Skip to content

fix(codex): checkout and push to PR branch instead of main#122

Merged
stranske merged 1 commit intomainfrom
fix/codex-pr-branch
Dec 24, 2025
Merged

fix(codex): checkout and push to PR branch instead of main#122
stranske merged 1 commit intomainfrom
fix/codex-pr-branch

Conversation

@stranske
Copy link
Copy Markdown
Owner

@stranske stranske commented Dec 24, 2025
edited by agents-workflows-bot bot
Loading

Summary

Fixes the critical issue where Codex changes were being pushed to main instead of the PR branch.

Problem

When the Keepalive loop runs Codex via workflow_run trigger:

  1. github.ref is refs/heads/main (the branch of the completed workflow)
  2. The reusable workflow checked out and pushed to main
  3. This fails with GH013 repository rule violations (main is protected)

Solution

  • Added pr_ref input to reusable-codex-run.yml
  • Updated checkout to use pr_ref if provided
  • Updated push to target the correct branch (PR branch, not main)
  • Updated keepalive_loop.js to return prRef from PR data
  • Updated agents-keepalive-loop.yml to pass pr_ref to the Codex workflow

Testing

This will fix the failing Keepalive runs on PR #103 where Codex was making changes but failing to push them.

Refs: #103

Automated Status Summary

Scope

  • Context / problem:
  • - The Automated Status Summary in PR bodies currently only shows workflow run results
  • - When the CLI-based Codex (via reusable-codex-run.yml) completes iterations, there's no visibility into:
  • - What tasks Codex completed in each round
  • - The final message/output from Codex
  • - How many files were changed
  • - Whether commits were pushed successfully
  • - This makes it hard to track CLI Codex progress vs the UI version
  • - The keepalive loop evaluation outputs (iteration count, tasks remaining, etc.) are logged but not surfaced to the PR summary
  • Goal:
  • - Capture CLI Codex outputs and integrate them into the Automated Status Summary
  • - Provide visibility into Codex iteration progress and outcomes
  • - Show what changed in each round

Tasks

  • Update reusable-codex-run.yml to emit structured outputs:
  • Add output for final-message from Codex action
  • Add output for files-changed (count of modified files)
  • Add output for commits-pushed (boolean)
  • Write iteration summary to GITHUB_STEP_SUMMARY
  • Create new section in PR body for CLI Codex status:
  • Add <!-- codex-cli-status:start --> / <!-- codex-cli-status:end --> markers
  • Show last iteration number and outcome
  • Show tasks completed this round
  • Show link to workflow run logs
  • Update agents_pr_meta_update_body.js to populate the new section:
  • Fetch latest keepalive loop run results
  • Extract Codex outputs from workflow artifacts or step summaries
  • Format and insert into PR body
  • Update keepalive_loop.js to pass iteration context to the summary:
  • Include current iteration number in output
  • Include tasks remaining count
  • Include estimated rounds to completion
  • Add tests for the new integration:
  • Test output extraction from workflow runs
  • Test PR body section formatting
  • Test edge cases (no Codex runs, failed runs, etc.)

Acceptance criteria

  • CLI Codex iterations are visible in the PR body Automated Status Summary
  • Each iteration shows: round number, tasks attempted, outcome, and link to logs
  • The summary updates automatically after each keepalive loop run
  • Existing UI Codex tracking (if any) continues to work
  • Head SHA: 2fc7361
  • Latest Runs: ✅ success — Gate
  • Required: gate: ✅ success
  • | Workflow / Job | Result | Logs |
  • |----------------|--------|------|
  • | Agents PR meta manager | ❔ in progress | View run |
  • | CI Autofix Loop | ✅ success | View run |
  • | Gate | ✅ success | View run |
  • | Health 40 Sweep | ✅ success | View run |
  • | Health 44 Gate Branch Protection | ✅ success | View run |
  • | Health 45 Agents Guard | ✅ success | View run |
  • | Health 50 Security Scan | ✅ success | View run |
  • | Maint 52 Validate Workflows | ❌ failure | View run |
  • | PR 11 - Minimal invariant CI | ✅ success | View run |
  • | Selftest CI | ✅ success | View run |

