vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 05:40:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: fix release validation dispatch and protocol drift

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-27 13:31:30 +01:00
parent d9b8001502
commit 0931a1f11e
4 changed files with 34 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.agents/skills/openclaw-testing/SKILL.md
View File

@@ -122,11 +122,15 @@ gh workflow run full-release-validation.yml \
--repo openclaw/openclaw \
--ref main \
-f ref=<branch-or-sha> \
-f workflow_ref=main \
-f provider=openai \
-f mode=both
```
Run the workflow itself from the trusted current ref, normally `--ref main`;
child workflows are dispatched from that same ref even when `ref` points at an
older release branch or tag. Full Release Validation has no separate child
workflow ref input; choose the trusted harness by choosing the workflow run ref.
If a full run is already active on a newer `origin/main`, prefer watching that
run over dispatching a duplicate. If you accidentally dispatch a stale duplicate,
cancel it and monitor the current run.

31
.github/workflows/full-release-validation.yml vendored
View File

@@ -8,11 +8,6 @@ on:
required: true
default: main
type: string
workflow_ref:
description: Trusted workflow ref used to run child workflows
required: false
default: main
type: string
provider:
description: Provider lane for cross-OS onboarding and the end-to-end agent turn
required: false
@@ -86,7 +81,7 @@ jobs:
env:
TARGET_REF: ${{ inputs.ref }}
TARGET_SHA: ${{ steps.resolve.outputs.sha }}
WORKFLOW_REF: ${{ inputs.workflow_ref }}
CHILD_WORKFLOW_REF: ${{ github.ref_name }}
NPM_TELEGRAM_PACKAGE_SPEC: ${{ inputs.npm_telegram_package_spec }}
run: |
{
@@ -94,7 +89,7 @@ jobs:
echo
echo "- Target ref: \`${TARGET_REF}\`"
echo "- Target SHA: \`${TARGET_SHA}\`"
echo "- Child workflow ref: \`${WORKFLOW_REF}\`"
echo "- Child workflow ref: \`${CHILD_WORKFLOW_REF}\`"
echo "- Normal CI: \`CI\` with \`target_ref=${TARGET_SHA}\`"
echo "- Release/live/Docker/package/QA: \`OpenClaw Release Checks\`"
if [[ -n "${NPM_TELEGRAM_PACKAGE_SPEC// }" ]]; then
@@ -120,19 +115,18 @@ jobs:
GH_TOKEN: ${{ github.token }}
TARGET_REF: ${{ inputs.ref }}
TARGET_SHA: ${{ needs.resolve_target.outputs.sha }}
WORKFLOW_REF: ${{ inputs.workflow_ref }}
CHILD_WORKFLOW_REF: ${{ github.ref_name }}
run: |
set -euo pipefail
dispatch_and_wait() {
local workflow="$1"
local workflow_ref="$2"
shift 2
shift
local before_json run_id status conclusion url
before_json="$(gh run list --workflow "$workflow" --event workflow_dispatch --limit 100 --json databaseId --jq '[.[].databaseId]')"
gh workflow run "$workflow" --ref "$workflow_ref" "$@"
gh workflow run "$workflow" --ref "$CHILD_WORKFLOW_REF" "$@"
for _ in $(seq 1 60); do
run_id="$(
@@ -178,7 +172,7 @@ jobs:
echo "- Target SHA: \`${TARGET_SHA}\`"
} >> "$GITHUB_STEP_SUMMARY"
dispatch_and_wait ci.yml "$WORKFLOW_REF" -f target_ref="$TARGET_SHA"
dispatch_and_wait ci.yml -f target_ref="$TARGET_SHA"
release_checks:
name: Run release/live/Docker/QA validation
@@ -196,7 +190,7 @@ jobs:
GH_TOKEN: ${{ github.token }}
TARGET_REF: ${{ inputs.ref }}
TARGET_SHA: ${{ needs.resolve_target.outputs.sha }}
WORKFLOW_REF: ${{ inputs.workflow_ref }}
CHILD_WORKFLOW_REF: ${{ github.ref_name }}
PROVIDER: ${{ inputs.provider }}
MODE: ${{ inputs.mode }}
run: |
@@ -204,13 +198,12 @@ jobs:
dispatch_and_wait() {
local workflow="$1"
local workflow_ref="$2"
shift 2
shift
local before_json run_id status conclusion url
before_json="$(gh run list --workflow "$workflow" --event workflow_dispatch --limit 100 --json databaseId --jq '[.[].databaseId]')"
gh workflow run "$workflow" --ref "$workflow_ref" "$@"
gh workflow run "$workflow" --ref "$CHILD_WORKFLOW_REF" "$@"
for _ in $(seq 1 60); do
run_id="$(
@@ -258,7 +251,7 @@ jobs:
echo "- Cross-OS mode: \`${MODE}\`"
} >> "$GITHUB_STEP_SUMMARY"
dispatch_and_wait openclaw-release-checks.yml "$WORKFLOW_REF" \
dispatch_and_wait openclaw-release-checks.yml \
-f ref="$TARGET_SHA" \
-f provider="$PROVIDER" \
-f mode="$MODE"
@@ -278,7 +271,7 @@ jobs:
id: dispatch
env:
GH_TOKEN: ${{ github.token }}
WORKFLOW_REF: ${{ inputs.workflow_ref }}
CHILD_WORKFLOW_REF: ${{ github.ref_name }}
PACKAGE_SPEC: ${{ inputs.npm_telegram_package_spec }}
PROVIDER_MODE: ${{ inputs.npm_telegram_provider_mode }}
SCENARIO: ${{ inputs.npm_telegram_scenario }}
@@ -292,7 +285,7 @@ jobs:
args+=(-f scenario="$SCENARIO")
fi
gh workflow run npm-telegram-beta-e2e.yml --ref "$WORKFLOW_REF" "${args[@]}"
gh workflow run npm-telegram-beta-e2e.yml --ref "$CHILD_WORKFLOW_REF" "${args[@]}"
run_id=""
for _ in $(seq 1 60); do

8
docs/reference/RELEASING.md
View File

@@ -232,7 +232,6 @@ branch, tag, or full commit SHA as `ref`:
gh workflow run full-release-validation.yml \
--ref main \
-f ref=release/YYYY.M.D \
-f workflow_ref=main \
-f provider=openai \
-f mode=both
```
@@ -246,6 +245,10 @@ Package Acceptance with Telegram package QA, QA Lab parity, live Matrix, and
live Telegram. A full run is only acceptable when the `Full Release Validation`
summary shows `normal_ci` and `release_checks` as successful, and any optional
`npm_telegram` child is either successful or intentionally skipped.
Child workflows are dispatched from the trusted ref that runs `Full Release
Validation`, normally `--ref main`, even when the target `ref` points at an
older release branch or tag. There is no separate Full Release Validation
workflow-ref input; choose the trusted harness by choosing the workflow run ref.
Use these variants depending on release stage:
@@ -254,7 +257,6 @@ Use these variants depending on release stage:
gh workflow run full-release-validation.yml \
--ref main \
-f ref=release/YYYY.M.D \
-f workflow_ref=main \
-f provider=openai \
-f mode=both
@@ -262,7 +264,6 @@ gh workflow run full-release-validation.yml \
gh workflow run full-release-validation.yml \
--ref main \
-f ref=<40-char-sha> \
-f workflow_ref=main \
-f provider=openai \
-f mode=both
@@ -270,7 +271,6 @@ gh workflow run full-release-validation.yml \
gh workflow run full-release-validation.yml \
--ref main \
-f ref=release/YYYY.M.D \
-f workflow_ref=main \
-f provider=openai \
-f mode=both \
-f npm_telegram_package_spec=openclaw@YYYY.M.D-beta.N \

