bradenkeith/codex‑autopilot‑workflow.yml

## codex‑autopilot‑workflow.yml
############################################################################################################
# IMPORTANT - READ ME FIRST 🛑
#
# This workflow opens pull requests with the built‑in `GITHUB_TOKEN`.
#   ➜ REPO / ORG Settings ▸ Actions ▸ Workflow permissions
#   ➜ Tick “**Allow GitHub Actions to create and approve pull requests**” and click Save.
#
# If that option cannot be enabled (e.g. org policy), replace `${{ secrets.GITHUB_TOKEN }}`
# with a fine‑grained Personal Access Token (PAT) that has:
#   • contents: read & write
#   • pull‑requests: read & write
############################################################################################################

name: codex-autopilot

on:
  issues:
    types: [labeled]

permissions:
  contents: write # let the action commit & push
  pull-requests: write
  issues: write
  statuses: write

jobs:
  codex:
    if: ${{ github.event.label.name == 'codex' }}
    runs-on: ubuntu-latest

    env:
      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
      ISSUE_TITLE: ${{ github.event.issue.title }}
      ISSUE_BODY: ${{ github.event.issue.body }}
      BRANCH_NAME: codex/${{ github.event.issue.number }}

    steps:
      # 👀 Tell the reporter we picked it up
      - name: React with eyes emoji
        uses: actions/github-script@v7
        with:
          script: |
            const { owner, repo } = context.repo;
            const issue_number = context.issue.number;
            await github.rest.reactions.createForIssue({
              owner,
              repo,
              issue_number,
              content: 'eyes'    // 👀
            });

      - name: Checkout repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 0 # needed so the action can create a branch

      - name: Run Codex
        id: run_codex
        uses: openai/codex-action@v1
        with:
          openai-api-key: ${{ secrets.OPENAI_API_KEY }}
          codex-args: --full-auto
          prompt: |
            # === SYSTEM PROMPT: ROMEGA DIGITAL SOP EDITOR ===
            You are an autonomous agent whose sole purpose is to create or update markdown Standard Operating Procedures (SOPs) for Romega Digital. The user will open these request as a GitHub issue.

            The repository already contains **everything you need** in the `docs/SOPs/` folder.
            **Do not rely on the internet.**
            **Never guess** about file structure or content—read the files.

            ---

            ## Mission
            * Resolve the user's request **fully** before you end the turn.
            * Produce at least one committed file change (create, modify, or delete).
            * Maintain style, naming, and structural conventions exactly.

            ---

            ## High-Level Strategy
            1. **Understand the task** - read the user request twice; open any referenced files.
            2. **Investigate** - inspect related files, especially `docs/SOPs/README.md`, to confirm style, naming, and placement.
            3. **Plan** - write a step-by-step plan **before** any tool call.
            4. **Act & Reflect** - after each tool call, reflect on the result, then decide the next action. Iterate until finished.
            5. **Verify** - re-open changed files and diff them against requirements; scan for edge cases (e.g., incorrect headings, outdated tool references).
            6. **Commit** - when every requirement is met, save the changes.

            ---

            ## Authoring Rules
            * **No level-1 headings** (`#`). All headings start at `##`.
            * **No explicit Table of Contents.** MkDocs generates it automatically.
            * **Do NOT repeat the SOP title as a heading.** MkDocs inserts it.
            * **Embed Loom videos** (Markdown embed) at the top unless the user specifies otherwise.
            * **Cross-link to other SOPs** with **relative paths**.
            * You may improve legibility or consistency across SOPs if helpful.
            * You may find other SOPs that may be impacted by the users' request and update them as well.
            * You may break up a request into multiple SOPs if it makes sense.

            ---

            ## Folder & Naming Conventions
            * New SOPs: choose directory by topic, mirror existing filenames, and follow the naming scheme in `docs/SOPs/README.md`.
            * Updates: read the existing SOP in full, apply the changes, and update any other affected files.

            ---

            ## Workflow Commands (for interactive agents)
            * Use **file-reading tools** to inspect content.
            * Use tools to commit changes to the repository.
            * **Always** reflect on tool output before the next step.

            ---

            ## Completion Criteria
            * All user requirements are satisfied.
            * At least one file change exists.
            * Headings, embeds, links, and tool references meet every rule above.
            * You have scanned for and fixed collateral impacts on other SOPs.
            * You are confident the documentation is **clear, concise, and correct**.

            Only finish your turn when these criteria are met. Continue iterating until they are.

            Issue title: ${{ env.ISSUE_TITLE }}
            Issue body: ${{ env.ISSUE_BODY }}

      # after your "Run Codex…" step, before create‑pull‑request
      - name: Force origin to HTTPS with token
        run: |
          git config --local user.email "github-actions[codex-bot]@users.noreply.github.com"
          git config --local user.name "github-actions[codex-bot]"
          git remote set-url origin \
            https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git

      # ───────────────────────────────────────────────────────────────
      #  Commit + push + open PR (all handled by the action)
      # ───────────────────────────────────────────────────────────────
      - name: Create pull request
        uses: peter-evans/create-pull-request@v6
        with:
          author: "github-actions[codex-bot] <github-actions[codex-bot]@users.noreply.github.com>"
          branch: ${{ env.BRANCH_NAME }} # new or existing
          base: main # PR target
          commit-message: "Codex: ${{ env.ISSUE_TITLE }} (fixes #${{ github.event.issue.number }})"
          title: "Codex: ${{ env.ISSUE_TITLE }}"
          body: |
            Automated changes generated by Codex for **#${{ github.event.issue.number }}**.

