feat: add Codex PR review workflow#2
Conversation
Add Codex review workflow and script (Headroom-specific prompt), mirror shelldeck merge-gate pattern on logan-gl502vs. Update Dario proxy resolution to skip on 402/429/unreachable instead of failing, and gate Claude review on proxy availability with continue-on-error.
🔎 Grok review (Hermes · grok-4.3)
Verdict: Clean enough to merge; only minor duplication in the new CI paths. |
🧠 Grok Composer review (grok-composer-2.5)Review1. Brand consistencyNo issues. This diff is CI-only (GitHub Actions + a review script). No logos, favicons, og:image, schema assets, or UI mockups. 2. Spot Suite architectureNo issues against the listed architecture rules. No tenant/session handling, D1, SECRETS KV, OAuth flows, cron handlers, migrations, or Pages deploys. 3. Correctness + securityWrong product context in Codex prompt — Merge gate does not gate on outcome — Duplicated Dario probe logic — Sandbox bypass in CI — Resilient skip paths — Otherwise: error handling in Verdict: CI-only change is structurally sound and sensibly fail-open, but fix the Headroom-specific Codex prompt before merging into Spot Suite and confirm the merge gate is meant to wait only, not block on failed review. |
There was a problem hiding this comment.
Pull request overview
Adds an automated “Codex Review” GitHub Actions workflow that runs Codex CLI on a self-hosted runner to generate a single PR review comment, and adjusts the existing Claude review workflow to gracefully skip when the Dario proxy is unreachable or quota-limited.
Changes:
- Introduces
scripts/codex-review.pyto runcodex execagainstorigin/<base>...HEADand upsert a marker-based PR comment. - Adds
.github/workflows/codex-review.ymlwith an enablement gate and a “merge gate” job that waits briefly for the review job to finish. - Updates Claude review/Dario proxy resolution to skip (not fail) on proxy/quota issues, and updates the helper script accordingly.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
scripts/codex-review.py |
New Python helper to run Codex review and post/update a PR comment. |
.gitignore |
Allowlists the new scripts/codex-review.py under the existing scripts/ ignore rules. |
.github/workflows/codex-review.yml |
New workflow to run Codex review (gated) and provide a merge-wait “gate” job. |
.github/workflows/claude-review.yml |
Makes Claude review non-blocking and skips cleanly on Dario proxy quota/unreachability (now inline). |
.github/scripts/resolve-dario-proxy.sh |
Updates the Dario proxy resolver to treat quota/unreachability as warnings and exit successfully. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| { | ||
| echo "available=true" | ||
| echo "bin=$(command -v "$CODEX_BIN")" | ||
| } >> "$GITHUB_OUTPUT" | ||
| echo "Codex CLI ready at $(command -v "$CODEX_BIN")" |
| MODEL = os.environ.get("CODEX_MODEL", "gpt-5.5") | ||
| CODEX_BIN = os.environ.get("CODEX_BIN", "codex") | ||
| TIMEOUT_SEC = int(os.environ.get("CODEX_TIMEOUT_SEC", "900")) |
|
|
||
|
|
||
| def run_codex_review(base_ref: str, repo_root: Path) -> str: | ||
| out_path = Path(tempfile.mkstemp(suffix=".md")[1]) |
| - name: Resolve Dario proxy | ||
| id: dario | ||
| run: bash .github/scripts/resolve-dario-proxy.sh | ||
| run: | | ||
| set -euo pipefail | ||
| GW="" |
| GW="" | ||
| if command -v ip >/dev/null 2>&1; then | ||
| GW="$(ip route 2>/dev/null | awk '/default/{print $3; exit}')" | ||
| fi |
Codex PR review + graceful Dario quota skip on Claude review.