.js</code> version in action by <a
href="https://github.com/hamirmahal "><code>@hamirmahal</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/578 ">actions/upload-artifact#578</a></li>
<li>Add new <code>artifact-digest</code> output by <a
href="https://github.com/bdehamer "><code>@bdehamer</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/656 ">actions/upload-artifact#656</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/hamirmahal "><code>@hamirmahal</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/578 ">actions/upload-artifact#578</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="330a01c490https://redirect.github.com/actions/upload-artifact/issues/734 ">#734</a>
from actions/danwkennedy/prepare-5.0.0</li>
<li><a
href="03f2824452905a1ecb592d9f9cdfa9https://redirect.github.com/actions/upload-artifact/issues/725 ">#725</a>
from patrikpolyak/patch-1</li>
<li><a
href="9687587dec2848b2cda0https://redirect.github.com/actions/upload-artifact/issues/727 ">#727</a>
from danwkennedy/patch-1</li>
<li><a
href="9b511775fdcd231ca1edde65e23aa2https://redirect.github.com/actions/upload-artifact/issues/712 ">#712</a>
from actions/nebuk89-patch-1</li>
<li><a
href="8747d8cd76https://github.com/actions/upload-artifact/compare/v4...v5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-02 20:38:45 -08:00
dependabot[bot]
01ca2b5df6
chore(deps): bump actions/checkout from 4 to 5 ( #4800 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to
5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases ">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226 ">actions/checkout#2226</a></li>
<li>Prepare v5.0.0 release by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2238 ">actions/checkout#2238</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p><strong>v2.327.1</strong><br />
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1 ">Release
Notes</a></p>
<p>Make sure your runner is updated to this version or newer to use this
release.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4...v5.0.0 ">https://github.com/actions/checkout/compare/v4...v5.0.0 </a></p>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss "><code>@motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971 ">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail "><code>@mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977 ">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells "><code>@benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043 ">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044 ">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89 "><code>@nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194 ">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang "><code>@TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224 ">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236 ">actions/checkout#2236</a></li>
<li>Prepare release v4.3.0 by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2237 ">actions/checkout#2237</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/motss "><code>@motss</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1971 ">actions/checkout#1971</a></li>
<li><a href="https://github.com/mouismail "><code>@mouismail</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1977 ">actions/checkout#1977</a></li>
<li><a href="https://github.com/benwells "><code>@benwells</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2043 ">actions/checkout#2043</a></li>
<li><a href="https://github.com/nebuk89 "><code>@nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2194 ">actions/checkout#2194</a></li>
<li><a href="https://github.com/salmanmkc "><code>@salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2236 ">actions/checkout#2236</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4...v4.3.0 ">https://github.com/actions/checkout/compare/v4...v4.3.0 </a></p>
<h2>v4.2.2</h2>
<h2>What's Changed</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3 "><code>@jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941 ">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946 ">actions/checkout#1946</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2 ">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2 </a></p>
<h2>v4.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy "><code>@orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924 ">actions/checkout#1924</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Jcambass "><code>@Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1919 ">actions/checkout#1919</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1 ">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1 </a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md ">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>V5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226 ">actions/checkout#2226</a></li>
</ul>
<h2>V4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss "><code>@motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971 ">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail "><code>@mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977 ">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells "><code>@benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043 ">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044 ">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89 "><code>@nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194 ">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang "><code>@TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224 ">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236 ">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3 "><code>@jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941 ">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946 ">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy "><code>@orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924 ">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome "><code>@lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180 ">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777 ">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872 ">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739 ">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697 ">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy "><code>@orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774 ">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3 "><code>@jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776 ">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732 ">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703 ">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694 ">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696 ">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695 ">actions/checkout#1695</a></li>
<li>README: Suggest <code>user.email</code> to be
<code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1707 ">actions/checkout#1707</a></li>
</ul>
<h2>v4.1.4</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3 "><code>@jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692 ">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller "><code>@cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688 ">actions/checkout#1688</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693 ">actions/checkout#1693</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643 ">actions/checkout#1643</a></li>
</ul>
<h2>v4.1.3</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="08c6903cd8https://redirect.github.com/actions/checkout/issues/2238 ">#2238</a>)</li>
<li><a
href="9f265659d3https://redirect.github.com/actions/checkout/issues/2226 ">#2226</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/v4...v5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-31 09:57:07 -07:00
dependabot[bot]
368f7adfc6
chore(deps): bump actions/github-script from 7 to 8 ( #4801 )
...
