Skip to content

[codex] Fix IBIT zscore workflow and Dependabot guard#125

Merged
Pigbibi merged 1 commit into
mainfrom
codex/fix-ibit-zscore-dependabot-guard
Jun 23, 2026
Merged

[codex] Fix IBIT zscore workflow and Dependabot guard#125
Pigbibi merged 1 commit into
mainfrom
codex/fix-ibit-zscore-dependabot-guard

Conversation

@Pigbibi

@Pigbibi Pigbibi commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Summary

  • export ZSCORE_METRICS_URLS inside the IBIT zscore publish target step before the same-step Python host summary reads it
  • add a stale-run guard to the Dependabot auto-merge workflow by comparing the PR headRefOid with github.event.workflow_run.head_sha
  • pass --match-head-commit to gh pr merge so only the CI-checked Dependabot head can be merged

Root cause

The failed Publish Strategy Plugins run wrote ZSCORE_METRICS_URLS to $GITHUB_ENV and then tried to read it from Python in the same step. $GITHUB_ENV only affects subsequent steps, so the Python process raised KeyError: 'ZSCORE_METRICS_URLS'.

The Codex review on the Dependabot maintenance PR also identified that auto-merge could merge a newer untested Dependabot head if the branch changed after the CI run completed.

Validation

  • actionlint .github/workflows/publish-strategy-plugins.yml .github/workflows/dependabot_auto_merge.yml
  • git diff --check
  • local shell simulation of the IBIT zscore resolve block with the default metrics URL

Notes

  • Existing untracked local uv.lock was intentionally left out of this PR.

@Pigbibi Pigbibi marked this pull request as ready for review June 23, 2026 20:38
@Pigbibi Pigbibi merged commit a6cc049 into main Jun 23, 2026
1 check passed
@Pigbibi Pigbibi deleted the codex/fix-ibit-zscore-dependabot-guard branch June 23, 2026 20:38
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 23, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3e696c3e65

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .github/workflows/publish-strategy-plugins.yml
printf '%s\n' "${metrics_urls}"
echo "EOF"
} >> "$GITHUB_ENV"
export ZSCORE_METRICS_URLS="${metrics_urls}"

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 23, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Honor the resolved IBIT metrics URL during download

When a manual run supplies ibit_zscore_metrics_url(s), this exports only ZSCORE_METRICS_URLS, so the same-step summary uses the override, but the later download still invokes scripts/download_ibit_zscore_metrics.py without --url/--urls-env; that script's defaults read IBIT_ZSCORE_METRICS_URLS and IBIT_ZSCORE_METRICS_URL, not ZSCORE_METRICS_URLS. As a result, after this crash fix the workflow can silently download from the repo vars/default URL instead of the operator-provided endpoint; persist the resolved value under the env name the downloader consumes or pass it explicitly.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Pigbibi