workflowintermediateChatGPT/Codex

Automate Code Reviews with the Codex GitHub Action

This tool automatically adds an AI code reviewer to your software development process using GitHub Actions. Whenever a developer submits new code for review, the AI scans it for potential issues, bugs, and improvements, then posts its feedback directly on the pull request. This automates a time-consuming manual task and provides an immediate, extra layer of quality control.

AI SETUP PROMPT

Paste into Codex CLI — it will scan your project and set everything up

# Set Up Workflow: Automate Code Reviews with the Codex GitHub Action

## What This Is
This tool automatically adds an AI code reviewer to your software development process using GitHub Actions. Whenever a developer submits new code for review, the AI scans it for potential issues, bugs, and improvements, then posts its feedback directly on the pull request. This automates a time-consuming manual task and provides an immediate, extra layer of quality control.

Source: https://github.com/openai/codex-action

## Before You Start

Scan my workspace and analyze:
- The project language, framework, and directory structure
- Existing AI provider config (check .env, .env.local, config files for API keys — OpenRouter, OpenAI, Anthropic, Google AI, etc.)
- Whether this repository or a similar tool is already cloned or installed

Then ask me before proceeding:
1. Which AI provider/API should this use? (Use whatever I already have configured, or ask me to set one up — options include direct provider APIs or a unified service like OpenRouter)
2. Where in my project should this be integrated?
3. Are there any customizations I need (model preferences, naming conventions, constraints)?

## Fetch the Source

Clone or inspect the repository to understand what needs to be installed:
```bash
gh repo clone openai/codex-action
```
Review the README, directory structure, and any install instructions before proceeding.

## What to Implement

This is an **AI Workflow** — an end-to-end automation pattern or integration pipeline.

- Study the workflow architecture from the source and context below
- Identify which parts I can implement locally vs. parts that need external services
- For local parts: implement them using my existing stack and API keys
- For external parts: tell me exactly what services I need and help me configure the integration code
- Wire up any required API calls using keys from my .env files

## Additional Context

- Create a new GitHub Actions workflow file in the user's project at `.github/workflows/codex-review.yml`.
- Add the provided YAML configuration to the `codex-review.yml` file. This config defines a job that triggers on new pull requests, checks out the code, and uses the `openai/codex-action` to generate feedback.
- Instruct the user to add their OpenAI API key as a repository secret named `OPENAI_API_KEY` in their GitHub settings for the action to authenticate successfully, providing a link to their repository's secrets page (`https://github.com/{owner}/{repo}/settings/secrets/actions`).

## Reference Implementation

```
```yaml
name: Perform a code review when a pull request is created.
on:
  pull_request:
    types: [opened]

jobs:
  codex:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      final_message: ${{ steps.run_codex.outputs.final-message }}
    steps:
      - uses: actions/checkout@v5
        with:
          # Explicitly check out the PR's merge commit.
          ref: refs/pull/${{ github.event.pull_request.number }}/merge

      - name: Pre-fetch base and head refs for the PR
        run: |
          git fetch --no-tags origin \
            ${{ github.event.pull_request.base.ref }} \
            +refs/pull/${{ github.event.pull_request.number }}/head

      # If you want Codex to build and run code, install any dependencies that
      # need to be downloaded before the "Run Codex" step because Codex's
      # default sandbox disables network access.

      - name: Run Codex
        id: run_codex
        uses: openai/codex-action@v1
        with:
          openai-api-key: ${{ secrets.OPENAI_API_KEY }}
          prompt: |
            This is PR #${{ github.event.pull_request.number }} for ${{ github.repository }}.

            Review ONLY the changes introduced by the PR, so consider:
               git log --oneline ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }}

            Suggest any improvements, potential bugs, or issues.
            Be concise and specific in your feedback.

