openai/codex-action

Public

mirrored from https://github.com/openai/codex-actionAvailable

CodeCommitsIssuesPull requestsActionsInsightsSecurity
v1.0

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

action.yml

270lines · modecode

1name: "Codex Exec Action"
2description: "Run `codex exec` with a prompt."
3author: "OpenAI"
4inputs:
5 prompt:
6 description: "Prompt to pass to Codex. `prompt` or `prompt-file` must be provided."
7 required: false
8 default: ""
9 prompt-file:
10 description: "Path to file that contains the prompt to pass to Codex. `prompt` or `prompt-file` must be provided."
11 required: false
12 default: ""
13 output-file:
14 description: "File where the final Codex message is written. Leave empty to skip writing a file."
15 required: false
16 default: ""
17 openai-api-key:
18 description: "OpenAI API key used by Codex."
19 required: false
20 default: ""
21 working-directory:
22 description: "Working directory that Codex should use. Defaults to the repository root."
23 required: false
24 default: ""
25 sandbox:
26 description: |
27 Sandbox mode for Codex. One of `workspace-write` (default), `read-only` or `danger-full-access`.
28 required: false
29 default: "workspace-write"
30 codex-version:
31 description: "Version of `@openai/codex` to install."
32 required: false
33 default: ""
34 codex-args:
35 description: "Additional args to pass through to `codex exec`. If this value starts with `[`, it will be parsed as a JSON array; otherwise, it will be parsed as a shell-like string."
36 required: false
37 default: ""
38 output-schema:
39 description: "Inline schema contents to use with `codex exec --output-schema`."
40 required: false
41 default: ""
42 output-schema-file:
43 description: "File path to the schema that should be passed to `codex exec --output-schema`."
44 required: false
45 default: ""
46 model:
47 description: "Model the agent should use."
48 required: false
49 default: ""
50 codex-home:
51 description: "Directory to use as the Codex home directory. If empty, the default Codex home directory will be used."
52 required: false
53 default: ""
54 safety-strategy:
55 description: |
56 Specify one of the following options (on Windows, the only supported option is `unsafe`):
57
58 * `drop-sudo` (default, IRREVERSIBLE) Drop sudo privileges (if any) from
59 the default user before running Codex, and run Codex as that user. This
60 is only supported on Linux and macOS runners. This option is
61 irreversible: if the default user has sudo privileges, they will be
62 removed permanently for the duration of the job.
63 * `unprivileged-user` Run Codex as the specified user specified by the
64 `codex-user` option (the user must already exist). Note the caller is
65 responsible for ensuring the specified user has the privileges it needs
66 to perform the requested actions. For example, the copy of the repo
67 created by `actions/checkout` is not world-readable by default.
68 * `read-only` Run Codex in a sandbox that can read any file on disk,
69 but cannot write to disk or access the network. Note Codex will still
70 run as the default user for this Action, which likely has sudo
71 privileges, so it could read `openai-api-key` from memory and reveal it
72 by printing it to the output of the GitHub Action.
73 * `unsafe` (NOT RECOMMENDED) Do not try to restrict Codex's privileges at all.
74 This is extremely dangerous, as the default user for this Action likely
75 has sudo privileges, which means it can read secrets stored in memory
76 (such as the value of `openai-api-key`) and print them to the output
