chore(deps): bump the actions group across 1 directory with 3 updates

[dependabot]

Bumps the actions group with 3 updates in the / directory: docker/setup-buildx-action, docker/build-push-action and openai/codex-action.

Updates docker/setup-buildx-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.1.0

• Bump @​docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/setup-buildx-action#489
• Bump brace-expansion from 1.1.12 to 5.0.6 in docker/setup-buildx-action#547 docker/setup-buildx-action#508
• Bump fast-xml-builder from 1.0.0 to 1.2.0 in docker/setup-buildx-action#540
• Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/setup-buildx-action#496
• Bump flatted from 3.3.3 to 3.4.2 in docker/setup-buildx-action#499
• Bump glob from 10.3.12 to 13.0.6 in docker/setup-buildx-action#495
• Bump handlebars from 4.7.8 to 4.7.9 in docker/setup-buildx-action#504
• Bump lodash from 4.17.23 to 4.18.1 in docker/setup-buildx-action#523
• Bump picomatch from 4.0.3 to 4.0.4 in docker/setup-buildx-action#503
• Bump postcss from 8.5.6 to 8.5.10 in docker/setup-buildx-action#537
• Bump tar from 6.2.1 to 7.5.15 in docker/setup-buildx-action#545
• Bump undici from 6.23.0 to 6.25.0 in docker/setup-buildx-action#492
• Bump vite from 7.3.1 to 7.3.2 in docker/setup-buildx-action#520

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

Commits

• d7f5e7f Merge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 92bc5c9 chore: update generated content
• da11e35 build(deps): bump @​docker/actions-toolkit from 0.79.0 to 0.90.0
• f021e16 Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1
• b5af94f chore: update generated content
• 16ad977 build(deps): bump undici from 6.23.0 to 6.25.0
• d7a12d7 Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.0
• 28ff27d build(deps): bump glob from 10.3.12 to 13.0.6
• daf436b Merge pull request #496 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
• 9725348 chore: update generated content
• Additional commits viewable in compare view

Updates docker/build-push-action from 7.1.0 to 7.2.0

Release notes

Sourced from docker/build-push-action's releases.

v7.2.0

• Bump @​actions/core from 3.0.0 to 3.0.1 in docker/build-push-action#1525
• Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0 in docker/build-push-action#1517
• Bump brace-expansion from 2.0.2 to 5.0.6 in docker/build-push-action#1534
• Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/build-push-action#1529
• Bump fast-xml-parser from 5.5.7 to 5.8.0 in docker/build-push-action#1521
• Bump postcss from 8.5.6 to 8.5.10 in docker/build-push-action#1526
• Bump tar from 6.2.1 to 7.5.15 in docker/build-push-action#1533

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

Commits

• f9f3042 Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-t...
• 812d5fd chore: update generated content
• b6f6693 chore(deps): Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0
• c1c626e Merge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
• 51bb284 chore: update generated content
• 5f7884d chore(deps): Bump @​actions/core from 3.0.0 to 3.0.1
• e01deff Merge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-...
• 3804d49 chore: update generated content
• 71e8947 chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0
• 4925ad2 Merge pull request #1526 from docker/dependabot/npm_and_yarn/postcss-8.5.10
• Additional commits viewable in compare view

Updates openai/codex-action from 1.7 to 1.8

Changelog

Sourced from openai/codex-action's changelog.

codex-action Changelog

v1.8 (2026-04-29)

• #91 tighten what bots are allowed

v1.7 (2026-04-24)

• #89 restrict bot permission bypass

v1.6 (2026-03-16)

• #77 enable GitHub-hosted Linux bubblewrap support

v1.5 (2026-03-16)

• #74 harden shell interpolation in action workflows

v1.4 (2025-11-19)

• #58 revert #56 and use the latest stable version of Codex CLI again

v1.3 (2025-11-19)

• #56 temporarily set the default version of Codex CLI to 0.58.0

v1.2 (2025-11-07)

• #52 add baseUrl to Octokit constructor, if appropriate, for GHE

v1.1 (2025-11-05)

• #47 added support for Azure via the new responses-api-endpoint parameter
• #36 added effort parameter
• #45 pin the commit hash of the actions/setup-node action used by openai/codex-action

v1.0 (2025-10-06)

• Initial release (OpenAI DevDay 2025!)

