vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 17:31:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(ci): add channel CodeQL PR quality guard

Browse Source 
Adds the channel runtime quality shard to the PR CodeQL guard and keeps non-security quality analysis path-sharded by surface.
This commit is contained in:
Vincent Koc
2026-04-29 22:00:55 -07:00
committed by GitHub
parent 2d53b1d314
commit 6308d2a1dc
2 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/codeql-critical-quality.yml vendored
View File

@@ -10,6 +10,7 @@ on:
type: choice type: choice
options: options:
- all - all
- channel-runtime-boundary
- gateway-runtime-boundary - gateway-runtime-boundary
- plugin-boundary - plugin-boundary
- plugin-sdk-package-contract - plugin-sdk-package-contract
@@ -23,6 +24,7 @@ on:
- ".github/workflows/codeql-critical-quality.yml" - ".github/workflows/codeql-critical-quality.yml"
- "packages/plugin-package-contract/**" - "packages/plugin-package-contract/**"
- "packages/plugin-sdk/**" - "packages/plugin-sdk/**"
- "src/channels/**"
- "src/gateway/method-scopes.ts" - "src/gateway/method-scopes.ts"
- "src/gateway/protocol/**" - "src/gateway/protocol/**"
- "src/gateway/server-methods/**" - "src/gateway/server-methods/**"
@@ -53,6 +55,7 @@ jobs:
runs-on: blacksmith-4vcpu-ubuntu-2404 runs-on: blacksmith-4vcpu-ubuntu-2404
timeout-minutes: 5 timeout-minutes: 5
outputs: outputs:
channel: ${{ steps.detect.outputs.channel }}
gateway: ${{ steps.detect.outputs.gateway }} gateway: ${{ steps.detect.outputs.gateway }}
plugin: ${{ steps.detect.outputs.plugin }} plugin: ${{ steps.detect.outputs.plugin }}
plugin_sdk_package: ${{ steps.detect.outputs.plugin_sdk_package }} plugin_sdk_package: ${{ steps.detect.outputs.plugin_sdk_package }}
@@ -68,12 +71,14 @@ jobs:
run: | run: |
set -euo pipefail set -euo pipefail
channel=false
gateway=false gateway=false
plugin=false plugin=false
plugin_sdk_package=false plugin_sdk_package=false
provider=false provider=false
if [[ "${EVENT_NAME}" != "pull_request" ]]; then if [[ "${EVENT_NAME}" != "pull_request" ]]; then
channel=true
gateway=true gateway=true
plugin=true plugin=true
plugin_sdk_package=true plugin_sdk_package=true
@@ -82,11 +87,15 @@ jobs:
while IFS= read -r file; do while IFS= read -r file; do
case "${file}" in case "${file}" in
.github/codeql/*|.github/workflows/codeql-critical-quality.yml) .github/codeql/*|.github/workflows/codeql-critical-quality.yml)
channel=true
gateway=true gateway=true
plugin=true plugin=true
plugin_sdk_package=true plugin_sdk_package=true
provider=true provider=true
;; ;;
src/channels/*)
channel=true
;;
src/gateway/method-scopes.ts|src/gateway/protocol/*|src/gateway/server-methods/*|src/gateway/server-methods.ts|src/gateway/server-methods-list.ts) src/gateway/method-scopes.ts|src/gateway/protocol/*|src/gateway/server-methods/*|src/gateway/server-methods.ts|src/gateway/server-methods-list.ts)
gateway=true gateway=true
;; ;;
@@ -112,6 +121,7 @@ jobs:
fi fi
{ {
echo "channel=${channel}"
echo "gateway=${gateway}" echo "gateway=${gateway}"
echo "plugin=${plugin}" echo "plugin=${plugin}"
echo "plugin_sdk_package=${plugin_sdk_package}" echo "plugin_sdk_package=${plugin_sdk_package}"
@@ -187,7 +197,8 @@ jobs:
channel-runtime-boundary: channel-runtime-boundary:
name: Critical Quality (channel-runtime-boundary) name: Critical Quality (channel-runtime-boundary)
if: ${{ github.event_name != 'pull_request' && (github.event_name != 'workflow_dispatch' || inputs.profile == 'all') }} needs: quality-shards
if: ${{ needs.quality-shards.outputs.channel == 'true' && (github.event_name != 'pull_request' || !github.event.pull_request.draft) && (github.event_name == 'pull_request' || github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'channel-runtime-boundary') }}
runs-on: blacksmith-4vcpu-ubuntu-2404 runs-on: blacksmith-4vcpu-ubuntu-2404
timeout-minutes: 25 timeout-minutes: 25
steps: steps:

9
docs/ci.md
View File

@@ -299,12 +299,13 @@ The `CodeQL Critical Quality` workflow is the matching non-security shard. It
runs only error-severity, non-security JavaScript/TypeScript quality queries runs only error-severity, non-security JavaScript/TypeScript quality queries
over narrow high-value surfaces on the smaller Blacksmith Linux runner. Its over narrow high-value surfaces on the smaller Blacksmith Linux runner. Its
pull request guard is intentionally smaller than the scheduled profile: non-draft pull request guard is intentionally smaller than the scheduled profile: non-draft
PRs only run the matching `gateway-runtime-boundary`, `provider-runtime-boundary`, PRs only run the matching `channel-runtime-boundary`,
`plugin-boundary`, and `plugin-sdk-package-contract` shards for gateway `gateway-runtime-boundary`, `provider-runtime-boundary`, `plugin-boundary`, and
`plugin-sdk-package-contract` shards for channel runtime, gateway
protocol/server-method, provider runtime/model catalog, plugin loader, Plugin protocol/server-method, provider runtime/model catalog, plugin loader, Plugin
SDK, or package-contract changes. CodeQL config and quality workflow changes run SDK, or package-contract changes. CodeQL config and quality workflow changes run
all four PR quality shards. Its manual dispatch accepts all five PR quality shards. Its manual dispatch accepts
`profile=all|gateway-runtime-boundary|plugin-boundary|plugin-sdk-package-contract|plugin-sdk-reply-runtime|provider-runtime-boundary|session-diagnostics-boundary`; `profile=all|channel-runtime-boundary|gateway-runtime-boundary|plugin-boundary|plugin-sdk-package-contract|plugin-sdk-reply-runtime|provider-runtime-boundary|session-diagnostics-boundary`;
the narrow profiles are teaching/iteration hooks for running one quality shard the narrow profiles are teaching/iteration hooks for running one quality shard
in isolation without dispatching the rest of the workflow. in isolation without dispatching the rest of the workflow.
Its Its