Codex GitHub Integration | Rookie Tutorial
Codex is deeply integrated with GitHub, allowing code reviews directly in pull requests. This section details how to configure and use the GitHub integration.
Feature Overview
Through GitHub integration, you can:
- Request Codex reviews directly in PR comments
- Automatically review each pull request
- Have Codex fix CI failure issues
- View code changes and provide suggestions
Without leaving GitHub, Codex will reply with review comments like a teammate.
Setting Up GitHub Integration
Prerequisites
- Codex Cloud subscription
- GitHub account
Configuration Steps
- Set up Codex Cloud
- Go to Codex Settings
- Enable Code review feature for the repository
- Authorize Codex to access your repository
You need to grant Codex permission to read repositories and create pull requests.
Requesting Code Review
Manual Review Trigger
Mention @codex review in a pull request comment:
Request Review
Enter in PR comment
@codex review
Or specify review focus
@codex review for security regressions
Codex Response
Codex will:
- React to the PR (π)
- Analyze code changes
- Post review comments
- Mark found issues (P0 and P1)
Codex will post review comments on the PR like a human reviewer.
Automatic Review
Enable Automatic reviews in settings:
- Go to Codex Settings
- Enable Automatic reviews
- Automatically post reviews when new PRs are opened
Customizing Review Content
Setting Repository Review Guidelines
Add review guidelines to AGENTS.md in the repository:
Add Review Guidelines
Review guidelines
- Don't log PII (personally identifiable information)
- Verify that authentication middleware wraps every route
- Check for SQL injection vulnerabilities
- Ensure error messages don't leak sensitive information
Module-Specific Rules
Place more specific review rules in subdirectories:
Module-Specific Rules
src/payment/ module review rules
Payment-specific reviews
- Verify payment processing follows PCI compliance
- Check for proper amount validation
- Ensure transaction logging
More specific rules will be automatically applied to code changes in the corresponding module.
One-Time Review Focus
Specify review focus in comments:
Specify Review Focus
Comment examples
@codex review for security issues
@codex review for performance regressions
@codex review for documentation completeness
Giving Codex Other Tasks
Mentioning @codex (not review) in comments will launch a cloud task:
Other Tasks
Fix CI failures
@codex fix the CI failures
Add tests
@codex add tests for the new API endpoints
Refactor code
@codex refactor this function to use async/await
Using Codex's other features is as simple as @ mentioning it in a comment.
GitHub Actions Integration
You can also use Codex in GitHub Actions:
GitHub Actions Workflow
span style="color: green;">
name: Codex Review
on:
jobs:
codex-review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Codex Review
run: |
codex exec "Review code changes in this PR" --output review.md
- name: Post Review
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const review = fs.readFileSync('review.md', 'utf8');
github.rest.pulls.createReview({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
body: review,
event: 'COMMENT'
});
Integrating Codex into CI/CD workflows can automate code reviews.
Best Practices
Review Guidelines
- Clearly define review standards in AGENTS.md
- Set specific rules for different modules
- Specify issue priorities (P0/P1)
Automation
- Enable automatic reviews for regular PRs
- Use manual triggers for large changes
- Combine with automated workflows
Good configuration can make Codex's reviews more accurate and efficient.
FAQ
Q: Does Codex review cost money?
GitHub integration requires a Codex Cloud subscription.
Q: Can Codex access private repositories?
You need to authorize Codex to access your private repositories.
Q: Can I limit which repositories Codex reviews?
Yes, you can selectively authorize repositories in settings.
Q: What severity levels does Codex flag?
By default, P0 (critical) and P1 (important) issues are flagged.
YouTip