13
test/scripts/package-acceptance-workflow.test.ts
View File

@@ -6,6 +6,7 @@ const LIVE_E2E_WORKFLOW = ".github/workflows/openclaw-live-and-e2e-checks-reusab
const DOCKER_E2E_PLAN_ACTION = ".github/actions/docker-e2e-plan/action.yml";
const NPM_TELEGRAM_WORKFLOW = ".github/workflows/npm-telegram-beta-e2e.yml";
const RELEASE_CHECKS_WORKFLOW = ".github/workflows/openclaw-release-checks.yml";
const FULL_RELEASE_VALIDATION_WORKFLOW = ".github/workflows/full-release-validation.yml";
describe("package acceptance workflow", () => {
it("resolves candidate package sources before reusing Docker E2E lanes", () => {
@@ -132,4 +133,16 @@ describe("package artifact reuse", () => {
expect(workflow).toContain("package_telegram=${PACKAGE_TELEGRAM_RESULT}");
expect(workflow).not.toContain("npm_telegram:");
});
it("runs full release children from the trusted workflow ref", () => {
const workflow = readFileSync(FULL_RELEASE_VALIDATION_WORKFLOW, "utf8");
expect(workflow).toContain("CHILD_WORKFLOW_REF: ${{ github.ref_name }}");
expect(workflow).toContain('gh workflow run "$workflow" --ref "$CHILD_WORKFLOW_REF" "$@"');
expect(workflow).toContain(
'gh workflow run npm-telegram-beta-e2e.yml --ref "$CHILD_WORKFLOW_REF" "${args[@]}"',
);
expect(workflow).not.toContain("workflow_ref:");
expect(workflow).not.toContain("inputs.workflow_ref");
});
});