From b52ccf21705903f94e908eb2138e46d2df9df38c Mon Sep 17 00:00:00 2001 From: ltang-wise Date: Wed, 17 Dec 2025 08:00:45 +0000 Subject: [PATCH 01/11] extend to have option for codex action --- .../reusable-workflow-ci-ai-agents.yaml | 83 ++++++++++++++++++- workflow-templates/call-ci-ai-agents.yml | 8 +- 2 files changed, 85 insertions(+), 6 deletions(-) diff --git a/.github/workflows/reusable-workflow-ci-ai-agents.yaml b/.github/workflows/reusable-workflow-ci-ai-agents.yaml index 2de8a8e..4c04e4c 100644 --- a/.github/workflows/reusable-workflow-ci-ai-agents.yaml +++ b/.github/workflows/reusable-workflow-ci-ai-agents.yaml @@ -48,15 +48,48 @@ on: description: "LLM model to use for general purpose tasks" required: false type: string + codex_model: + description: "OpenAI model to use for Codex agent" + required: false + type: string + default: "o3" jobs: - run-ci-ai-agent: + detect-agent: if: | inputs.event_name == 'issues' || inputs.event_name == 'issue_comment' || inputs.event_name == 'pull_request_review_comment' || inputs.event_name == 'pull_request_review' runs-on: gha-production-medium + outputs: + agent: ${{ steps.parse.outputs.agent }} + codex_prompt: ${{ steps.parse.outputs.codex_prompt }} + steps: + - name: Parse agent from comment + id: parse + shell: bash + env: + EVENT_PAYLOAD: ${{ inputs.event_payload }} + run: | + comment=$(echo "$EVENT_PAYLOAD" | jq -r '.comment.body // .review.body // .issue.body // ""') + + if echo "$comment" | grep -q '/codex-'; then + echo "agent=codex" >> $GITHUB_OUTPUT + # Extract the command after /codex- (e.g., "review-pr" from "/codex-review-pr") + codex_cmd=$(echo "$comment" | grep -oE '/codex-[^ ]+' | head -1 | sed 's|/codex-||') + # Extract any additional context after the command on the same line or following lines + full_prompt=$(echo "$comment" | sed -n '/\/codex-/,$p' | sed '1s|.*/codex-[^ ]*||') + echo "codex_prompt=${codex_cmd}${full_prompt}" >> $GITHUB_OUTPUT + else + echo "agent=claude" >> $GITHUB_OUTPUT + echo "codex_prompt=" >> $GITHUB_OUTPUT + fi + + run-claude-agent: + needs: detect-agent + if: needs.detect-agent.outputs.agent == 'claude' + runs-on: gha-production-medium container: ci-images-release.arti.tw.ee/actions_java_17_and_21 permissions: contents: write @@ -107,4 +140,50 @@ jobs: ${{ secrets.ANTHROPIC_BEDROCK_BASE_URL }} claude_args: | --allowedTools "mcp__github_inline_comment__create_inline_comment,mcp__github_file_ops__commit_files,mcp__github_file_ops__delete_files" - --model ${{ inputs.generic_model != '' && inputs.generic_model || vars.ANTHROPIC_DEFAULT_HAIKU_MODEL }} \ No newline at end of file + --model ${{ inputs.generic_model != '' && inputs.generic_model || vars.ANTHROPIC_DEFAULT_HAIKU_MODEL }} + + run-codex-agent: + needs: detect-agent + if: needs.detect-agent.outputs.agent == 'codex' + runs-on: gha-production-medium + container: ci-images-release.arti.tw.ee/actions_java_17_and_21 + permissions: + contents: write + pull-requests: write + issues: write + id-token: write + actions: read + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + fetch-depth: 1 + + - name: "Add repo as safe directory" + run: | + git config --global --add safe.directory "$GITHUB_WORKSPACE" + + - name: Sync caller event context + shell: bash + env: + CALLER_EVENT_PAYLOAD: ${{ inputs.event_payload }} + run: | + event_file="$RUNNER_TEMP/original_event.json" + printf '%s' "$CALLER_EVENT_PAYLOAD" > "$event_file" + { + echo "GITHUB_EVENT_PATH=$event_file" + echo "GITHUB_EVENT_NAME=${{ inputs.event_name }}" + echo "GITHUB_REPOSITORY=${{ inputs.repository }}" + echo "GITHUB_REF=${{ inputs.ref }}" + echo "GITHUB_SHA=${{ inputs.sha }}" + echo "GITHUB_ACTOR=${{ inputs.actor }}" + } >> "$GITHUB_ENV" + + - name: Run Codex Agent + uses: transferwise/codex-action@main + with: + prompt: ${{ needs.detect-agent.outputs.codex_prompt }} + openai-api-key: ${{ secrets.OPENAI_API_KEY }} + model: ${{ inputs.codex_model }} + sandbox: "workspace-write" + allow-users: "*" \ No newline at end of file diff --git a/workflow-templates/call-ci-ai-agents.yml b/workflow-templates/call-ci-ai-agents.yml index 93c7a47..3e63b52 100644 --- a/workflow-templates/call-ci-ai-agents.yml +++ b/workflow-templates/call-ci-ai-agents.yml @@ -13,10 +13,10 @@ on: jobs: call-ci-ai-agents: if: | - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '/run-ci-ai-agents')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '/run-ci-ai-agents')) || - (github.event_name == 'pull_request_review' && contains(github.event.review.body, '/run-ci-ai-agents')) || - (github.event_name == 'issues' && (contains(github.event.issue.body, '/run-ci-ai-agents') || contains(github.event.issue.title, '/run-ci-ai-agents'))) + (github.event_name == 'issue_comment' && (contains(github.event.comment.body, '/run-ci-ai-agents') || contains(github.event.comment.body, '/codex-'))) || + (github.event_name == 'pull_request_review_comment' && (contains(github.event.comment.body, '/run-ci-ai-agents') || contains(github.event.comment.body, '/codex-'))) || + (github.event_name == 'pull_request_review' && (contains(github.event.review.body, '/run-ci-ai-agents') || contains(github.event.review.body, '/codex-'))) || + (github.event_name == 'issues' && (contains(github.event.issue.body, '/run-ci-ai-agents') || contains(github.event.issue.title, '/run-ci-ai-agents') || contains(github.event.issue.body, '/codex-') || contains(github.event.issue.title, '/codex-'))) uses: transferwise/.github/.github/workflows/reusable-workflow-ci-ai-agents.yaml@master secrets: inherit with: From 3b1cc3836bd78d82d0e6422fd5699173ab4f6465 Mon Sep 17 00:00:00 2001 From: ltang-wise Date: Wed, 17 Dec 2025 17:26:52 +0000 Subject: [PATCH 02/11] update brancht o use v1test release --- .github/workflows/reusable-workflow-ci-ai-agents.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-workflow-ci-ai-agents.yaml b/.github/workflows/reusable-workflow-ci-ai-agents.yaml index 4c04e4c..b48ab49 100644 --- a/.github/workflows/reusable-workflow-ci-ai-agents.yaml +++ b/.github/workflows/reusable-workflow-ci-ai-agents.yaml @@ -180,7 +180,7 @@ jobs: } >> "$GITHUB_ENV" - name: Run Codex Agent - uses: transferwise/codex-action@main + uses: transferwise/codex-action@v1test with: prompt: ${{ needs.detect-agent.outputs.codex_prompt }} openai-api-key: ${{ secrets.OPENAI_API_KEY }} From dbcd47f58dd3df6582d7d677d05a51575dd383e2 Mon Sep 17 00:00:00 2001 From: ltang-wise Date: Thu, 18 Dec 2025 08:32:41 +0000 Subject: [PATCH 03/11] use main again --- .github/workflows/reusable-workflow-ci-ai-agents.