Commits

• e0fdf01 docs: update CHANGELOG for v1.8 (#93)
• 0aa6d4a fix: tighten what bots are allowed (#91)
• See full diff in compare view

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed May 28, 2026, 9:41 AM ET / 13:41 UTC.

Summary
Updates pinned GitHub Actions refs for docker/setup-buildx-action, docker/build-push-action, and openai/codex-action across Docker release, sandbox smoke, docs agent, test-performance agent, and Mantis Telegram proof workflows.

PR surface: Config 0. Total 0 across 5 files.

Reproducibility: not applicable. this is a dependency-maintenance PR rather than a reported runtime bug. The relevant checks are upstream action provenance, workflow permissions, CI status, and any maintainer-selected workflow proof.

Review metrics: 1 noteworthy metric.

• Action upgrade surface: 3 actions upgraded across 9 workflow uses. This PR changes external action code on release publishing, sandbox smoke, docs/test-performance agent, and Mantis proof paths rather than OpenClaw runtime code.

Merge readiness
Overall: 🦐 gold shrimp
Proof: 🌊 off-meta tidepool
Patch quality: 🦐 gold shrimp
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Resolve, rerun, or explain the 9 failing check runs on the current head.
• Have release/security/automation owners review the upstream action release notes and accept the pinned SHA upgrades.

Risk before merge

• [P1] Merging changes third-party action code in workflows that publish container images, write repository contents, and receive OpenAI, GitHub, Crabbox, or Telegram proof-related secrets.
• [P1] The current PR head has 9 failed check runs, so it is not ready to merge until CI is reviewed, rerun, or fixed.
• [P1] The read-only review did not execute tag-driven Docker release publishing, sandbox image builds, docs/test-performance agent writes, or the Mantis Telegram proof workflow after the action upgrades.

Maintainer options:

1. Resolve CI and owner-accept the upgrades (recommended)
   Get the failing checks green or explained, then have release/security/automation owners accept the pinned Docker and Codex action releases before merge.
2. Request targeted workflow proof
   Run a targeted Docker release or sandbox smoke and one Codex-agent workflow smoke if maintainers want runtime proof beyond ordinary CI.
3. Split the grouped bump
   Close or pause this grouped update and let narrower Dependabot PRs land separately if owners want Docker and Codex action changes reviewed independently.

Next step before merge

• [P2] The remaining action is human acceptance of privileged third-party action upgrades plus CI follow-up; there is no narrow automated code repair evident from the diff.

Security
Needs attention: No suspicious unrelated code was found, but this PR changes third-party action code that executes with write tokens or secrets, so maintainer supply-chain acceptance is required.

Review details

Best possible solution:

Merge only after CI is green and release/security/automation owners accept the SHA-pinned upstream action upgrades, or split the grouped bump if they want separate Docker and Codex action review.

Do we have a high-confidence way to reproduce the issue?

Not applicable; this is a dependency-maintenance PR rather than a reported runtime bug. The relevant checks are upstream action provenance, workflow permissions, CI status, and any maintainer-selected workflow proof.

Is this the best way to solve the issue?

Yes, the pin-only Dependabot update is the narrow way to take these action releases. It is not sufficient to merge until the failed checks and privileged action-code review are handled.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 76ebc149567b.

Label changes

Label changes:

• add rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🌊 off-meta tidepool and patch quality is 🦐 gold shrimp.
• remove rating: 🐚 platinum hermit: Current PR rating is rating: 🦐 gold shrimp, so this older rating label is no longer current.

