zclllyybb opened a new pull request, #64323: URL: https://github.com/apache/doris/pull/64323
GitHub hosted runners can reject the bubblewrap uid-map setup used by Codex workspace-write mode, which prevents even local gh commands from running inside the automated review step. Switch the Codex invocation to danger-full-access for the ephemeral runner, keep xhigh reasoning and the Codex OSS auth sync path intact, and make the prompt require GH_TOKEN-backed gh/gh api review submission instead of GitHub MCP connector write tools. After Codex exits, reject runs that attempted github_add_review_to_pr and verify through the GitHub Reviews API that a new review was actually submitted for the current head SHA, so a completed Codex turn cannot silently pass without posting a review. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