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-workflow-ci-ai-agents.yaml b/.github/workflows/reusable-workflow-ci-ai-agents.yaml index b48ab49..4c04e4c 100644 --- a/.github/workflows/reusable-workflow-ci-ai-agents.yaml +++ b/.github/workflows/reusable-workflow-ci-ai-agents.yaml @@ -180,7 +180,7 @@ jobs: } >> "$GITHUB_ENV" - name: Run Codex Agent - uses: transferwise/codex-action@v1test + uses: transferwise/codex-action@main with: prompt: ${{ needs.detect-agent.outputs.codex_prompt }} openai-api-key: ${{ secrets.OPENAI_API_KEY }} From d31dbbaa6fa5df9427befb88f548f3c2273b44e7 Mon Sep 17 00:00:00 2001 From: ltang-wise Date: Thu, 18 Dec 2025 08:41:11 +0000 Subject: [PATCH 04/11] use v1.4 --- .github/workflows/reusable-workflow-ci-ai-agents.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-workflow-ci-ai-agents.yaml b/.github/workflows/reusable-workflow-ci-ai-agents.yaml index 4c04e4c..03bee8b 100644 --- a/.github/workflows/reusable-workflow-ci-ai-agents.yaml +++ b/.github/workflows/reusable-workflow-ci-ai-agents.yaml @@ -180,7 +180,7 @@ jobs: } >> "$GITHUB_ENV" - name: Run Codex Agent - uses: transferwise/codex-action@main + uses: transferwise/codex-action@v1.4 with: prompt: ${{ needs.detect-agent.outputs.codex_prompt }} openai-api-key: ${{ secrets.OPENAI_API_KEY }} From c739f57a701bf6353a8f6a776265531a25a5c9b3 Mon Sep 17 00:00:00 2001 From: ltang-wise Date: Thu, 18 Dec 2025 08:55:51 +0000 Subject: [PATCH 05/11] use main again --- .github/workflows/reusable-workflow-ci-ai-agents.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-workflow-ci-ai-agents.yaml b/.github/workflows/reusable-workflow-ci-ai-agents.yaml index 03bee8b..4c04e4c 100644 --- a/.github/workflows/reusable-workflow-ci-ai-agents.yaml +++ b/.github/workflows/reusable-workflow-ci-ai-agents.yaml @@ -180,7 +180,7 @@ jobs: } >> "$GITHUB_ENV" - name: Run Codex Agent - uses: transferwise/codex-action@v1.4 + uses: transferwise/codex-action@main with: prompt: ${{ needs.detect-agent.outputs.codex_prompt }} openai-api-key: ${{ secrets.OPENAI_API_KEY }} From 1a270e8be06e42a8aceb15fcb0f7df9024ecc0e1 Mon Sep 17 00:00:00 2001 From: ltang-wise Date: Thu, 18 Dec 2025 10:57:25 +0000 Subject: [PATCH 06/11] use v1.4-test --- .github/workflows/reusable-workflow-ci-ai-agents.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-workflow-ci-ai-agents.yaml b/.github/workflows/reusable-workflow-ci-ai-agents.yaml index 4c04e4c..d818db2 100644 --- a/.github/workflows/reusable-workflow-ci-ai-agents.yaml +++ b/.github/workflows/reusable-workflow-ci-ai-agents.yaml @@ -180,7 +180,7 @@ jobs: } >> "$GITHUB_ENV" - name: Run Codex Agent - uses: transferwise/codex-action@main + uses: transferwise/codex-action@v1.4-test with: prompt: ${{ needs.detect-agent.outputs.codex_prompt }} openai-api-key: ${{ secrets.OPENAI_API_KEY }} From fb2e064c32a3f552f8ceff412882b13e79290bfc Mon Sep 17 00:00:00 2001 From: ltang-wise Date: Thu, 18 Dec 2025 11:07:19 +0000 Subject: [PATCH 07/11] test no container --- .github/workflows/reusable-workflow-ci-ai-agents.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-workflow-ci-ai-agents.yaml b/.github/workflows/reusable-workflow-ci-ai-agents.yaml index d818db2..30b64d5 100644 --- a/.github/workflows/reusable-workflow-ci-ai-agents.yaml +++ b/.github/workflows/reusable-workflow-ci-ai-agents.yaml @@ -146,7 +146,7 @@ jobs: needs: detect-agent if: needs.detect-agent.outputs.agent == 'codex' runs-on: gha-production-medium - container: ci-images-release.arti.tw.ee/actions_java_17_and_21 + # container: ci-images-release.arti.tw.ee/actions_java_17_and_21 permissions: contents: write pull-requests: write From 58ad09ff777dfae72360308474d9d9660c2da02d Mon Sep 17 00:00:00 2001 From: ltang-wise Date: Thu, 18 Dec 2025 11:14:32 +0000 Subject: [PATCH 08/11] add safety-strategy: "unsafe" --- .github/workflows/reusable-workflow-ci-ai-agents.