ci: use api key auth for Codex CLI backend smoke

2026-05-06 08:50:43 +00:00 · 2026-04-28 23:24:45 +01:00
parent e583db63c6
commit 60861b3823
1 changed files with 9 additions and 7 deletions
--- a/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
+++ b/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
@@ -1875,18 +1875,20 @@ jobs:
          case "${{ matrix.suite_id }}" in
            live-cli-backend-docker)
              echo "OPENCLAW_LIVE_CLI_BACKEND_MODEL=codex-cli/gpt-5.5" >> "$GITHUB_ENV"
-              # The CLI backend Docker lane should exercise the same staged
-              # Codex auth path Peter uses locally so MCP cron creation and
-              # multimodal probes stay covered in CI. Replace the staged
-              # config.toml with a minimal CI-safe config so the repo stays
-              # trusted for MCP/tool use without inheriting maintainer-local
-              # provider/profile overrides that do not exist inside CI.
+              # Keep the release-blocking CI lane on Codex API-key auth. The
+              # staged auth-file path remains supported for local maintainer
+              # reruns, but it can hang on stale subscription/session state in
+              # an otherwise healthy release run.
+              echo "OPENCLAW_LIVE_CLI_BACKEND_AUTH=api-key" >> "$GITHUB_ENV"
+              # Replace the staged config.toml with a minimal CI-safe config so
+              # the repo stays trusted for MCP/tool use without inheriting
+              # maintainer-local provider/profile overrides that do not exist
+              # inside CI.
              # Codex's workspace-write sandbox relies on user namespaces that
              # this Docker lane does not provide, so run Codex unsandboxed
              # inside the already-isolated container to keep MCP cron/tool
              # execution representative instead of failing on nested sandbox
              # setup.
-              echo 'OPENCLAW_LIVE_CLI_BACKEND_CLEAR_ENV=["OPENAI_API_KEY","OPENAI_BASE_URL"]' >> "$GITHUB_ENV"
              echo 'OPENCLAW_LIVE_CLI_BACKEND_ARGS=["exec","--json","--color","never","--sandbox","danger-full-access","--skip-git-repo-check"]' >> "$GITHUB_ENV"
              echo 'OPENCLAW_LIVE_CLI_BACKEND_RESUME_ARGS=["exec","resume","{sessionId}","-c","sandbox_mode=\"danger-full-access\"","--skip-git-repo-check"]' >> "$GITHUB_ENV"
              echo "OPENCLAW_LIVE_CLI_BACKEND_DEBUG=1" >> "$GITHUB_ENV"