            Pull request title and body:
            ----
            ${{ github.event.pull_request.title }}
            ${{ github.event.pull_request.body }}

  post_feedback:
    runs-on: ubuntu-latest
    needs: codex
    if: needs.codex.outputs.final_message != ''
    permissions:
      issues: write
      pull-requests: write
    steps:
      - name: Report Codex feedback
        uses: actions/github-script@v7
        env:
          CODEX_FINAL_MESSAGE: ${{ needs.codex.outputs.final_message }}
        with:
          github-token: ${{ github.token }}
          script: |
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.payload.pull_request.number,
              body: process.env.CODEX_FINAL_MESSAGE,
            });
```
```

## Guidelines

- Adapt everything to my existing project — do not assume a specific stack or directory layout
- Use whichever AI provider I already have configured; if I need a new one, tell me what to sign up for and I'll give you the key
- Check my .env files for existing API keys (OpenRouter, OpenAI, Anthropic, Google AI) before asking me to add one
- Review any fetched code for safety before installing or executing it
- After setup, run a quick verification and show me a summary of exactly what was installed, where, and how to use it

5,445 charactersCompatible with Claude Code & Codex CLI

MANUAL SETUP STEPS

01Create a new GitHub Actions workflow file in the user's project at `.github/workflows/codex-review.yml`.
02Add the provided YAML configuration to the `codex-review.yml` file. This config defines a job that triggers on new pull requests, checks out the code, and uses the `openai/codex-action` to generate feedback.
03Instruct the user to add their OpenAI API key as a repository secret named `OPENAI_API_KEY` in their GitHub settings for the action to authenticate successfully, providing a link to their repository's secrets page (`https://github.com/{owner}/{repo}/settings/secrets/actions`).

CODE INTELLIGENCE

bash

```yaml
name: Perform a code review when a pull request is created.
on:
  pull_request:
    types: [opened]

jobs:
  codex:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      final_message: ${{ steps.run_codex.outputs.final-message }}
    steps:
      - uses: actions/checkout@v5
        with:
          # Explicitly check out the PR's merge commit.
          ref: refs/pull/${{ github.event.pull_request.number }}/merge

      - name: Pre-fetch base and head refs for the PR
        run: |
          git fetch --no-tags origin \
            ${{ github.event.pull_request.base.ref }} \
            +refs/pull/${{ github.event.pull_request.number }}/head

      # If you want Codex to build and run code, install any dependencies that
      # need to be downloaded before the "Run Codex" step because Codex's
      # default sandbox disables network access.

      - name: Run Codex
        id: run_codex
        uses: openai/codex-action@v1
        with:
          openai-api-key: ${{ secrets.OPENAI_API_KEY }}
          prompt: |
            This is PR #${{ github.event.pull_request.number }} for ${{ github.repository }}.

            Review ONLY the changes introduced by the PR, so consider:
               git log --oneline ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }}

            Suggest any improvements, potential bugs, or issues.
            Be concise and specific in your feedback.

            Pull request title and body:
            ----
            ${{ github.event.pull_request.title }}
            ${{ github.event.pull_request.body }}

  post_feedback:
    runs-on: ubuntu-latest
    needs: codex
    if: needs.codex.outputs.final_message != ''
    permissions:
      issues: write
      pull-requests: write
    steps:
      - name: Report Codex feedback
        uses: actions/github-script@v7
        env:
          CODEX_FINAL_MESSAGE: ${{ needs.codex.outputs.final_message }}
        with:
          github-token: ${{ github.token }}
          script: |
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.payload.pull_request.number,
              body: process.env.CODEX_FINAL_MESSAGE,
            });
```

FIELD OPERATIONS

Automated Changelog Generator

Create a GitHub Action that triggers on merges to the main branch. Use the Codex action to analyze the commit messages since the last release tag and generate a human-readable summary for a `CHANGELOG.md` file, then automatically commit the update.

On-Demand Documentation Scaffolder

Set up a workflow triggered by a specific label (e.g., 'document-me') on a pull request. The action would use Codex to read the changed files and generate initial documentation (like README sections or function docstrings), which it then posts as a comment for the developer to use.

STRATEGIC APPLICATIONS

→Accelerate junior developer onboarding by providing immediate, consistent coding-standard feedback on their pull requests, reducing the review burden on senior engineers.
→Enforce compliance and internal best practices automatically across all repositories in an organization by running a standardized 'style and security' check on every code change before it is merged.