diff --git a/.agents/skills/openclaw-testing/SKILL.md b/.agents/skills/openclaw-testing/SKILL.md index fdc41f1786c..c57a1a90f21 100644 --- a/.agents/skills/openclaw-testing/SKILL.md +++ b/.agents/skills/openclaw-testing/SKILL.md @@ -157,6 +157,14 @@ short release-manager notes there. Do not store raw logs, provider prompts/responses, channel transcripts, signing material, or secret-bearing config in git; raw logs stay in Actions artifacts. +When `Full Release Validation` completes and +`OPENCLAW_RELEASES_PRIVATE_DISPATCH_TOKEN` is configured in the public repo, it +requests the private `OpenClaw Release Evidence From Full Validation` workflow. +That private workflow reads the parent full-validation run, extracts the child +CI/release-checks/Telegram run ids from the parent logs, and opens the evidence +PR automatically. If the token is absent or the run predates this wiring, trigger +that private workflow manually with the full-validation run id. + ### Release Checks `OpenClaw Release Checks` (`openclaw-release-checks.yml`) is the release child diff --git a/.github/workflows/full-release-validation.yml b/.github/workflows/full-release-validation.yml index d8d1e461817..dfbc5a4648a 100644 --- a/.github/workflows/full-release-validation.yml +++ b/.github/workflows/full-release-validation.yml @@ -317,6 +317,57 @@ jobs: runs-on: ubuntu-24.04 timeout-minutes: 5 steps: + - name: Request private evidence update + env: + RELEASE_PRIVATE_DISPATCH_TOKEN: ${{ secrets.OPENCLAW_RELEASES_PRIVATE_DISPATCH_TOKEN }} + TARGET_REF: ${{ inputs.ref }} + PACKAGE_SPEC: ${{ inputs.npm_telegram_package_spec }} + GITHUB_RUN_ID_VALUE: ${{ github.run_id }} + run: | + set -euo pipefail + if [[ -z "${RELEASE_PRIVATE_DISPATCH_TOKEN// }" ]]; then + echo "OPENCLAW_RELEASES_PRIVATE_DISPATCH_TOKEN is not configured; skipping automatic private evidence update." + exit 0 + fi + + release_id="${TARGET_REF#refs/tags/}" + release_id="${release_id#v}" + if [[ "$PACKAGE_SPEC" =~ ^openclaw@(.+)$ ]]; then + release_id="${BASH_REMATCH[1]}" + fi + release_id="$(printf '%s' "$release_id" | tr '/:@ ' '----' | tr -cd 'A-Za-z0-9._-')" + if [[ -z "$release_id" ]]; then + echo "::error::Could not derive release evidence id from target ref '${TARGET_REF}'." + exit 1 + fi + + payload="$( + jq -cn \ + --arg full_validation_run_id "$GITHUB_RUN_ID_VALUE" \ + --arg release_id "$release_id" \ + --arg release_ref "$TARGET_REF" \ + --arg package_spec "$PACKAGE_SPEC" \ + --arg notes "Automatically requested by Full Release Validation ${GITHUB_RUN_ID_VALUE} after child workflows completed." \ + '{ + event_type: "openclaw_full_release_validation_completed", + client_payload: { + full_validation_run_id: $full_validation_run_id, + release_id: $release_id, + release_ref: $release_ref, + package_spec: $package_spec, + notes: $notes + } + }' + )" + + curl --fail-with-body \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${RELEASE_PRIVATE_DISPATCH_TOKEN}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/openclaw/releases-private/dispatches \ + -d "$payload" + - name: Verify child workflow results env: NORMAL_CI_RESULT: ${{ needs.normal_ci.result }}