Skip to content

ci: sync Bazel clippy lints and fix uncovered violations#16351

Merged
bolinfest merged 1 commit intomainfrom
pr16351
Apr 1, 2026
Merged

ci: sync Bazel clippy lints and fix uncovered violations#16351
bolinfest merged 1 commit intomainfrom
pr16351

Conversation

@bolinfest
Copy link
Copy Markdown
Collaborator

@bolinfest bolinfest commented Mar 31, 2026
edited
Loading

Why

Follow-up to #16345, the Bazel clippy rollout in #15955, and the cleanup pass in #16353.

cargo clippy was enforcing the workspace deny-list from codex-rs/Cargo.toml because the member crates opt into [lints] workspace = true, but Bazel clippy was only using rules_rust plus clippy.toml. That left the Bazel lane vulnerable to drift: clippy.toml can tune lint behavior, but it cannot set allow/warn/deny/forbid levels.

This PR now closes both sides of the follow-up. It keeps .bazelrc in sync with [workspace.lints.clippy], and it fixes the real clippy violations that the newly-synced Windows Bazel lane surfaced once that deny-list started matching Cargo.

What Changed

  • added .github/scripts/verify_bazel_clippy_lints.py, a Python check that parses codex-rs/Cargo.toml with tomllib, reads the Bazel build:clippy clippy_flag entries from .bazelrc, and reports missing, extra, or mismatched lint levels
  • ran that verifier from the lightweight ci.yml workflow so the sync check does not depend on a Rust toolchain being installed first
  • expanded the .bazelrc comment to explain the Cargo workspace = true linkage and why Bazel needs the deny-list duplicated explicitly
  • fixed the Windows-only codex-windows-sandbox violations that Bazel clippy reported after the sync, using the same style as ci: verify codex-rs Cargo manifests inherit workspace settings #16353: inline format! args, method references instead of trivial closures, removed redundant clones, and replaced SID conversion unwrap and expect calls with proper errors
  • cleaned up the remaining cross-platform violations the Bazel lane exposed in codex-backend-client and core_test_support

Testing

Key new test introduced by this PR:

python3 .github/scripts/verify_bazel_clippy_lints.py

@bolinfest bolinfest changed the base branch from main to pr16353 March 31, 2026 16:59
@bolinfest bolinfest mentioned this pull request Mar 31, 2026
Merged
@bolinfest bolinfest force-pushed the pr16353 branch 2 times, most recently from b977dc9 to af3f6cb Compare March 31, 2026 21:08
@bolinfest bolinfest force-pushed the pr16351 branch 2 times, most recently from 1f748b1 to d4f9746 Compare March 31, 2026 21:22
Base automatically changed from pr16353 to main March 31, 2026 21:59
bolinfest added a commit that referenced this pull request Mar 31, 2026
@bolinfest
ci: verify codex-rs Cargo manifests inherit workspace settings (#16353)
9a8730f 
## Why

Bazel clippy now catches lints that `cargo clippy` can still miss when a
crate under `codex-rs` forgets to opt into workspace lints. The concrete
example here was `codex-rs/app-server/tests/common/Cargo.toml`: Bazel
flagged a clippy violation in `models_cache.rs`, but Cargo did not
because that crate inherited workspace package metadata without
declaring `[lints] workspace = true`.

We already mirror the workspace clippy deny list into Bazel after
[#15955](#15955), so we also need a
repo-side check that keeps every `codex-rs` manifest opted into the same
workspace settings.

## What changed

- add `.github/scripts/verify_cargo_workspace_manifests.py`, which
parses every `codex-rs/**/Cargo.toml` with `tomllib` and verifies:
  - `version.workspace = true`
  - `edition.workspace = true`
  - `license.workspace = true`
  - `[lints] workspace = true`
- top-level crate names follow the `codex-*` / `codex-utils-*`
conventions, with explicit exceptions for `windows-sandbox-rs` and
`utils/path-utils`
- run that script in `.github/workflows/ci.yml`
- update the current outlier manifests so the check is enforceable
immediately
- fix the newly exposed clippy violations in the affected crates
(`app-server/tests/common`, `file-search`, `feedback`,
`shell-escalation`, and `debug-client`)






---
[//]: # (BEGIN SAPLING FOOTER)
Stack created with [Sapling](https://sapling-scm.com). Best reviewed
with [ReviewStack](https://reviewstack.dev/openai/codex/pull/16353).
* #16351
* __->__ #16353
@bolinfest bolinfest changed the title ci: verify Bazel clippy lints stay synced with Cargo workspace ci: sync Bazel clippy lints and fix uncovered violations Mar 31, 2026
@bolinfest bolinfest merged commit 2e942ce into main Apr 1, 2026
36 of 44 checks passed
@bolinfest bolinfest deleted the pr16351 branch April 1, 2026 00:09
@github-actions github-actions bot locked and limited conversation to collaborators Apr 1, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@etraut-openai etraut-openai Awaiting requested review from etraut-openai

@jif-oai jif-oai Awaiting requested review from jif-oai

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bolinfest