Head SHA: ce6ef18
Latest Runs: ✅ success — Gate
Required: gate: ✅ success

Workflow / Job Result Logs
Agents PR meta manager ❔ in progress View run
CI Autofix Loop ✅ success View run
Copilot code review ❔ in progress View run
Gate ✅ success View run
Health 40 Sweep ✅ success View run
Health 44 Gate Branch Protection ✅ success View run
Health 45 Agents Guard ✅ success View run
Health 50 Security Scan ✅ success View run
Maint 52 Validate Workflows ❌ failure View run
PR 11 - Minimal invariant CI ✅ success View run
Selftest CI ✅ success View run

@stranske
fix(codex): checkout and push to PR branch instead of main
ce6ef18 
The reusable Codex workflow was checking out the default branch (main) and
trying to push there, which fails for workflow_run events on PRs.

Changes:
- Added pr_ref input to reusable-codex-run.yml to specify the target branch
- Updated checkout to use pr_ref if provided
- Updated push to target the correct branch
- Updated keepalive_loop.js to return prRef from PR data
- Updated agents-keepalive-loop.yml to pass pr_ref to Codex workflow

This ensures Codex changes are pushed to the PR branch, not main.
Copilot AI review requested due to automatic review settings December 24, 2025 18:27
@stranske stranske temporarily deployed to agent-high-privilege December 24, 2025 18:27 — with GitHub Actions Inactive
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Dec 24, 2025

Automated Status Summary

Head SHA: 2ac348d
Latest Runs: ⏳ pending — Gate
Required contexts: Gate / gate, Health 45 Agents Guard / Enforce agents workflow protections
Required: core tests (3.11): ⏳ pending, core tests (3.12): ⏳ pending, docker smoke: ⏳ pending, gate: ⏳ pending

Workflow / Job Result Logs
(no jobs reported) ⏳ pending

Coverage Overview

  • Coverage history entries: 1

Coverage Trend

Metric Value
Current 77.97%
Baseline 0.00%
Delta +77.97%
Minimum 70.00%
Status ✅ Pass

Updated automatically; will refresh on subsequent CI/Docker completions.

Keepalive checklist

Scope

No scope information available

Tasks

  • No tasks defined

Acceptance criteria

  • No acceptance criteria defined

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Dec 24, 2025

🤖 Keepalive Loop Status

PR #122 | Iteration 0/5

Current State

Metric Value
Action wait (missing-agent-label)
Gate success
Tasks 0/41 complete
Keepalive ❌ disabled
Autofix ❌ disabled

@stranske stranske merged commit 594627c into main Dec 24, 2025
117 of 118 checks passed
@stranske stranske deleted the fix/codex-pr-branch branch December 24, 2025 18:29
Copilot AI reviewed Dec 24, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a critical issue where Codex changes were being pushed to the protected main branch instead of the PR branch, causing GH013 repository rule violations. The fix adds proper branch tracking through the workflow chain.

Key changes:

  • Added pr_ref input parameter to the reusable Codex workflow to accept the target branch
  • Updated the keepalive evaluation script to extract and return the PR's head branch reference
  • Modified the checkout and push logic to use the PR branch when available, with appropriate fallbacks

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
.github/workflows/reusable-codex-run.yml Added pr_ref input parameter, updated checkout to use PR branch, and modified push logic to target the correct branch instead of defaulting to main
.github/workflows/agents-keepalive-loop.yml Added pr_ref to job outputs and passed it through to the Codex workflow
.github/scripts/keepalive_loop.js Extracted and returned the PR head branch reference from the GitHub API response

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/reusable-codex-run.yml
default: ''
type: string
pr_ref:
description: 'The branch/ref to checkout and push to (e.g., refs/heads/feature-branch).'
Copy link

Copilot AI Dec 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The description states that the expected format is refs/heads/feature-branch, but the actual value being passed from the JavaScript code is just the branch name without the refs/heads/ prefix. While the checkout action can handle both formats, the description should be updated to reflect the actual format being used for clarity and accuracy. Consider updating the example to just feature-branch to match the implementation.

Suggested change
description: 'The branch/ref to checkout and push to (e.g., refs/heads/feature-branch).'
description: 'The branch to checkout and push to (e.g., feature-branch).'

Copilot uses AI. Check for mistakes.
@stranske stranske mentioned this pull request Dec 24, 2025
Merged
39 tasks
@stranske stranske mentioned this pull request Jan 8, 2026
Merged
70 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stranske