77 of the GitHub Action or exfiltrate them in other ways.
78 required: false
79 default: "drop-sudo"
80 codex-user:
81 description: "If `safety-strategy` is set to `unprivileged-user`, this specifies the UNIX username to run Codex as."
82 required: false
83 default: ""
84 allow-users:
85 description: "Comma-separated list of GitHub usernames who can run this action, or '*' to allow all users. Note users who have write access to the GitHub repo have access by default and do not need to be listed here."
86 required: false
87 default: ""
88 allow-bots:
89 description: "Allow runs triggered by GitHub Apps/bot accounts to bypass the write-access check."
90 required: false
91 default: "false"
92outputs:
93 final-message:
94 description: "Raw output emitted by `codex exec`."
95 value: ${{ steps.run_codex.outputs['final-message'] }}
96runs:
97 using: "composite"
98 steps:
99 - name: Validate Windows safety strategy
100 if: ${{ runner.os == 'Windows' }}
101 shell: bash
102 run: |
103 if [ "${{ inputs['safety-strategy'] }}" != "unsafe" ]; then
104 echo "On Windows, inputs['safety-strategy'] must be 'unsafe'" >&2
105 echo "because no viable sandboxing options are available at this time." >&2
106 exit 1
107 fi
108
109 - name: Ensure Node.js available
110 uses: actions/setup-node@v4
111 with:
112 node-version: "20"
113
114 - name: Check repository write access
115 env:
116 GITHUB_TOKEN: ${{ github.token }}
117 shell: bash
118 run: |
119 node "${{ github.action_path }}/dist/main.js" check-write-access \
120 --allow-bots "${{ inputs['allow-bots'] }}" \
121 --allow-users "${{ inputs['allow-users'] }}"
122
123 - name: Install Codex CLI
124 shell: bash
125 run: npm install -g "@openai/codex@${{ inputs['codex-version'] }}"
126
127 - name: Install Codex Responses API proxy
128 shell: bash
129 run: npm install -g "@openai/codex-responses-api-proxy@${{ inputs['codex-version'] }}"
130
131 - name: Resolve Codex home
132 id: resolve_home
133 shell: bash
134 run: |
135 node "${{ github.action_path }}/dist/main.js" resolve-codex-home \
136 --codex-home-override "${{ inputs['codex-home'] }}" \
137 --safety-strategy "${{ inputs['safety-strategy'] }}" \
138 --codex-user "${{ inputs['codex-user'] }}" \
139 --github-run-id "${{ github.run_id }}"
140
141 - name: Determine server info path
142 id: derive_server_info
143 shell: bash
144 run: |
145 server_info_file="${{ steps.resolve_home.outputs.codex-home }}/${{ github.run_id }}.json"
146 echo "server_info_file=$server_info_file" >> "$GITHUB_OUTPUT"
147
148 - name: Check Responses API proxy status
149 id: start_proxy
150 if: ${{ inputs['openai-api-key'] != '' }}
151 shell: bash
152 run: |
153 server_info_file="${{ steps.derive_server_info.outputs.server_info_file }}"
154 if [ -s "$server_info_file" ]; then
155 echo "Responses API proxy already appears to be running (found $server_info_file)."
156 echo "server_info_file_exists=true" >> "$GITHUB_OUTPUT"
157 else
158 echo "server_info_file_exists=false" >> "$GITHUB_OUTPUT"
159 fi
160
161 # This is its own step to minimize the runtime logic that has access to the
162 # API key. Note we use `env -u OPENAI_API_KEY` to ensure extra copies of the
163 # key do not end up in the memory of the `codex-responses-api-proxy` process
164 # where environment variables are stored.
165 - name: Start Responses API proxy
166 if: ${{ inputs['openai-api-key'] != '' && steps.start_proxy.outputs.server_info_file_exists == 'false' }}
167 env:
168 OPENAI_API_KEY: ${{ inputs['openai-api-key'] }}
169 shell: bash
170 run: |
171 (
