ci: switch release notes generation to Codex

[AprilNEA]

Summary

• replace Amp SDK release-note generation with OpenAI Responses API / Codex
• use OPENAI_API_KEY and configurable CODEX_MODEL instead of OP_AMP_SECRET_ITEM / AMP_API_KEY
• remove Amp SDK and Amp CLI dependency leftovers

Validation

• pnpm --dir scripts/release-notes install --frozen-lockfile
• generated release notes locally without OPENAI_API_KEY to verify fallback path
• parsed GitHub workflow/action YAML

[greptile-apps]

Greptile Summary

Replaces the Amp SDK–based release-note generation with the OpenAI Responses API (openai npm package), swapping AMP_API_KEY / @ampcode/sdk for CODEX_ACCESS_TOKEN / OPENAI_API_KEY and a configurable CODEX_ENDPOINT. The 1Password step and the script's OpenAI client construction are updated accordingly.

• generate.ts now calls openai.responses.create with model: CODEX_MODEL || \"gpt-5.5\" and falls back to GitHub-generated notes when the API is unavailable.
• package.json / lockfile drop all @ampcode/* and zod entries and add openai@6.42.0.
• The workflow loads three new 1Password fields (CODEX_ACCESS_TOKEN, CHATGPT_USERNAME, CODEX_ENDPOINT) from OP_CODEX_SECRET_ITEM.

Confidence Score: 4/5

Safe to merge for the Codex/ChatGPT credential path; the OPENAI_API_KEY fallback will silently fail and fall through to GitHub-generated notes.

The OPENAI_API_KEY fallback — the primary onboarding path called out in the PR description — sends requests to https://chatgpt.com/backend-api/codex instead of the standard OpenAI endpoint, causing authentication failures for anyone who sets only OPENAI_API_KEY without also setting CODEX_ENDPOINT. The rest of the changes (dependency swap, workflow secret wiring, error handling) are straightforward and correct.

scripts/release-notes/generate.ts — the baseURL default and the OPENAI_API_KEY fallback interact in a way that makes the standard-API path non-functional.

Important Files Changed

Filename	Overview
scripts/release-notes/generate.ts	Switches from Amp SDK to OpenAI Responses API; OPENAI_API_KEY fallback is broken because the default baseURL points to the ChatGPT backend, not api.openai.com
.github/workflows/release.yml	Replaces 1Password Amp secret references with Codex/ChatGPT secret item; loads three new outputs (CODEX_ACCESS_TOKEN, CHATGPT_USERNAME, CODEX_ENDPOINT) with continue-on-error: true guard
scripts/release-notes/package.json	Removes @ampcode/sdk and its onlyBuiltDependencies entry; adds openai ^6.42.0
scripts/release-notes/pnpm-lock.yaml	Lockfile updated to remove all @ampcode/* and zod entries; adds openai@6.42.0 snapshot with no transitive deps (bundled)

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions
    participant 1P as 1Password
    participant Script as generate.ts
    participant OAI as OpenAI / Codex endpoint
    participant GH as GitHub API

    GHA->>1P: load OP_CODEX_SECRET_ITEM (continue-on-error)
    1P-->>GHA: CODEX_ACCESS_TOKEN, CHATGPT_USERNAME, CODEX_ENDPOINT

    GHA->>Script: run with env vars
    Script->>GH: listTags / compareCommits / generateReleaseNotes
    GH-->>Script: tags, commits, github notes

    alt CODEX_ACCESS_TOKEN or OPENAI_API_KEY set
        Script->>OAI: "responses.create(model, prompt) baseURL = CODEX_ENDPOINT or chatgpt.com/backend-api/codex"
        OAI-->>Script: output_text
    else no credential
        Script->>Script: warn + use GitHub notes fallback
    end

    Script->>GHA: write RELEASE_NOTES.md

Loading

_{Reviews (4): Last reviewed commit: "ci: switch release notes generation to C..." | Re-trigger Greptile}

[greptile-apps]

OPENAI_API_KEY fallback always routes to the ChatGPT backend

When CODEX_ACCESS_TOKEN is absent but OPENAI_API_KEY is set, codexAccessToken is non-null so the if block runs — but CODEX_ENDPOINT is also unset, so baseURL falls back to "https://chatgpt.com/backend-api/codex". A standard OpenAI API key sent to the ChatGPT backend will return an authentication error every time. The PR description explicitly calls out OPENAI_API_KEY as the new credential path, so this is the primary onboarding story for contributors without a Codex account, and it will silently fall through to the GitHub-generated notes.