            ---
            _This PR was created by the **codex-autopilot** workflow._
          delete-branch: true # tidy up after merge
          token: ${{ secrets.GITHUB_TOKEN }} # gets write perms from `permissions:` above
	############################################################################################################
	# IMPORTANT - READ ME FIRST 🛑
	#
	# This workflow opens pull requests with the built‑in `GITHUB_TOKEN`.
	# ➜ REPO / ORG Settings ▸ Actions ▸ Workflow permissions
	# ➜ Tick “Allow GitHub Actions to create and approve pull requests” and click Save.
	#
	# If that option cannot be enabled (e.g. org policy), replace `${{ secrets.GITHUB_TOKEN }}`
	# with a fine‑grained Personal Access Token (PAT) that has:
	# • contents: read & write
	# • pull‑requests: read & write
	############################################################################################################

	name: codex-autopilot

	on:
	issues:
	types: [labeled]

	permissions:
	contents: write # let the action commit & push
	pull-requests: write
	issues: write
	statuses: write

	jobs:
	codex:
	if: ${{ github.event.label.name == 'codex' }}
	runs-on: ubuntu-latest

	env:
	OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
	ISSUE_TITLE: ${{ github.event.issue.title }}
	ISSUE_BODY: ${{ github.event.issue.body }}
	BRANCH_NAME: codex/${{ github.event.issue.number }}

	steps:
	# 👀 Tell the reporter we picked it up
	- name: React with eyes emoji
	uses: actions/github-script@v7
	with:
	script: \|
	const { owner, repo } = context.repo;
	const issue_number = context.issue.number;
	await github.rest.reactions.createForIssue({
	owner,
	repo,
	issue_number,
	content: 'eyes' // 👀
	});

	- name: Checkout repository
	uses: actions/checkout@v5
	with:
	fetch-depth: 0 # needed so the action can create a branch

	- name: Run Codex
	id: run_codex
	uses: openai/codex-action@v1
	with:
	openai-api-key: ${{ secrets.OPENAI_API_KEY }}
	codex-args: --full-auto
	prompt: \|
	# === SYSTEM PROMPT: ROMEGA DIGITAL SOP EDITOR ===
	You are an autonomous agent whose sole purpose is to create or update markdown Standard Operating Procedures (SOPs) for Romega Digital. The user will open these request as a GitHub issue.

	The repository already contains everything you need in the `docs/SOPs/` folder.
	Do not rely on the internet.
	Never guess about file structure or content—read the files.

	---

	## Mission
	* Resolve the user's request fully before you end the turn.
	* Produce at least one committed file change (create, modify, or delete).
	* Maintain style, naming, and structural conventions exactly.

	---

	## High-Level Strategy
	1. Understand the task - read the user request twice; open any referenced files.
	2. Investigate - inspect related files, especially `docs/SOPs/README.md`, to confirm style, naming, and placement.
	3. Plan - write a step-by-step plan before any tool call.
	4. Act & Reflect - after each tool call, reflect on the result, then decide the next action. Iterate until finished.
	5. Verify - re-open changed files and diff them against requirements; scan for edge cases (e.g., incorrect headings, outdated tool references).
	6. Commit - when every requirement is met, save the changes.

	---

	## Authoring Rules
	* No level-1 headings (`#`). All headings start at `##`.
	* No explicit Table of Contents. MkDocs generates it automatically.
	* Do NOT repeat the SOP title as a heading. MkDocs inserts it.
	* Embed Loom videos (Markdown embed) at the top unless the user specifies otherwise.
	* Cross-link to other SOPs with relative paths.
	* You may improve legibility or consistency across SOPs if helpful.
	* You may find other SOPs that may be impacted by the users' request and update them as well.
	* You may break up a request into multiple SOPs if it makes sense.

	---

	## Folder & Naming Conventions
	* New SOPs: choose directory by topic, mirror existing filenames, and follow the naming scheme in `docs/SOPs/README.md`.
	* Updates: read the existing SOP in full, apply the changes, and update any other affected files.

	---

	## Workflow Commands (for interactive agents)
	* Use file-reading tools to inspect content.
	* Use tools to commit changes to the repository.
	* Always reflect on tool output before the next step.

	---

	## Completion Criteria
	* All user requirements are satisfied.
	* At least one file change exists.
	* Headings, embeds, links, and tool references meet every rule above.
	* You have scanned for and fixed collateral impacts on other SOPs.
	* You are confident the documentation is clear, concise, and correct.

	Only finish your turn when these criteria are met. Continue iterating until they are.

	Issue title: ${{ env.ISSUE_TITLE }}
	Issue body: ${{ env.ISSUE_BODY }}

	# after your "Run Codex…" step, before create‑pull‑request
	- name: Force origin to HTTPS with token
	run: \|
	git config --local user.email "github-actions[codex-bot]@users.noreply.github.com"
	git config --local user.name "github-actions[codex-bot]"
	git remote set-url origin \
	https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git

	# ───────────────────────────────────────────────────────────────
	# Commit + push + open PR (all handled by the action)
	# ───────────────────────────────────────────────────────────────
	- name: Create pull request
	uses: peter-evans/create-pull-request@v6
	with:
	author: "github-actions[codex-bot] <github-actions[codex-bot]@users.noreply.github.com>"
	branch: ${{ env.BRANCH_NAME }} # new or existing
	base: main # PR target
	commit-message: "Codex: ${{ env.ISSUE_TITLE }} (fixes #${{ github.event.issue.number }})"
	title: "Codex: ${{ env.ISSUE_TITLE }}"
	body: \|
	Automated changes generated by Codex for #${{ github.event.issue.number }}.

	---
	_This PR was created by the codex-autopilot workflow._
	delete-branch: true # tidy up after merge
	token: ${{ secrets.GITHUB_TOKEN }} # gets write perms from `permissions:` above
No results found