fix(ci): trust live docker harness scripts

2026-05-06 16:50:43 +00:00 · 2026-04-27 20:52:37 -07:00
parent 76d279fe10
commit 42de56cc22
10 changed files with 188 additions and 46 deletions
--- a/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
+++ b/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
@@ -862,7 +862,7 @@ jobs:
          export OPENCLAW_DOCKER_ALL_TIMINGS_FILE=".artifacts/docker-tests/targeted-${{ steps.plan.outputs.artifact_suffix }}-timings.json"
          export OPENCLAW_DOCKER_ALL_PNPM_COMMAND="$(command -v pnpm)"
          if [[ "${{ steps.plan.outputs.needs_live_image }}" == "1" ]]; then
-            pnpm test:docker:live-build
+            OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" bash .release-harness/scripts/test-live-build-docker.sh
          fi
          export OPENCLAW_DOCKER_ALL_BUILD=0

@@ -1327,6 +1327,14 @@ jobs:
          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

+      - name: Checkout trusted live Docker harness
+        if: contains(matrix.profiles, inputs.release_test_profile)
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ github.sha }}
+          fetch-depth: 1
+          path: .release-harness
+
      - name: Setup Node environment
        if: contains(matrix.profiles, inputs.release_test_profile)
        uses: ./.github/actions/setup-node-env
@@ -1376,7 +1384,7 @@ jobs:

      - name: Run Docker live model sweep
        if: contains(matrix.profiles, inputs.release_test_profile)
-        run: pnpm test:docker:live-models
+        run: OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" bash .release-harness/scripts/test-live-models-docker.sh

  validate_live_models_docker_targeted:
    name: Docker live models (selected providers)
@@ -1427,6 +1435,13 @@ jobs:
          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

+      - name: Checkout trusted live Docker harness
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ github.sha }}
+          fetch-depth: 1
+          path: .release-harness
+
      - name: Setup Node environment
        uses: ./.github/actions/setup-node-env
        with:
@@ -1534,7 +1549,7 @@ jobs:
          done

      - name: Run Docker live model sweep
-        run: pnpm test:docker:live-models
+        run: OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" bash .release-harness/scripts/test-live-models-docker.sh

  validate_live_provider_suites:
    needs: validate_selected_ref
@@ -1715,21 +1730,21 @@ jobs:
            profiles: full
          - suite_id: live-gateway-docker
            label: Docker live gateway
-            command: pnpm test:docker:live-gateway
+            command: OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" bash .release-harness/scripts/test-live-gateway-models-docker.sh
            timeout_minutes: 120
            needs_ffmpeg: false
            profile_env_only: false
            profiles: minimum stable full
          - suite_id: live-cli-backend-docker
            label: Docker live CLI backend
-            command: pnpm test:docker:live-cli-backend
+            command: OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" bash .release-harness/scripts/test-live-cli-backend-docker.sh
            timeout_minutes: 120
            needs_ffmpeg: false
            profile_env_only: false
            profiles: stable full
          - suite_id: live-acp-bind-docker
            label: Docker live ACP bind
-            command: pnpm test:docker:live-acp-bind
+            command: OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" bash .release-harness/scripts/test-live-acp-bind-docker.sh
            timeout_minutes: 120
            needs_ffmpeg: false
            profile_env_only: false