diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index 74a9ac5e56..da529b0e14 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -648,7 +648,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 1c92776c8e..c345e99d26 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -677,7 +677,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index a131216a31..5932900e7e 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -384,7 +384,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 05922bb5e0..0097b75189 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -624,7 +624,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -810,7 +810,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 9584a84ce9..d3e0a3dc37 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -699,7 +699,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -903,7 +903,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 43491faac6..0e7fa5df2b 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -711,7 +711,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -897,7 +897,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index f6b54aee2f..88cedada01 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -794,7 +794,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -1007,7 +1007,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 544b0cb44b..d5dc250775 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -653,7 +653,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -839,7 +839,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 196db3fd86..34a3efd9db 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -644,7 +644,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -830,7 +830,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/schema-feature-coverage.lock.yml b/.github/workflows/schema-feature-coverage.lock.yml index cf2953adc7..c3aaedbfa6 100644 --- a/.github/workflows/schema-feature-coverage.lock.yml +++ b/.github/workflows/schema-feature-coverage.lock.yml @@ -604,7 +604,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -791,7 +791,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-agent-all-merged.lock.yml b/.github/workflows/smoke-agent-all-merged.lock.yml index 1fcbd1fcc3..e9f5822a5d 100644 --- a/.github/workflows/smoke-agent-all-merged.lock.yml +++ b/.github/workflows/smoke-agent-all-merged.lock.yml @@ -601,7 +601,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -787,7 +787,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-agent-all-none.lock.yml b/.github/workflows/smoke-agent-all-none.lock.yml index 5d0c6d3a69..296f49179f 100644 --- a/.github/workflows/smoke-agent-all-none.lock.yml +++ b/.github/workflows/smoke-agent-all-none.lock.yml @@ -601,7 +601,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -787,7 +787,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-agent-public-approved.lock.yml b/.github/workflows/smoke-agent-public-approved.lock.yml index 689913a965..4b2465923e 100644 --- a/.github/workflows/smoke-agent-public-approved.lock.yml +++ b/.github/workflows/smoke-agent-public-approved.lock.yml @@ -627,7 +627,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -813,7 +813,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-agent-public-none.lock.yml b/.github/workflows/smoke-agent-public-none.lock.yml index 48adaa67a2..19b4d03a51 100644 --- a/.github/workflows/smoke-agent-public-none.lock.yml +++ b/.github/workflows/smoke-agent-public-none.lock.yml @@ -601,7 +601,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -787,7 +787,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-agent-scoped-approved.lock.yml b/.github/workflows/smoke-agent-scoped-approved.lock.yml index 7919cc1840..03e394e679 100644 --- a/.github/workflows/smoke-agent-scoped-approved.lock.yml +++ b/.github/workflows/smoke-agent-scoped-approved.lock.yml @@ -605,7 +605,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -791,7 +791,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml index 35a462c19c..fe5f5f8306 100644 --- a/.github/workflows/smoke-call-workflow.lock.yml +++ b/.github/workflows/smoke-call-workflow.lock.yml @@ -595,7 +595,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -781,7 +781,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index a3c38f8c67..f17df553b3 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -450,20 +450,13 @@ jobs: { "description": "Add the 'smoked' label to the current pull request (can only be called once)", "inputSchema": { - "additionalProperties": false, + "additionalProperties": true, "properties": { - "labels": { - "description": "The labels' name to be added. Must be separated with line breaks if there're multiple labels.", - "type": "string" - }, - "number": { - "description": "The number of the issue or pull request.", + "payload": { + "description": "JSON-encoded payload to pass to the action", "type": "string" } }, - "required": [ - "labels" - ], "type": "object" }, "name": "add_smoked_label" @@ -1050,7 +1043,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -1254,7 +1247,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail @@ -1568,8 +1561,7 @@ jobs: env: GITHUB_TOKEN: ${{ github.token }} with: - labels: ${{ fromJSON(steps.process_safe_outputs.outputs.action_add_smoked_label_payload).labels }} - number: ${{ fromJSON(steps.process_safe_outputs.outputs.action_add_smoked_label_payload).number }} + payload: ${{ steps.process_safe_outputs.outputs.action_add_smoked_label_payload }} - name: Upload safe output items if: always() uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 diff --git a/pkg/workflow/agentic_output_test.go b/pkg/workflow/agentic_output_test.go index bcfaf51b2e..78247a9101 100644 --- a/pkg/workflow/agentic_output_test.go +++ b/pkg/workflow/agentic_output_test.go @@ -234,8 +234,8 @@ This workflow tests that Codex engine gets GH_AW_SAFE_OUTPUTS but not engine out } // Verify that the Codex execution step is still present - if !strings.Contains(lockContent, "- name: Execute Codex") { - t.Error("Expected 'Execute Codex' step to be in generated workflow") + if !strings.Contains(lockContent, "- name: Execute Codex CLI") { + t.Error("Expected 'Execute Codex CLI' step to be in generated workflow") } t.Log("Codex workflow correctly uses unified agent artifact for safe outputs and engine output files") diff --git a/pkg/workflow/codex_engine.go b/pkg/workflow/codex_engine.go index 9acc216866..3e0a70494d 100644 --- a/pkg/workflow/codex_engine.go +++ b/pkg/workflow/codex_engine.go @@ -365,7 +365,7 @@ mkdir -p "$CODEX_HOME/logs" } // Generate the step for Codex execution - stepName := "Execute Codex" + stepName := "Execute Codex CLI" var stepLines []string stepLines = append(stepLines, " - name: "+stepName) diff --git a/pkg/workflow/codex_engine_test.go b/pkg/workflow/codex_engine_test.go index bd2d6a5d1a..2ae41f2efc 100644 --- a/pkg/workflow/codex_engine_test.go +++ b/pkg/workflow/codex_engine_test.go @@ -64,8 +64,8 @@ func TestCodexEngine(t *testing.T) { // Check the execution step stepContent := strings.Join([]string(execSteps[0]), "\n") - if !strings.Contains(stepContent, "name: Execute Codex") { - t.Errorf("Expected step name 'Execute Codex' in step content:\n%s", stepContent) + if !strings.Contains(stepContent, "name: Execute Codex CLI") { + t.Errorf("Expected step name 'Execute Codex CLI' in step content:\n%s", stepContent) } if strings.Contains(stepContent, "uses:") { diff --git a/pkg/workflow/engine_args_test.go b/pkg/workflow/engine_args_test.go index 01e486aa16..39f4d86240 100644 --- a/pkg/workflow/engine_args_test.go +++ b/pkg/workflow/engine_args_test.go @@ -338,7 +338,7 @@ func TestCodexEngineArgsInjection(t *testing.T) { var executionStep GitHubActionStep for _, step := range steps { stepStr := strings.Join(step, "\n") - if strings.Contains(stepStr, "Execute Codex") { + if strings.Contains(stepStr, "Execute Codex CLI") { executionStep = step break } @@ -384,7 +384,7 @@ func TestCodexEngineArgsInjection(t *testing.T) { var executionStep GitHubActionStep for _, step := range steps { stepStr := strings.Join(step, "\n") - if strings.Contains(stepStr, "Execute Codex") { + if strings.Contains(stepStr, "Execute Codex CLI") { executionStep = step break }