Conversation
Add first-party validation and a separate CI Success workflow for the action bundle. Co-authored-by: Codex <noreply@openai.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8b777933e8
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| - uses: actions/setup-node@v6 | ||
| with: | ||
| node-version: 24 |
There was a problem hiding this comment.
Use the same Node major as the action runtime when validating bundles. action.yml declares runs.using: node20, but this workflow installs Node 24 before node --check, so newer syntax can pass CI yet crash when the action executes on GitHub's Node 20 runtime.
Useful? React with 👍 / 👎.
| statuses: read | ||
| steps: | ||
| - name: Wait for all PR checks | ||
| uses: promptfoo/.github/.github/actions/ci-success@main |
There was a problem hiding this comment.
Avoid @main for workflow actions. Referencing a moving branch lets upstream changes alter or break PR-gating behavior without changes in this repo, and if the upstream branch is compromised it can execute attacker-controlled logic in CI. Pin to a commit SHA for integrity.
Useful? React with 👍 / 👎.
1 participant
Summary