Skip to content

How to Run Codex CLI Safely inside GitHub Actions

Codex CLI Complete Guide

Target Audience

  • Target roles: Intermediate engineers who want to automate Codex-driven tasks in CI
  • Goal: Enable Codex CLI to run from GitHub Actions with prompt files and produce artifacts automatically
  • Prerequisites: Git-managed repository plus an OpenAI API key or an active ChatGPT plan

Why bring Codex CLI into CI?

  • codex exec supports non-interactive runs, finishing tasks without manual approvals (official documentation)
  • OpenAI’s openai/codex-action installs the CLI, starts the Responses API proxy, and applies safety strategies out of the box (GitHub Actions guide)
  • Adding --sandbox danger-full-access (alias --dangerously-bypass-approvals-and-sandbox) mirrors Claude CLI’s fully unsandboxed mode, but it should be treated as a last resort (sandbox rules)

Implementation steps

1. Prepare secrets and workspace

  • Issue an OpenAI API key and store it as OPENAI_API_KEY in GitHub Secrets
  • Create a dedicated Codex cache directory (for example .github/codex-cache) to isolate CLI state
  • Install build dependencies before Codex runs so the agent does not need extra privileges
mkdir -p .github/codex-cache
git add .github/codex-cache/.gitkeep

2. Invoke codex-action in your workflow

The snippet below shows the minimal usage. prompt-file feeds the prompt, while codex-args fine-tunes autonomy.

- name: Run Codex CLI
  uses: openai/codex-action@v1
  with:
    openai-api-key: ${{ secrets.OPENAI_API_KEY }}
    prompt-file: .github/prompts/stage1.txt
    sandbox: workspace-write
    codex-args: ["--full-auto","--cd","docs"]

3. Manage prompts and outputs

  • Keep prompts under .github/prompts/ and let GitHub Actions render variables (dates, URLs) before passing them to Codex
  • Capture the final answer via the action’s output-file option or review generated files with git status in subsequent steps
  • If you must add --dangerously-bypass-approvals-and-sandbox, wrap the run with mandatory git diff inspections and automated tests

Operational tips

  • Gradual escalation: Start with sandbox: workspace-write + --full-auto; only switch to danger-full-access after verifying stability
  • Usage monitoring: Watch the OpenAI Usage dashboard because Responses API consumption increases after each run
  • Retry strategy: Residual changes outside Git can break retries. Consider git clean -fd or writing outputs to a temp directory before re-running
  • Secrets hygiene: For cross-repo or network operations, expose capabilities through MCP servers instead of handing secrets to the agent

References