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/reusable-workflow-ci-ai-agents.yaml b/.github/workflows/reusable-workflow-ci-ai-agents.yaml index 30b64d5..ce6a478 100644 --- a/.github/workflows/reusable-workflow-ci-ai-agents.yaml +++ b/.github/workflows/reusable-workflow-ci-ai-agents.yaml @@ -186,4 +186,5 @@ jobs: openai-api-key: ${{ secrets.OPENAI_API_KEY }} model: ${{ inputs.codex_model }} sandbox: "workspace-write" - allow-users: "*" \ No newline at end of file + allow-users: "*" + safety-strategy: "unsafe" \ No newline at end of file From a521112247cbe3c157804fb453e4246b5ef81e19 Mon Sep 17 00:00:00 2001 From: ltang-wise Date: Thu, 18 Dec 2025 11:47:35 +0000 Subject: [PATCH 09/11] test with container and new safety strategy --- .github/workflows/reusable-workflow-ci-ai-agents.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-workflow-ci-ai-agents.yaml b/.github/workflows/reusable-workflow-ci-ai-agents.yaml index ce6a478..17b93e0 100644 --- a/.github/workflows/reusable-workflow-ci-ai-agents.yaml +++ b/.github/workflows/reusable-workflow-ci-ai-agents.yaml @@ -146,7 +146,7 @@ jobs: needs: detect-agent if: needs.detect-agent.outputs.agent == 'codex' runs-on: gha-production-medium - # container: ci-images-release.arti.tw.ee/actions_java_17_and_21 + container: ci-images-release.arti.tw.ee/actions_java_17_and_21 permissions: contents: write pull-requests: write From 4e3e44ae8307fc22ebed7ba85d16675b22c7aba3 Mon Sep 17 00:00:00 2001 From: ltang-wise Date: Thu, 18 Dec 2025 11:50:55 +0000 Subject: [PATCH 10/11] revert back to no container --- .github/workflows/reusable-workflow-ci-ai-agents.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-workflow-ci-ai-agents.yaml b/.github/workflows/reusable-workflow-ci-ai-agents.yaml index 17b93e0..ce6a478 100644 --- a/.github/workflows/reusable-workflow-ci-ai-agents.yaml +++ b/.github/workflows/reusable-workflow-ci-ai-agents.yaml @@ -146,7 +146,7 @@ jobs: needs: detect-agent if: needs.detect-agent.outputs.agent == 'codex' runs-on: gha-production-medium - container: ci-images-release.arti.tw.ee/actions_java_17_and_21 + # container: ci-images-release.arti.tw.ee/actions_java_17_and_21 permissions: contents: write pull-requests: write From 431429c155e14845c65979e2d1cefc1e2f86cf7f Mon Sep 17 00:00:00 2001 From: ltang-wise Date: Fri, 19 Dec 2025 16:55:03 +0000 Subject: [PATCH 11/11] add eu openai URL --- .github/workflows/reusable-workflow-ci-ai-agents.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/reusable-workflow-ci-ai-agents.yaml b/.github/workflows/reusable-workflow-ci-ai-agents.yaml index ce6a478..9355fe6 100644 --- a/.github/workflows/reusable-workflow-ci-ai-agents.yaml +++ b/.github/workflows/reusable-workflow-ci-ai-agents.yaml @@ -181,6 +181,8 @@ jobs: - name: Run Codex Agent uses: transferwise/codex-action@v1.4-test + env: + GITHUB_API_URL: https://eu.api.openai.com with: prompt: ${{ needs.detect-agent.outputs.codex_prompt }} openai-api-key: ${{ secrets.OPENAI_API_KEY }}