Drop-in Codex AI agent with GitHub Models

_CODEX_GITHUB_MODELS.md

This is a drop-in, zero-config Actions harness for OpenAI's Codex agent. It uses GitHub Models for inference, so you don't need to set up any secrets - just copy-pasting the action into your repo should work as-is.

You may need to go into your settings and check the "allow Actions to open PRs" checkbox.

To use it, open an issue in your repo with [codex] in the issue name.

Note: I've updated this to work for the latest version of Codex (the Rust one). If you're using the Python one, you'll have to go to a previous version of this Gist.

codex.yml

name: Codex on GitHub Models

on:
  issues:
    types: [opened]

jobs:
  process-issue:
    if: contains(github.event.issue.title, '[codex]')
    runs-on: ubuntu-latest
    permissions:
      contents: write
      issues: write
      pull-requests: write
      models: read

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '22'

      - name: Install Codex CLI
        run: npm install -g @openai/codex
        
      - name: Install ripgrep
        run: sudo apt-get update && sudo apt-get install -y ripgrep

      - name: Process issue with Codex
        env:
          ISSUE_BODY: ${{ github.event.issue.body }}
          ISSUE_NUMBER: ${{ github.event.issue.number }}
          ISSUE_TITLE: ${{ github.event.issue.title }}
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          INSTRUCTION="$ISSUE_TITLE  --- $ISSUE_BODY"
          
          BRANCH_NAME="codex/issue-$ISSUE_NUMBER"
          git checkout -b $BRANCH_NAME

          codex exec \
            -c model=gpt-4.1 \
            -c model_provider=github \
            -c 'model_providers.github={name="GitHub Models", base_url="https://models.github.ai/inference", env_key="GH_TOKEN", wire_api="chat"}' \
            --full-auto "$INSTRUCTION"
          
          if [[ -n $(git status --porcelain) ]]; then
            git config user.name "GitHub Models Codex Bot"
            git config user.email "[email protected]"
            
            git add .
            git commit -m "Codex changes for issue #$ISSUE_NUMBER"
            git push origin $BRANCH_NAME
            
            # Create PR and comment on issue using the same token
            gh pr create --title "Codex: ${{ github.event.issue.title }}" \
              --body "Auto-generated by Codex for issue #$ISSUE_NUMBER" \
              --base ${{ github.event.repository.default_branch }} \
              --head $BRANCH_NAME
              
            gh issue comment $ISSUE_NUMBER --body "Codex created a PR for this issue"
          else
            gh issue comment $ISSUE_NUMBER --body "Codex processed this issue but made no changes"
          fi

when i removed the --quiet, i get the following error "Please pass one of apiKey and azureADTokenProvider or set the AZURE_OPENAI_API_KEY environment ", not sure how just removing this has caused the issue, will continue to investigate over the weekend and keep you posted... thank you.

I get: error: unexpected argument '--approval-mode' found

@silidev @madhugilla Codex updated to a new version with a different interface. I've updated this Gist so it works now.

please add a missing step:

- name: Install ripgrep
  run: sudo apt-get update && sudo apt-get install -y ripgrep

without this tool I see errors in logs:

ERROR codex_core::exec: exec error: No such file or directory (os error 2)

The biggest blocker for me when evaluating your workflow is this:

stream error: unexpected status 413 Payload Too Large: {"error":{"code":"tokens_limit_reached","message":"Request body too large for gpt-4.1 model. Max size: 8000 tokens.","details":"Request body too large for gpt-4.1 model. Max size: 8000 tokens."}}; retrying 1/10 in 196ms…

And after 9 retries:

ERROR: unexpected status 413 Payload Too Large: {"error":{"code":"tokens_limit_reached","message":"Request body too large for gpt-4.1 model. Max size: 8000 tokens.","details":"Request body too large for gpt-4.1 model. Max size: 8000 tokens."}}

And the github action execution just hangs... it neither auto-recovers, nor stops. if I didn't terminate the action manually, it would run for max = 6 hours and spend 6 * 60 = 360 minutes (!) from my Github Actions quota.

I doubt this coding agent needs to work for 6 hours straight. Please, consider adding a restriction like timeout-minutes: 20.

@sgoedecke, thank you for sharing this drop-in, zero-config action - it’s super helpful for learning and experimentation!

Just one concern: in a public repository, anyone can create an issue with [codex] in the title, which would trigger the workflow. That leads to unintended use of GitHub Models and Actions minutes, and (who knows?) potentially exposes the repository to prompt injection attacks.

Do you have any recommendations on how to restrict who can trigger the codex.yml workflow or otherwise mitigate these risks?

@naXa777 Thank you for the feedback! I've added a step to install ripgrep.

About the 413 error - unfortunately the free tier of GitHub Models doesn't have a large enough context window to run Codex (it's 8k tokens max). There's no way around that without going into your GitHub settings for Models and turning on paid usage.

in a public repository, anyone can create an issue with [codex] in the title, which would trigger the workflow.

If you did want to lock this down in a public repository, the easiest way would be to have some kind of allowlist in the workflow body, e.g.:

      - name: Check if user is allowed
        id: check_user
        run: |
          ALLOWED_USERS="user1 user2"
          if [[ " $ALLOWED_USERS " =~ " ${{ github.event.issue.user.login }} " ]]; then
            echo "allowed=true" >> $GITHUB_OUTPUT
          else
            echo "allowed=false" >> $GITHUB_OUTPUT
          fi

      - name: Comment and close if not allowed
        if: steps.check_user.outputs.allowed != 'true'
        run: |
          gh issue comment ${{ github.event.issue.number }} --body "Sorry, only approved users can create [codex] issues."
          gh issue close ${{ github.event.issue.number }}

You could also use the API to check for org membership if you wanted to get more sophisticated with it.