From d91385dd48b67cbe72be1e01f437b012a5ca7501 Mon Sep 17 00:00:00 2001 From: Pigbibi <20649888+Pigbibi@users.noreply.github.com> Date: Sun, 24 May 2026 00:54:40 +0800 Subject: [PATCH] Dispatch Codex bridge workflow with actions permission --- .github/workflows/monthly_publish.yml | 17 ++++++++++------- tests/test_monthly_publish_workflow_config.py | 7 ++++--- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/.github/workflows/monthly_publish.yml b/.github/workflows/monthly_publish.yml index f6bc3bc..1c147bd 100644 --- a/.github/workflows/monthly_publish.yml +++ b/.github/workflows/monthly_publish.yml @@ -196,7 +196,7 @@ jobs: owner: ${{ github.repository_owner }} repositories: | CryptoCodexAuditBridge - permission-contents: write + permission-actions: write - name: Trigger Monthly Review Automation if: success() && env.PUBLISH_ENABLED != 'false' @@ -247,7 +247,7 @@ jobs: token = os.environ.get("APP_TOKEN", "").strip() or os.environ.get("CODEX_AUDIT_DISPATCH_TOKEN", "").strip() if not token: raise RuntimeError( - "Codex review dispatch requires either a GitHub App token or CODEX_AUDIT_DISPATCH_TOKEN" + "Codex review workflow dispatch requires either a GitHub App token or CODEX_AUDIT_DISPATCH_TOKEN" ) target_repository = os.environ["TARGET_REPOSITORY"].strip() if not re.fullmatch(r"[A-Za-z0-9_.-]+/[A-Za-z0-9_.-]+", target_repository): @@ -256,17 +256,20 @@ jobs: if mode not in {"review_only", "review_and_fix"}: raise RuntimeError(f"Unsupported Codex review mode: {mode}") payload = { - "event_type": "monthly-review-created", - "client_payload": { + "ref": "main", + "inputs": { "source_repo": os.environ["GITHUB_REPOSITORY"], "source_ref": os.environ["GITHUB_REF_NAME"], "issue_number": os.environ["ISSUE_NUMBER"], - "issue_url": os.environ["ISSUE_URL"], "mode": mode, - "auto_merge": os.environ["AUTO_MERGE"].strip().lower() == "true", + "auto_merge": str(os.environ["AUTO_MERGE"].strip().lower() == "true").lower(), }, } - status = dispatch(token, f"https://api.github.com/repos/{target_repository}/dispatches", payload) + status = dispatch( + token, + f"https://api.github.com/repos/{target_repository}/actions/workflows/selfhosted_monthly_review.yml/dispatches", + payload, + ) if status not in (201, 204): raise RuntimeError(f"Unexpected Codex dispatch status: {status}") print( diff --git a/tests/test_monthly_publish_workflow_config.py b/tests/test_monthly_publish_workflow_config.py index bdd5328..69cd07e 100644 --- a/tests/test_monthly_publish_workflow_config.py +++ b/tests/test_monthly_publish_workflow_config.py @@ -44,7 +44,7 @@ def test_monthly_review_issue_creation_does_not_require_gh_cli(self) -> None: self.assertIn("CROSS_REPO_GITHUB_APP_PRIVATE_KEY", workflow) self.assertIn("actions/create-github-app-token@v3", workflow) self.assertIn("CryptoCodexAuditBridge", workflow) - self.assertIn("permission-contents: write", workflow) + self.assertIn("permission-actions: write", workflow) self.assertIn("APP_TOKEN", workflow) self.assertIn("Trigger Monthly Review Automation", workflow) self.assertIn("CODEX_AUDIT_DISPATCH_TOKEN", workflow) @@ -53,8 +53,9 @@ def test_monthly_review_issue_creation_does_not_require_gh_cli(self) -> None: self.assertIn("Codex monthly review dispatch failed", workflow) self.assertIn("legacy API review fallback", workflow) self.assertIn("legacy API fallback is disabled", workflow) - self.assertIn("monthly-review-created", workflow) - self.assertIn("/repos/{target_repository}/dispatches", workflow) + self.assertIn("selfhosted_monthly_review.yml", workflow) + self.assertIn("/actions/workflows/selfhosted_monthly_review.yml/dispatches", workflow) + self.assertNotIn("/repos/{target_repository}/dispatches", workflow) self.assertIn("LEGACY_API_REVIEW_ENABLED", workflow) self.assertIn("/actions/workflows/ai_review.yml/dispatches", workflow)