Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/monthly_publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
GCS_BUCKET: ${{ vars.GCS_BUCKET }}
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
CODEX_AUDIT_ENABLED: ${{ vars.CODEX_AUDIT_ENABLED || 'true' }}
CODEX_AUDIT_BRIDGE_REPOSITORY: ${{ vars.CODEX_AUDIT_BRIDGE_REPOSITORY || 'QuantStrategyLab/CodexAuditBridge' }}
CODEX_AUDIT_BRIDGE_REPOSITORY: ${{ vars.CODEX_AUDIT_BRIDGE_REPOSITORY || 'QuantStrategyLab/AIAuditBridge' }}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Scope the app token to AIAuditBridge

With this new default, monthly publishes dispatch to QuantStrategyLab/AIAuditBridge, but the earlier actions/create-github-app-token step is still hard-coded to request a token for CodexAuditBridge, and the dispatch code prefers APP_TOKEN over CODEX_AUDIT_DISPATCH_TOKEN. In environments where CROSS_REPO_GITHUB_APP_* credentials are configured, the workflow will therefore use an app token scoped to the old bridge repo and fail the dispatch to AIAuditBridge instead of falling back; update the token repository list or derive it from CODEX_AUDIT_BRIDGE_REPOSITORY as part of this default change.

Useful? React with 👍 / 👎.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Point operator docs at AIAuditBridge

After this default changes the dispatch target to QuantStrategyLab/AIAuditBridge, the operator-facing docs still tell maintainers that provider secrets and fallback logic live in CodexAuditBridge (README.zh-CN.md:35-37, docs/operator_runbook.md:85-87). In a migration where operators follow those docs for the default path, they will configure the old bridge repository while this workflow now dispatches to AIAuditBridge, so the monthly review can fail due to missing service/provider configuration in the actual target repo.

Useful? React with 👍 / 👎.

CODEX_AUDIT_BRIDGE_REF: ${{ vars.CODEX_AUDIT_BRIDGE_REF || 'main' }}
CODEX_AUDIT_MODE: ${{ vars.CODEX_AUDIT_MODE || 'review_and_fix' }}
CODEX_AUDIT_PROVIDER: ${{ vars.CODEX_AUDIT_PROVIDER || 'auto' }}
Expand Down
2 changes: 1 addition & 1 deletion tests/test_monthly_publish_workflow_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ def test_monthly_review_issue_creation_does_not_require_gh_cli(self) -> None:
self.assertIn("CODEX_AUDIT_BRIDGE_REPOSITORY", workflow)
self.assertIn("CODEX_AUDIT_BRIDGE_REF", workflow)
self.assertIn('"ref": os.environ["CODEX_AUDIT_BRIDGE_REF"]', workflow)
self.assertIn("QuantStrategyLab/CodexAuditBridge", workflow)
self.assertIn("QuantStrategyLab/AIAuditBridge", workflow)
self.assertIn("CROSS_REPO_GITHUB_APP_ID", workflow)
self.assertIn("CROSS_REPO_GITHUB_APP_PRIVATE_KEY", workflow)
self.assertIn("actions/create-github-app-token@v3", workflow)
Expand Down
Loading