Bumps [actions/github-script](https://github.com/actions/github-script )
from 7 to 8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases ">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update Node.js version support to 24.x by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/637 ">actions/github-script#637</a></li>
<li>README for updating actions/github-script from v7 to v8 by <a
href="https://github.com/sneha-krip "><code>@sneha-krip</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/653 ">actions/github-script#653</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p><strong>v2.327.1</strong><br />
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1 ">Release
Notes</a></p>
<p>Make sure your runner is updated to this version or newer to use this
release.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc "><code>@salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/637 ">actions/github-script#637</a></li>
<li><a
href="https://github.com/sneha-krip "><code>@sneha-krip</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/653 ">actions/github-script#653</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v7.1.0...v8.0.0 ">https://github.com/actions/github-script/compare/v7.1.0...v8.0.0 </a></p>
<h2>v7.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade husky to v9 by <a
href="https://github.com/benelan "><code>@benelan</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/482 ">actions/github-script#482</a></li>
<li>Add workflow file for publishing releases to immutable action
package by <a
href="https://github.com/Jcambass "><code>@Jcambass</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/485 ">actions/github-script#485</a></li>
<li>Upgrade IA Publish by <a
href="https://github.com/Jcambass "><code>@Jcambass</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/486 ">actions/github-script#486</a></li>
<li>Fix workflow status badges by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/497 ">actions/github-script#497</a></li>
<li>Update usage of <code>actions/upload-artifact</code> by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/512 ">actions/github-script#512</a></li>
<li>Clear up package name confusion by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/514 ">actions/github-script#514</a></li>
<li>Update dependencies with <code>npm audit fix</code> by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/515 ">actions/github-script#515</a></li>
<li>Specify that the used script is JavaScript by <a
href="https://github.com/timotk "><code>@timotk</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/478 ">actions/github-script#478</a></li>
<li>chore: Add Dependabot for NPM and Actions by <a
href="https://github.com/nschonni "><code>@nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/472 ">actions/github-script#472</a></li>
<li>Define <code>permissions</code> in workflows and update actions by
<a href="https://github.com/joshmgross "><code>@joshmgross</code></a> in
<a
href="https://redirect.github.com/actions/github-script/pull/531 ">actions/github-script#531</a></li>
<li>chore: Add Dependabot for .github/actions/install-dependencies by <a
href="https://github.com/nschonni "><code>@nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/532 ">actions/github-script#532</a></li>
<li>chore: Remove .vscode settings by <a
href="https://github.com/nschonni "><code>@nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/533 ">actions/github-script#533</a></li>
<li>ci: Use github/setup-licensed by <a
href="https://github.com/nschonni "><code>@nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/473 ">actions/github-script#473</a></li>
<li>make octokit instance available as octokit on top of github, to make
it easier to seamlessly copy examples from GitHub rest api or octokit
documentations by <a
href="https://github.com/iamstarkov "><code>@iamstarkov</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/508 ">actions/github-script#508</a></li>
<li>Remove <code>octokit</code> README updates for v7 by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/557 ">actions/github-script#557</a></li>
<li>docs: add "exec" usage examples by <a
href="https://github.com/neilime "><code>@neilime</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/546 ">actions/github-script#546</a></li>
<li>Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/github-script/pull/563 ">actions/github-script#563</a></li>
