Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bdafb7ab46
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| --package-dir "$package_dir" \ | ||
| --archive-output "$gzip_archive_path" \ | ||
| --archive-output "$zstd_archive_path" \ | ||
| "${resource_args[@]}" \ |
There was a problem hiding this comment.
When this script is invoked for macOS packaging paths (for example .github/workflows/rust-release.yml Build Codex package archive steps around lines 522-535 and 836-848), no resource flags are provided, so resource_args stays empty. Under set -u, Bash 3.2 (the default shell on GitHub macOS runners) treats "${resource_args[@]}" as an unbound expansion for an empty array, causing the packaging command to abort before build_codex_package.py runs. Please gate this expansion (e.g., only append the array when non-empty) so macOS release packaging does not fail.
Useful? React with 👍 / 👎.
2 participants
Why
Release packaging should be a staging step once release binaries have already been built and signed. The Windows release job was downloading and signing
codex-command-runner.exeandcodex-windows-sandbox-setup.exe, butscripts/build_codex_package.pystill rebuilt those helpers while creating the package archives.That makes the package step slower and, more importantly, risks putting helper binaries in the archive that were produced after the signing step. Linux had the same shape for package resources:
bwrapcould be rebuilt by the package builder instead of being passed in as a prebuilt release artifact.This builds on #23752, which fixes
.tar.zstcreation when Windows runners rely on the repository DotSlashzstdwrapper.What changed
--bwrap-bin--codex-command-runner-bin--codex-windows-sandbox-setup-bin.github/scripts/build-codex-package-archive.shpass resource binaries from the release output directory when they are already present.bwrapfor app-server release jobs too, so app-server package creation does not invoke Cargo just to supply the package resource.--entrypoint-binis provided, since macOS packages have no resource binaries.Verification
python3 -m unittest discover -s scripts/codex_package -p 'test_*.py'python3 -m py_compile scripts/codex_package/*.pybash -n .github/scripts/build-codex-package-archive.shStack created with Sapling. Best reviewed with ReviewStack.