[codex] Use central Codex PR review workflow#29
Conversation
Co-Authored-By: Codex <noreply@openai.com>
0514a44 to
22c5b59
Compare
Co-Authored-By: Codex <noreply@openai.com>
🤖 Codex PR ReviewPlease ensure a human reviewer checks this PR before merging. |
|
Bugbot is not enabled for your account, so this pull request was not reviewed. Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs. |
Co-Authored-By: Codex <noreply@openai.com>
|
Bugbot is not enabled for your account, so this pull request was not reviewed. Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f2e7a3b9de
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| uses: QuantStrategyLab/AIAuditBridge/.github/workflows/codex_pr_review.yml@main | ||
| with: | ||
| caller_concurrency_key: pr-${{ github.event.pull_request.number || github.run_id }} | ||
| allow_unconfigured_backend: true | ||
| secrets: inherit |
There was a problem hiding this comment.
Pass only the review secrets to the called workflow
In caller repos that have secrets beyond the Codex review backend, secrets: inherit makes every repo/org secret available to the reusable workflow in QuantStrategyLab/AIAuditBridge@main, including secrets that workflow does not declare. Because this job also points at a mutable external main ref, any future incompatible or compromised bridge workflow can read those additional credentials during PR review; the old local job only exposed the review-specific keys in its environment. Please pass the specific secrets this workflow needs instead of inheriting all of them.
Useful? React with 👍 / 👎.
Summary
QuantStrategyLab/AIAuditBridgeRollout note
QuantStrategyLab/AIAuditBridge#12being merged intomainCODEX_AUDIT_REUSABLE_WORKFLOW_TOKENwhen the caller repo cannot read AIAuditBridge with the default tokenValidation
actionlint -oneline .github/workflows/*.ymlgit diff --check