fix(deps): update all non-major dependencies #148
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Codex PR Review | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| # Skip when only workflow files are modified | |
| paths-ignore: | |
| - ".github/workflows/**" | |
| jobs: | |
| codex: | |
| # Skip review for draft PRs to save resources during rapid iteration | |
| if: github.event.pull_request.draft == false | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| outputs: | |
| final_message: ${{ steps.run_codex.outputs.final-message }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| # Explicitly check out the PR's merge commit | |
| ref: refs/pull/${{ github.event.pull_request.number }}/merge | |
| - name: Pre-fetch base and head refs for the PR | |
| run: | | |
| git fetch --no-tags origin \ | |
| ${{ github.event.pull_request.base.ref }} \ | |
| +refs/pull/${{ github.event.pull_request.number }}/head | |
| # Install dependencies before Codex runs (if needed for building/testing) | |
| # - name: Install dependencies | |
| # run: pnpm install | |
| - name: Run Codex | |
| id: run_codex | |
| uses: openai/codex-action@v1 | |
| with: | |
| openai-api-key: ${{ secrets.OPENAI_API_KEY }} | |
| sandbox: workspace-write | |
| safety-strategy: drop-sudo | |
| output-file: codex-review.md | |
| prompt: | | |
| This is PR #${{ github.event.pull_request.number }} for ${{ github.repository }}. | |
| Review ONLY the changes introduced by this PR. Consider: | |
| git log --oneline ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }} | |
| Please review the code changes and provide feedback on: | |
| - Code quality and best practices | |
| - Potential bugs or issues | |
| - Performance considerations | |
| - Security concerns (check OWASP top 10 vulnerabilities) | |
| - Test coverage and test quality | |
| - Documentation and code clarity | |
| Use the repository's CLAUDE.md and docs/design.md for guidance on: | |
| - Project architecture and design patterns | |
| - Engineering defaults and conventions | |
| - Documentation policy | |
| Be constructive, specific, and concise in your feedback. | |
| Pull request title and body: | |
| ---- | |
| ${{ github.event.pull_request.title }} | |
| ${{ github.event.pull_request.body }} | |
| post_feedback: | |
| runs-on: ubuntu-latest | |
| needs: codex | |
| if: needs.codex.outputs.final_message != '' | |
| permissions: | |
| issues: write | |
| pull-requests: write | |
| steps: | |
| - name: Post Codex feedback | |
| uses: actions/github-script@v8 | |
| env: | |
| CODEX_FINAL_MESSAGE: ${{ needs.codex.outputs.final_message }} | |
| with: | |
| github-token: ${{ github.token }} | |
| script: | | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.pull_request.number, | |
| body: `## Codex Code Review\n\n${process.env.CODEX_FINAL_MESSAGE}`, | |
| }); |