<li>Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/github-script/pull/575 ">actions/github-script#575</a></li>
<li>Clearly document passing inputs to the <code>script</code> by <a
href="https://github.com/joshmgross "><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/603 ">actions/github-script#603</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89 "><code>@nebuk89</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/610 ">actions/github-script#610</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/benelan "><code>@benelan</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/482 ">actions/github-script#482</a></li>
<li><a href="https://github.com/Jcambass "><code>@Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/485 ">actions/github-script#485</a></li>
<li><a href="https://github.com/timotk "><code>@timotk</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/478 ">actions/github-script#478</a></li>
<li><a
href="https://github.com/iamstarkov "><code>@iamstarkov</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/508 ">actions/github-script#508</a></li>
<li><a href="https://github.com/neilime "><code>@neilime</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/546 ">actions/github-script#546</a></li>
<li><a href="https://github.com/nebuk89 "><code>@nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/610 ">actions/github-script#610</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v7...v7.1.0 ">https://github.com/actions/github-script/compare/v7...v7.1.0 </a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ed597411d8https://redirect.github.com/actions/github-script/issues/653 ">#653</a>
from actions/sneha-krip/readme-for-v8</li>
<li><a
href="2dc352e4ba01e118c8d08b222ac82ehttps://github.com/salmanmkc "><code>@salmanmkc</code></a></li>
<li><a
href="adc0eeac9920fe497b3fhttps://redirect.github.com/actions/github-script/issues/637 ">#637</a>
from actions/node24</li>
<li><a
href="e7b7f222b12c81ba05f3https://github.com/actions/github-script/compare/v7...v8 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-31 09:56:33 -07:00
Ahmed Ibrahim
e3f913f567
revert #5812 release file ( #5887 )
...
revert #5812 release file
2025-10-28 20:06:16 +00:00
jif-oai
7ff142d93f
chore: speed-up pipeline ( #5812 )
...
Speed-up pipeline by:
* Decoupling tests and clippy
* Use pre-built binary in tests
* `sccache` for caching of the builds
2025-10-28 14:08:52 +00:00
Javi
df15a2f6ef
chore(ci): Speed up macOS builds by using larger runner ( #5234 )
...
Saves about 2min per build
https://github.com/openai/codex/actions/runs/18544852356/job/52860637804
vs
https://github.com/openai/codex/actions/runs/18545106208/job/52861427485
2025-10-20 23:47:38 +00:00
pakrym-oai
7d6e318f87
Reduce symbol size for tests ( #5389 )
...
Test executables were huge because of detailed debugging symbols. Switch
to less rich debugging symbols.
2025-10-20 14:52:37 -07:00
Javi
fc1723f131
Revert "feat(CI): Allow running rust-release manually and in dry-run mode ( #5232 )" ( #5266 )
...
This reverts commit 5fa7844ad7
2025-10-16 21:58:44 +00:00
Javi
5fa7844ad7
feat(CI): Allow running rust-release manually and in dry-run mode ( #5232 )
...
Example:
https://github.com/openai/codex/actions/runs/18544852356/job/52860637804
2025-10-15 23:50:18 +00:00
Javi
84c9b574f9
feat(releases): Add macOS notarization step to release workflow ( #5233 )
...
Also: fixed the contents of the `APPLE_CERTIFICATE_P12` and
`APPLE_CERTIFICATE_PASSWORD` secrets, so the code-signing step will use
the right certificate now.
2025-10-15 23:31:52 +00:00
jif-oai
85e7357973
fix: workflow cache ( #5050 )
...
Decouple cache saving to fix the `verify` steps never being run due to a
cache saving issue
2025-10-10 15:57:47 +02:00
Shijie Rao
7b4a4c2219
Shijie/codesign binary ( #4899 )
...
### Summary
* Added code signing for MacOS.
### Before - UNSIGNED codex-aarch64
<img width="716" height="334" alt="Screenshot 2025-10-08 at 11 53 28 AM"
src="https://github.com/user-attachments/assets/276000f1-8be2-4b89-9aff-858fac28b4d4 "
/>
### After - SIGNED codex-aarch64
<img width="706" height="410" alt="Screenshot 2025-10-08 at 11 52 20 AM"
src="https://github.com/user-attachments/assets/927528f8-2686-4d15-b3cb-c47a8f11ef29 "
/>
2025-10-09 09:42:24 -07:00
pakrym-oai
7e3a272b29
Add a longer message to issue deduplicator and some logs ( #4836 )
...
Logs are to diagnose why we're not filtering correctly.
2025-10-06 10:39:26 -07:00
