mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-06 18:00:54 +00:00
ci: pin full release validation children
This commit is contained in:
Peter Steinberger
14
docs/ci.md
14
docs/ci.md
@@ -134,6 +134,20 @@ See [Full release validation](/reference/full-release-validation) for the
|
||||
stage matrix, exact workflow job names, profile differences, artifacts, and
|
||||
focused rerun handles.
|
||||
|
||||
For pinned commit proof on a fast-moving branch, use the helper instead of
|
||||
`gh workflow run ... --ref main -f ref=<sha>`:
|
||||
|
||||
```bash
|
||||
pnpm ci:full-release --sha <full-sha>
|
||||
```
|
||||
|
||||
GitHub workflow dispatch refs must be branches or tags, not raw commit SHAs. The
|
||||
helper pushes a temporary `release-ci/<sha>-...` branch at the target SHA,
|
||||
dispatches `Full Release Validation` from that pinned ref, verifies every child
|
||||
workflow `headSha` matches the target, and deletes the temporary branch when the
|
||||
run completes. The umbrella verifier also fails if any child workflow ran at a
|
||||
different SHA.
|
||||
|
||||
`release_profile` controls live/provider breadth passed into release checks. The
|
||||
manual release workflows default to `stable`; use `full` only when you
|
||||
intentionally want the broad advisory provider/media matrix.
|
||||
|
||||
Reference in New Issue
Block a user