diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4f69a2bf038..2b44df88ad9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -454,6 +454,8 @@ jobs: if: needs.preflight.outputs.run_build_artifacts == 'true' runs-on: ${{ github.repository == 'openclaw/openclaw' && 'blacksmith-8vcpu-ubuntu-2404' || 'ubuntu-24.04' }} timeout-minutes: 20 + outputs: + gateway-watch-result: ${{ steps.gateway_watch.outcome }} steps: - name: Checkout shell: bash @@ -521,6 +523,10 @@ jobs: - name: Build Control UI run: pnpm ui:build + - name: Check Control UI i18n + if: needs.preflight.outputs.run_control_ui_i18n == 'true' + run: pnpm ui:i18n:check + - name: Cache dist build uses: actions/cache@v5 with: @@ -562,6 +568,20 @@ jobs: - name: Check CLI startup memory run: pnpm test:startup:memory + - name: Run gateway watch regression + id: gateway_watch + if: needs.preflight.outputs.run_check_additional == 'true' + continue-on-error: true + run: node scripts/check-gateway-watch-regression.mjs --skip-build + + - name: Upload gateway watch regression artifacts + if: always() && needs.preflight.outputs.run_check_additional == 'true' + uses: actions/upload-artifact@v7 + with: + name: gateway-watch-regression + path: .local/gateway-watch-regression/ + retention-days: 7 + checks-fast-core: permissions: contents: read @@ -1781,101 +1801,11 @@ jobs: exit "$failures" - check-additional-runtime-topology-gateway: - permissions: - contents: read - name: "check-additional-runtime-topology-gateway" - needs: [preflight, build-artifacts] - if: ${{ !cancelled() && always() && needs.preflight.outputs.run_check_additional == 'true' && needs.build-artifacts.result == 'success' }} - runs-on: ubuntu-24.04 - timeout-minutes: 20 - steps: - - name: Checkout - shell: bash - env: - CHECKOUT_REPO: ${{ github.repository }} - CHECKOUT_SHA: ${{ github.sha }} - CHECKOUT_TOKEN: ${{ github.token }} - run: | - set -euo pipefail - - workdir="$GITHUB_WORKSPACE" - auth_header="$(printf 'x-access-token:%s' "$CHECKOUT_TOKEN" | base64 | tr -d '\n')" - - reset_checkout_dir() { - mkdir -p "$workdir" - find "$workdir" -mindepth 1 -maxdepth 1 -exec rm -rf {} + - } - - checkout_attempt() { - local attempt="$1" - - reset_checkout_dir - git init "$workdir" >/dev/null - git config --global --add safe.directory "$workdir" - git -C "$workdir" remote add origin "https://github.com/${CHECKOUT_REPO}" - git -C "$workdir" config gc.auto 0 - - timeout --signal=TERM 30s git -C "$workdir" \ - -c protocol.version=2 \ - -c "http.https://github.com/.extraheader=AUTHORIZATION: basic ${auth_header}" \ - fetch --no-tags --prune --no-recurse-submodules --depth=1 origin \ - "+${CHECKOUT_SHA}:refs/remotes/origin/ci-target" || return 1 - - git -C "$workdir" checkout --force --detach "$CHECKOUT_SHA" || return 1 - test -f "$workdir/.github/actions/setup-node-env/action.yml" || return 1 - echo "checkout attempt ${attempt}/2 succeeded" - } - - for attempt in 1 2; do - if checkout_attempt "$attempt"; then - exit 0 - fi - echo "checkout attempt ${attempt}/2 failed" - sleep $((attempt * 5)) - done - - echo "checkout failed after 2 attempts" >&2 - exit 1 - - - name: Setup Node environment - uses: ./.github/actions/setup-node-env - with: - install-bun: "false" - - - name: Download built runtime artifacts - uses: actions/download-artifact@v8 - with: - name: dist-runtime-build - path: .local/dist-runtime-build - - - name: Restore built runtime artifacts - run: | - tar -xf .local/dist-runtime-build/dist-runtime-build.tar.zst --use-compress-program unzstd - test -f dist/entry.js - test -f dist/.buildstamp - test -d dist-runtime - - - name: Check Control UI i18n - if: needs.preflight.outputs.run_control_ui_i18n == 'true' - run: pnpm ui:i18n:check - - - name: Run gateway watch regression - run: node scripts/check-gateway-watch-regression.mjs --skip-build - - - name: Upload gateway watch regression artifacts - if: always() - uses: actions/upload-artifact@v7 - with: - name: gateway-watch-regression - path: .local/gateway-watch-regression/ - retention-days: 7 - check-additional: permissions: contents: read name: "check-additional" - needs: [preflight, check-additional-shard, check-additional-runtime-topology-gateway] + needs: [preflight, check-additional-shard, build-artifacts] if: ${{ !cancelled() && always() && needs.preflight.outputs.run_check_additional == 'true' }} runs-on: ubuntu-24.04 timeout-minutes: 5 @@ -1883,12 +1813,17 @@ jobs: - name: Verify additional check shards env: SHARD_RESULT: ${{ needs.check-additional-shard.result }} - GATEWAY_RESULT: ${{ needs.check-additional-runtime-topology-gateway.result }} + BUILD_ARTIFACTS_RESULT: ${{ needs.build-artifacts.result }} + GATEWAY_RESULT: ${{ needs.build-artifacts.outputs.gateway-watch-result }} run: | if [ "$SHARD_RESULT" != "success" ]; then echo "Additional check shards failed: $SHARD_RESULT" >&2 exit 1 fi + if [ "$BUILD_ARTIFACTS_RESULT" != "success" ]; then + echo "Build artifact job failed: $BUILD_ARTIFACTS_RESULT" >&2 + exit 1 + fi if [ "$GATEWAY_RESULT" != "success" ]; then echo "Gateway topology check failed: $GATEWAY_RESULT" >&2 exit 1 diff --git a/docs/ci.md b/docs/ci.md index c8a39286a15..765b1f7f853 100644 --- a/docs/ci.md +++ b/docs/ci.md @@ -18,7 +18,7 @@ The CI runs on every push to `main` and every pull request. It uses smart scopin | `security-scm-fast` | Private key detection and workflow audit via `zizmor` | Always on non-draft pushes and PRs | | `security-dependency-audit` | Dependency-free production lockfile audit against npm advisories | Always on non-draft pushes and PRs | | `security-fast` | Required aggregate for the fast security jobs | Always on non-draft pushes and PRs | -| `build-artifacts` | Build `dist/` and the Control UI once, upload reusable artifacts for downstream jobs | Node-relevant changes | +| `build-artifacts` | Build `dist/`, Control UI, gateway watch, and reusable downstream artifacts | Node-relevant changes | | `checks-fast-core` | Fast Linux correctness lanes such as bundled/plugin-contract/protocol checks | Node-relevant changes | | `checks-fast-contracts-channels` | Sharded channel contract checks with a stable aggregate check result | Node-relevant changes | | `checks-node-extensions` | Full bundled-plugin test shards across the extension suite | Node-relevant changes | @@ -53,7 +53,7 @@ Local changed-lane logic lives in `scripts/changed-lanes.mjs` and is executed by On pushes, the `checks` matrix adds the push-only `compat-node22` lane. On pull requests, that lane is skipped and the matrix stays focused on the normal test/channel lanes. -The slowest Node test families are split or balanced so each job stays small: channel contracts split registry and core coverage into six weighted shards total, bundled plugin tests balance across six extension workers, auto-reply runs as three balanced workers instead of six tiny workers, and agentic gateway/plugin configs are spread across the existing source-only agentic Node jobs instead of waiting on built artifacts. Broad browser, QA, media, and miscellaneous plugin tests use their dedicated Vitest configs instead of the shared plugin catch-all. The broad agents lane uses the shared Vitest file-parallel scheduler because it is import/scheduling dominated rather than owned by a single slow test file. `runtime-config` runs with the infra core-runtime shard to keep the shared runtime shard from owning the tail. `check-additional` keeps package-boundary compile/canary work together and separates runtime topology architecture from gateway watch coverage; the boundary guard shard runs its small independent guards concurrently inside one job, and the gateway watch regression reuses a same-run built `dist/` and `dist-runtime/` tar artifact from `build-artifacts` so it measures watch stability without rebuilding runtime artifacts in its own worker. +The slowest Node test families are split or balanced so each job stays small: channel contracts split registry and core coverage into six weighted shards total, bundled plugin tests balance across six extension workers, auto-reply runs as three balanced workers instead of six tiny workers, and agentic gateway/plugin configs are spread across the existing source-only agentic Node jobs instead of waiting on built artifacts. Broad browser, QA, media, and miscellaneous plugin tests use their dedicated Vitest configs instead of the shared plugin catch-all. The broad agents lane uses the shared Vitest file-parallel scheduler because it is import/scheduling dominated rather than owned by a single slow test file. `runtime-config` runs with the infra core-runtime shard to keep the shared runtime shard from owning the tail. `check-additional` keeps package-boundary compile/canary work together and separates runtime topology architecture from gateway watch coverage; the boundary guard shard runs its small independent guards concurrently inside one job, and the gateway watch regression runs inside `build-artifacts` after `dist/` and `dist-runtime/` are already built so it measures watch stability without reserving another runner or rebuilding runtime artifacts. Android CI runs both `testPlayDebugUnitTest` and `testThirdPartyDebugUnitTest`, then builds the Play debug APK. The third-party flavor has no separate source set or manifest; its unit-test lane still compiles that flavor with the SMS/call-log BuildConfig flags, while avoiding a duplicate debug APK packaging job on every Android-relevant push. `extension-fast` is PR-only because push runs already execute the full bundled plugin shards. That keeps changed-plugin feedback for reviews without reserving an extra Blacksmith worker on `main` for coverage already present in `checks-node-extensions`.