diff --git a/.changeset/patch-bump-codex-cli-to-0-78-0.md b/.changeset/patch-bump-codex-cli-to-0-78-0.md new file mode 100644 index 0000000000..6fa0915539 --- /dev/null +++ b/.changeset/patch-bump-codex-cli-to-0-78-0.md @@ -0,0 +1,14 @@ +--- +"gh-aw": patch +--- + +Bump Codex CLI default version to 0.78.0. + +This updates the repository to reference `@openai/codex@0.78.0` (used by workflows), +and aligns the `DefaultCodexVersion` constant and related tests/docs with the new +version. Changes include security hardening, reliability fixes, and UX improvements. + +Files affected in the PR: constants, tests, docs, and recompiled workflow lock files. + +Fixes: githubnext/gh-aw#9159 + diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 7781ec955c..b7cb2b3abb 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -184,7 +184,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -456,7 +456,7 @@ jobs: engine_name: "Codex", model: "gpt-5-mini", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Changeset Generator", experimental: true, supports_tools_allowlist: true, diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index cb2a8a6254..3d8a7001b5 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -130,7 +130,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -329,7 +329,7 @@ jobs: engine_name: "Codex", model: "gpt-5-mini", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Daily Fact About gh-aw", experimental: true, supports_tools_allowlist: true, @@ -882,7 +882,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 16893c5cb1..c892e7e50b 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -197,7 +197,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -498,7 +498,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Daily Issues Report Generator", experimental: true, supports_tools_allowlist: true, @@ -1998,7 +1998,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 05facddf4a..8d0f7d22a0 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -187,7 +187,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -887,7 +887,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Daily Project Performance Summary Generator (Using Safe Inputs)", experimental: true, supports_tools_allowlist: true, @@ -1952,7 +1952,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index 0481431463..be29b6cae8 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -198,7 +198,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -445,7 +445,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "DeepReport - Intelligence Gathering Agent", experimental: true, supports_tools_allowlist: true, @@ -1494,7 +1494,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index e1d541194c..3086bed2a7 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -151,7 +151,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -400,7 +400,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Duplicate Code Detector", experimental: true, supports_tools_allowlist: true, @@ -1133,7 +1133,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index effe11104a..b7bfdf6651 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -149,7 +149,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -479,7 +479,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Issue Arborist", experimental: true, supports_tools_allowlist: true, @@ -1202,7 +1202,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/smoke-codex-firewall.lock.yml b/.github/workflows/smoke-codex-firewall.lock.yml index 0dee6df452..d263529fdc 100644 --- a/.github/workflows/smoke-codex-firewall.lock.yml +++ b/.github/workflows/smoke-codex-firewall.lock.yml @@ -165,7 +165,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -504,7 +504,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Smoke Codex Firewall", experimental: true, supports_tools_allowlist: true, @@ -1031,7 +1031,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index e074b0bfb6..349f208a90 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -188,7 +188,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -558,7 +558,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Smoke Codex", experimental: true, supports_tools_allowlist: true, @@ -1120,7 +1120,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index 2f0cb5cb41..caf0236a32 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -226,7 +226,7 @@ const ( ) // DefaultCodexVersion is the default version of the OpenAI Codex CLI -const DefaultCodexVersion Version = "0.77.0" +const DefaultCodexVersion Version = "0.78.0" // DefaultGitHubMCPServerVersion is the default version of the GitHub MCP server Docker image const DefaultGitHubMCPServerVersion Version = "v0.27.0" diff --git a/pkg/constants/constants_test.go b/pkg/constants/constants_test.go index 4090bf6d8f..98e351d7ba 100644 --- a/pkg/constants/constants_test.go +++ b/pkg/constants/constants_test.go @@ -268,7 +268,7 @@ func TestVersionConstants(t *testing.T) { }{ {"DefaultClaudeCodeVersion", DefaultClaudeCodeVersion, "2.0.76"}, {"DefaultCopilotVersion", DefaultCopilotVersion, "0.0.374"}, - {"DefaultCodexVersion", DefaultCodexVersion, "0.77.0"}, + {"DefaultCodexVersion", DefaultCodexVersion, "0.78.0"}, {"DefaultGitHubMCPServerVersion", DefaultGitHubMCPServerVersion, "v0.27.0"}, {"DefaultSandboxRuntimeVersion", DefaultSandboxRuntimeVersion, "0.0.23"}, {"DefaultFirewallVersion", DefaultFirewallVersion, "v0.8.1"}, diff --git a/specs/layout.md b/specs/layout.md index 68b5503b7e..a04a86d8eb 100644 --- a/specs/layout.md +++ b/specs/layout.md @@ -265,7 +265,7 @@ All action scripts are copied from `actions/setup/js/*.cjs` and `actions/setup/s |----------|------|-------|-------------| | `DefaultCopilotVersion` | `Version` | `"0.0.374"` | GitHub Copilot CLI version | | `DefaultClaudeCodeVersion` | `Version` | `"2.0.76"` | Claude Code CLI version | -| `DefaultCodexVersion` | `Version` | `"0.77.0"` | OpenAI Codex CLI version | +| `DefaultCodexVersion` | `Version` | `"0.78.0"` | OpenAI Codex CLI version | | `DefaultGitHubMCPServerVersion` | `Version` | `"v0.27.0"` | GitHub MCP server Docker image | | `DefaultFirewallVersion` | `Version` | `"v0.8.1"` | gh-aw-firewall (AWF) binary | | `DefaultPlaywrightMCPVersion` | `Version` | `"0.0.54"` | @playwright/mcp package |