chore: dispatch audits to AIAuditBridge#26
Conversation
Co-Authored-By: Codex <noreply@openai.com>
🤖 Codex PR ReviewPlease ensure a human reviewer checks this PR before merging. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 43b9fbce04
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| repositories: | | ||
| CodexAuditBridge | ||
| AIAuditBridge |
There was a problem hiding this comment.
Scope the app token to the configured bridge
When vars.CODEX_AUDIT_BRIDGE_REPOSITORY is set to a bridge other than QuantStrategyLab/AIAuditBridge, the dispatch later uses that configured BRIDGE_REPOSITORY, but this step now always creates an installation token scoped only to AIAuditBridge. The upstream actions/create-github-app-token docs define repositories as the list of repositories to grant access to, and the script prefers APP_TOKEN over CODEX_AUDIT_DISPATCH_TOKEN, so a configured bridge such as QuantStrategyLab/CodexAuditBridge will fail authorization instead of falling back. Please derive this repository entry from BRIDGE_REPOSITORY or omit it for owner-wide installation access.
Useful? React with 👍 / 👎.
Summary
Verification