Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions .github/scripts/run-bazel-ci.sh
Original file line number Diff line number Diff line change
Expand Up @@ -380,14 +380,15 @@ else
# --noexperimental_remote_repo_contents_cache:
# disable remote repo contents cache enabled in .bazelrc startup options.
# https://bazel.build/reference/command-line-reference#startup_options-flag--experimental_remote_repo_contents_cache
# --remote_cache= and --remote_executor=:
# clear remote cache/execution endpoints configured in .bazelrc.
# --remote_cache=, --remote_executor=, and --experimental_remote_downloader=:
# clear remote cache/execution/downloader endpoints configured in .bazelrc.
# https://bazel.build/reference/command-line-reference#common_options-flag--remote_cache
# https://bazel.build/reference/command-line-reference#common_options-flag--remote_executor
bazel_run_args=(
"${bazel_args[@]}"
--remote_cache=
--remote_executor=
--experimental_remote_downloader=
)
if (( ${#post_config_bazel_args[@]} > 0 )); then
bazel_run_args+=("${post_config_bazel_args[@]}")
Expand Down
57 changes: 45 additions & 12 deletions .github/workflows/bazel.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,16 @@ concurrency:
jobs:
test:
timeout-minutes: 30
env:
BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
strategy:
fail-fast: false
matrix:
include:
# macOS
- os: macos-15-xlarge
- os: macos-15
target: aarch64-apple-darwin
- os: macos-15-xlarge
- os: macos-15-intel
target: x86_64-apple-darwin

# Linux
Expand All @@ -49,28 +51,37 @@ jobs:
name: Local Bazel build on ${{ matrix.os }} for ${{ matrix.target }}

steps:
- name: Skip macOS Bazel without BuildBuddy
if: runner.os == 'macOS' && env.BUILDBUDDY_API_KEY == ''
shell: bash
run: |
echo "::notice::Skipping macOS Bazel in this fork because the hermetic Apple SDK is only available through the authenticated BuildBuddy downloader/cache path."

- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
if: runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != ''

- name: Check rusty_v8 MODULE.bazel checksums
if: matrix.os == 'ubuntu-24.04' && matrix.target == 'x86_64-unknown-linux-gnu'
if: (runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != '') && matrix.os == 'ubuntu-24.04' && matrix.target == 'x86_64-unknown-linux-gnu'
shell: bash
run: |
python3 .github/scripts/rusty_v8_bazel.py check-module-bazel
python3 -m unittest discover -s .github/scripts -p test_rusty_v8_bazel.py

- name: Prepare Bazel CI
if: runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != ''
id: prepare_bazel
uses: ./.github/actions/prepare-bazel-ci
with:
target: ${{ matrix.target }}
cache-scope: bazel-${{ github.job }}
install-test-prereqs: "true"
- name: Check MODULE.bazel.lock is up to date
if: matrix.os == 'ubuntu-24.04' && matrix.target == 'x86_64-unknown-linux-gnu'
if: (runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != '') && matrix.os == 'ubuntu-24.04' && matrix.target == 'x86_64-unknown-linux-gnu'
shell: bash
run: ./scripts/check-module-bazel-lock.sh

- name: bazel test //...
if: runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != ''
env:
BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
shell: bash
Expand Down Expand Up @@ -106,7 +117,7 @@ jobs:
"${bazel_targets[@]}"

- name: Upload Bazel execution logs
if: always() && !cancelled()
if: always() && !cancelled() && (runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != '')
continue-on-error: true
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
with:
Expand All @@ -117,7 +128,7 @@ jobs:
# Save the job-scoped Bazel repository cache after cache misses. Keep the
# upload non-fatal so cache service issues never fail the job itself.
- name: Save bazel repository cache
if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
if: always() && !cancelled() && (runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != '') && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
continue-on-error: true
uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with:
Expand All @@ -126,6 +137,8 @@ jobs:

clippy:
timeout-minutes: 30
env:
BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
strategy:
fail-fast: false
matrix:
Expand All @@ -136,24 +149,33 @@ jobs:
# that the Bazel test job uses.
- os: ubuntu-24.04
target: x86_64-unknown-linux-gnu
- os: macos-15-xlarge
- os: macos-15
target: aarch64-apple-darwin
- os: windows-latest
target: x86_64-pc-windows-gnullvm
runs-on: ${{ matrix.os }}
name: Bazel clippy on ${{ matrix.os }} for ${{ matrix.target }}

steps:
- name: Skip macOS Bazel without BuildBuddy
if: runner.os == 'macOS' && env.BUILDBUDDY_API_KEY == ''
shell: bash
run: |
echo "::notice::Skipping macOS Bazel in this fork because the hermetic Apple SDK is only available through the authenticated BuildBuddy downloader/cache path."

- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
if: runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != ''

- name: Prepare Bazel CI
if: runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != ''
id: prepare_bazel
uses: ./.github/actions/prepare-bazel-ci
with:
target: ${{ matrix.target }}
cache-scope: bazel-${{ github.job }}

- name: bazel build --config=clippy lint targets
if: runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != ''
env:
BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
shell: bash
Expand Down Expand Up @@ -190,7 +212,7 @@ jobs:
"${bazel_targets[@]}"

- name: Upload Bazel execution logs
if: always() && !cancelled()
if: always() && !cancelled() && (runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != '')
continue-on-error: true
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
with:
Expand All @@ -201,7 +223,7 @@ jobs:
# Save the job-scoped Bazel repository cache after cache misses. Keep the
# upload non-fatal so cache service issues never fail the job itself.
- name: Save bazel repository cache
if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
if: always() && !cancelled() && (runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != '') && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
continue-on-error: true
uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with:
Expand All @@ -210,30 +232,41 @@ jobs:

verify-release-build:
timeout-minutes: 30
env:
BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-24.04
target: x86_64-unknown-linux-gnu
- os: macos-15-xlarge
- os: macos-15
target: aarch64-apple-darwin
- os: windows-latest
target: x86_64-pc-windows-gnullvm
runs-on: ${{ matrix.os }}
name: Verify release build on ${{ matrix.os }} for ${{ matrix.target }}

steps:
- name: Skip macOS Bazel without BuildBuddy
if: runner.os == 'macOS' && env.BUILDBUDDY_API_KEY == ''
shell: bash
run: |
echo "::notice::Skipping macOS Bazel in this fork because the hermetic Apple SDK is only available through the authenticated BuildBuddy downloader/cache path."

- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
if: runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != ''

- name: Prepare Bazel CI
if: runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != ''
id: prepare_bazel
uses: ./.github/actions/prepare-bazel-ci
with:
target: ${{ matrix.target }}
cache-scope: bazel-${{ github.job }}

- name: bazel build verify-release-build targets
if: runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != ''
env:
BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
shell: bash
Expand Down Expand Up @@ -273,7 +306,7 @@ jobs:
"${bazel_targets[@]}"

- name: Upload Bazel execution logs
if: always() && !cancelled()
if: always() && !cancelled() && (runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != '')
continue-on-error: true
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
with:
Expand All @@ -284,7 +317,7 @@ jobs:
# Save the job-scoped Bazel repository cache after cache misses. Keep the
# upload non-fatal so cache service issues never fail the job itself.
- name: Save bazel repository cache
if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
if: always() && !cancelled() && (runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != '') && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
continue-on-error: true
uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with:
Expand Down
18 changes: 11 additions & 7 deletions .github/workflows/rust-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,8 @@ jobs:
runs-on: ${{ matrix.runs_on || matrix.runner }}
timeout-minutes: ${{ matrix.timeout_minutes }}
needs: changed
env:
BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
strategy:
fail-fast: false
matrix:
Expand All @@ -147,14 +149,11 @@ jobs:
runner: ubuntu-24.04
timeout_minutes: 30
- name: macOS
runner: macos-15-xlarge
runner: macos-15
timeout_minutes: 30
- name: Windows
runner: windows-x64
runner: windows-latest
timeout_minutes: 30
runs_on:
group: codex-runners
labels: codex-windows-x64
steps:
- name: Check whether argument comment lint should run
id: argument_comment_lint_gate
Expand All @@ -170,10 +169,15 @@ jobs:

echo "No argument-comment-lint relevant changes."
echo "run=false" >> "$GITHUB_OUTPUT"
- name: Skip macOS argument comment lint without BuildBuddy
if: steps.argument_comment_lint_gate.outputs.run == 'true' && runner.os == 'macOS' && env.BUILDBUDDY_API_KEY == ''
shell: bash
run: |
echo "::notice::Skipping macOS argument comment lint in this fork because the hermetic Apple SDK is only available through the authenticated BuildBuddy downloader/cache path."
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
if: ${{ steps.argument_comment_lint_gate.outputs.run == 'true' }}
if: steps.argument_comment_lint_gate.outputs.run == 'true' && (runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != '')
- name: Run argument comment lint on codex-rs via Bazel
if: ${{ steps.argument_comment_lint_gate.outputs.run == 'true' }}
if: steps.argument_comment_lint_gate.outputs.run == 'true' && (runner.os != 'macOS' || env.BUILDBUDDY_API_KEY != '')
uses: ./.github/actions/run-argument-comment-lint
with:
target: ${{ runner.os }}
Expand Down
4 changes: 1 addition & 3 deletions .github/workflows/sdk.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,7 @@ on:

jobs:
sdks:
runs-on:
group: codex-runners
labels: codex-linux-x64
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
- name: Checkout repository
Expand Down
5 changes: 5 additions & 0 deletions AGENTS.md
Original file line number Diff line number Diff line change
@@ -1,16 +1,19 @@
# rawr-ai/codex Router

## Scope

- Applies to this repo root (`./**`) unless a deeper `AGENTS.md` exists in the working directory subtree.

## Operating Invariants (Non-Negotiable)

- MUST use Graphite (`gt`) for all work in this repo.
- MUST start any new stack from `codex/integration-upstream-main` via `gt create`.
- Exception: only stack on an existing PR branch when the change is tightly coupled and intended to merge together.
- NEVER start unrelated work on a branch that already has an unrelated PR attached.
- MUST keep the repo clean (no dirty worktree) when finishing a task/turn.

## Process Rules

- Entry (always):
- `git status --porcelain`
- `gt branch info --no-interactive`
Expand All @@ -21,11 +24,13 @@
- Use `gt modify` / `gt submit` for commits and PR updates.

## Routing

- Human-friendly workflows and setup pathways: `docs/agents.md` (root `agents.md` collides with `AGENTS.md` on case-insensitive filesystems)
- rawr fork workflows and runbooks: `rawr/AGENTS.md`
- Rust/Codex workspace rules (clippy/tests/docs/schema): `codex-rs/AGENTS.md`
- AGENTS mechanics/precedence reference: `docs/agents_md.md`

## Ownership

- Scope owner: rawr maintainers
- Update cadence: when workflows or safety invariants change (avoid temporal status text)
Loading
Loading