172 printenv OPENAI_API_KEY | env -u OPENAI_API_KEY codex-responses-api-proxy --http-shutdown --server-info "${{ steps.derive_server_info.outputs.server_info_file }}"
173 ) &
174
175 - name: Wait for Responses API proxy
176 if: ${{ inputs['openai-api-key'] != '' && steps.start_proxy.outputs.server_info_file_exists == 'false' }}
177 shell: bash
178 run: |
179 server_info_file="${{ steps.derive_server_info.outputs.server_info_file }}"
180 for _ in {1..10}; do
181 if [ -s "$server_info_file" ]; then
182 break
183 fi
184 sleep 1
185 done
186 if [ ! -s "$server_info_file" ]; then
187 echo "responses-api-proxy did not write server info" >&2
188 exit 1
189 fi
190
191 if [ "${RUNNER_OS}" != "Windows" ]; then
192 sudo chmod 444 "$server_info_file"
193 sudo chown root "$server_info_file"
194 fi
195
196 # This step has an output named `port`.
197 - name: Read server info
198 id: read_server_info
199 if: ${{ inputs['openai-api-key'] != '' || inputs.prompt != '' || inputs['prompt-file'] != '' }}
200 shell: bash
201 run: node "${{ github.action_path }}/dist/main.js" read-server-info "${{ steps.derive_server_info.outputs.server_info_file }}"
202
203 - name: Write Codex proxy config
204 if: ${{ inputs['openai-api-key'] != '' }}
205 shell: bash
206 run: |
207 node "${{ github.action_path }}/dist/main.js" write-proxy-config \
208 --codex-home "${{ steps.resolve_home.outputs.codex-home }}" \
209 --port "${{ steps.read_server_info.outputs.port }}" \
210 --safety-strategy "${{ inputs['safety-strategy'] }}"
211
212 - name: Drop sudo privilege, if appropriate
213 if: ${{ inputs['safety-strategy'] == 'drop-sudo' && inputs['openai-api-key'] != '' }}
214 shell: bash
215 run: |
216 case "${RUNNER_OS}" in
217 Linux)
218 node "${{ github.action_path }}/dist/main.js" drop-sudo --user runner --group sudo
219 ;;
220 macOS)
221 node "${{ github.action_path }}/dist/main.js" drop-sudo --user runner --group admin
222 ;;
223 *)
224 echo "Unsupported OS for drop-sudo: ${RUNNER_OS}" >&2
225 exit 1
226 ;;
227 esac
228
229 - name: Verify sudo privilege removed
230 if: ${{ inputs['safety-strategy'] == 'drop-sudo' && inputs['openai-api-key'] != '' }}
231 shell: bash
232 run: |
233 if sudo -n true 2>/dev/null; then
234 echo "Expected sudo to be disabled, but sudo succeeded." >&2
235 exit 1
236 fi
237 echo "Confirmed sudo privilege is disabled."
238
239 - name: Run codex exec
240 id: run_codex
241 if: ${{ inputs.prompt != '' || inputs['prompt-file'] != '' }}
242 env:
243 CODEX_PROMPT: ${{ inputs.prompt }}
244 CODEX_PROMPT_FILE: ${{ inputs['prompt-file'] }}
245 CODEX_OUTPUT_FILE: ${{ inputs['output-file'] }}
246 CODEX_HOME: ${{ steps.resolve_home.outputs.codex-home }}
247 CODEX_WORKING_DIRECTORY: ${{ inputs['working-directory'] || github.workspace }}
248 CODEX_SANDBOX: ${{ inputs.sandbox }}
249 CODEX_ARGS: ${{ inputs['codex-args'] }}
250 CODEX_OUTPUT_SCHEMA: ${{ inputs['output-schema'] }}
251 CODEX_OUTPUT_SCHEMA_FILE: ${{ inputs['output-schema-file'] }}
252 CODEX_MODEL: ${{ inputs.model }}
253 CODEX_SAFETY_STRATEGY: ${{ inputs['safety-strategy'] }}
254 CODEX_USER: ${{ inputs['codex-user'] }}
255 FORCE_COLOR: 1
256 shell: bash
257 run: |
258 node "${{ github.action_path }}/dist/main.js" run-codex-exec \
259 --prompt "${CODEX_PROMPT}" \
260 --prompt-file "${CODEX_PROMPT_FILE}" \
261 --output-file "$CODEX_OUTPUT_FILE" \
262 --codex-home "$CODEX_HOME" \
263 --cd "$CODEX_WORKING_DIRECTORY" \
264 --extra-args "$CODEX_ARGS" \
265 --output-schema "$CODEX_OUTPUT_SCHEMA" \
266 --output-schema-file "$CODEX_OUTPUT_SCHEMA_FILE" \
267 --sandbox "$CODEX_SANDBOX" \
268 --model "$CODEX_MODEL" \
269 --safety-strategy "$CODEX_SAFETY_STRATEGY" \
270 --codex-user "$CODEX_USER"
271