Label justifications:

• P3: This is low-scope dependency maintenance, but it still needs maintainer review because it touches automation workflows.
• merge-risk: 🚨 automation: The PR changes action code used by Docker release publishing, sandbox smoke, docs-agent, test-performance-agent, and Mantis automation workflows.
• merge-risk: 🚨 security-boundary: The bumped Docker and Codex actions run in workflows with write tokens or sensitive secrets, so maintainers need to accept the updated execution boundary before merge.
• rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🌊 off-meta tidepool and patch quality is 🦐 gold shrimp.
• status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Not applicable: Dependabot bot PRs do not need contributor real-behavior proof; any workflow execution proof is a maintainer validation choice for this automation update.

Evidence reviewed

PR surface:

Config 0. Total 0 across 5 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	0	0	0	0
Tests	0	0	0	0
Docs	0	0	0	0
Config	5	11	11	0
Generated	0	0	0	0
Other	0	0	0	0
Total	5	11	11	0

Security concerns:

• [medium] Review privileged third-party action upgrades — .github/workflows/docker-release.yml:87
  The bumped Docker and Codex actions run in release, agent, and Mantis workflows with package write access, repository write access, OpenAI keys, GitHub tokens, and Crabbox/Telegram proof-related secrets; the refs are pinned and tag-verified, but the updated upstream code remains a supply-chain review surface.
  Confidence: 0.9

What I checked:

• PR diff is limited to action ref bumps: The patch changes only GitHub Actions uses: refs for three third-party actions across five workflow files; no runtime source, docs, package, or lockfile content is changed. (.github/workflows/docker-release.yml:87, 41fe16001250)
• Current main does not contain the proposed action pins: Current main still references the old Docker and Codex action SHAs; rg found none of the proposed new SHAs under .github/workflows. (.github/workflows/docker-release.yml:87, 76ebc149567b)
• Docker release workflow is privileged publishing automation: docker-release.yml grants packages: write, logs into GHCR with GITHUB_TOKEN, and uses the bumped Docker build action for pushed SBOM/provenance image builds. (.github/workflows/docker-release.yml:73, 76ebc149567b)
• Codex action runs with write tokens and secrets: The docs and test-performance agent workflows run openai/codex-action with contents: write and OpenAI keys, while the Mantis workflow passes GitHub, Crabbox, and Telegram proof-related secrets into the same action surface. (.github/workflows/mantis-telegram-desktop-proof.yml:448, 76ebc149567b)
• Upstream tag provenance checked: git ls-remote confirms the proposed Docker SHAs match v4.1.0 and v7.2.0; the proposed Codex Action SHA is the dereferenced v1.8 tag commit.
• Codex Action dependency contract reviewed: openai/codex-action v1.8 changes the trusted bot allowlist by removing dependabot[bot] from the generic allow-bots bypass, which is relevant to workflows that use the action as an authorization and execution boundary. (e0fdf01220eb)

Likely related people:

• steipete: Current-main blame for the action pins in the touched workflows points to Peter Steinberger's workflow import commit, making him the strongest routing signal for the affected automation surface. (role: introduced workflow surface; confidence: high; commits: 9ebf51efe9ac; files: .github/workflows/docker-release.yml, .github/workflows/docs-agent.yml, .github/workflows/test-performance-agent.yml)
• vincentkoc: Recent commits on the Mantis Telegram proof workflow changed security-sensitive reference validation and CodeQL-related behavior in the same automation area. (role: recent security automation contributor; confidence: medium; commits: 4bd711e1c424, 3844e035bb0f, b008989bef07; files: .github/workflows/mantis-telegram-desktop-proof.yml)
• Ayaan Zaidi: A recent commit modified docker-release.yml to publish browser release images, adjacent to the Docker action bump surface. (role: recent Docker release workflow contributor; confidence: medium; commits: dc31f73b394a; files: .github/workflows/docker-release.yml)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg: 🔥 warming; proof passed, review follow-up or readiness checks remain. Hatch with @clawsweeper hatch when eligible.

Rules and details

Hatchability:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

About:

• Eggs appear after real-behavior proof passes. They are collectible flavor only.
• Review momentum changes the shell state: follow-up work warms it, re-review makes it wobble, and a clean final review lets it hatch.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.