[codex] Publish Python runtime wheels with Python SDK releases#25906
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9748417caf
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # Publish the platform-specific Python runtime wheels before building the SDK | ||
| # package that pins them. PyPI project configuration must trust this workflow | ||
| # and job for publishing. | ||
| publish-python-runtime: |
There was a problem hiding this comment.
Validate the SDK tag before publishing
Because this job runs on every python-v* tag before build-python-sdk performs its beta-tag validation, an accidental tag such as python-v0.2.0 or python-vfoo in openai/codex will still execute the PyPI publishing step and can irreversibly upload the pinned openai-codex-cli-bin wheels before the SDK build later rejects the tag. Please gate this publish job on the same tag validation, or make it depend on a separate validation job that runs before any PyPI side effects.
Useful? React with 👍 / 👎.
| # Publish the platform-specific Python runtime wheels before building the SDK | ||
| # package that pins them. PyPI project configuration must trust this workflow | ||
| # and job for publishing. | ||
| publish-python-runtime: |
There was a problem hiding this comment.
Keep runtime publishing available before pin-update CI
Moving the only PyPI publish for openai-codex-cli-bin into this python-v* tag workflow creates a release-order deadlock for the normal SDK runtime pin update: the SDK PR workflow on pull requests runs uv sync --extra dev --frozen in .github/workflows/sdk.yml, so a PR that changes sdk/python/pyproject.toml to pin a newly released runtime will fail dependency resolution until that runtime is already on PyPI, but this job cannot run until a later Python SDK tag exists. The previous rust-release job published the runtime immediately after the rust-v* release assets were created, which made the pin-update PR installable.
Useful? React with 👍 / 👎.
## Summary - pin the Python SDK runtime package to `openai-codex-cli-bin==0.136.0` so Ubuntu/glibc installs resolve a compatible wheel - refresh generated SDK artifacts and lock data for the runtime update - keep newly generated client-message-id wire models internal to the generated protocol layer ## Dependency - merge #25906 first so the Python SDK release publishes both manylinux and musllinux runtime wheels before publishing the package with this pin ## Validation - ran `just fmt` - regenerated the Python public API helpers - validated the edited workflow YAML - CI passed 29/29 checks
e0a934c to
c16de8e
Compare
Summary
python-v*SDK releaseopenai-codex-cli-binpinRelease configuration
openai-codex-cli-binPyPI trusted publisher to trust.github/workflows/python-sdk-release.ymland thepublish-python-runtimejobPin update flow
python-sdk-releaseworkflow manually with the new runtime version before opening or updating the SDK pin PRpython-v*SDK tag republishes withskip-existing: truebefore publishing the SDK packageValidation
just fmtpublish-python-runtimeBash withbash -n0.136.0 -> rust-v0.136.0mappingpython-v0.1.0b3 -> 0.132.0 -> rust-v0.132.0mappingrust-v0.136.0contains the two required Linux package archives