mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-18 21:34:46 +00:00
fix(ci): authenticate performance report publishing
This commit is contained in:
Vincent Koc
7
.github/workflows/openclaw-performance.yml
vendored
7
.github/workflows/openclaw-performance.yml
vendored
@@ -489,9 +489,7 @@ jobs:
|
||||
reports_root=".artifacts/clawgrit-reports"
|
||||
mkdir -p "$reports_root"
|
||||
git -C "$reports_root" init -b main
|
||||
git -C "$reports_root" remote add origin https://github.com/openclaw/clawgrit-reports.git
|
||||
auth_header="$(printf 'x-access-token:%s' "$CLAWGRIT_REPORTS_TOKEN" | base64 -w0)"
|
||||
git -C "$reports_root" config http.https://github.com/.extraheader "AUTHORIZATION: basic ${auth_header}"
|
||||
git -C "$reports_root" remote add origin "https://x-access-token:${CLAWGRIT_REPORTS_TOKEN}@github.com/openclaw/clawgrit-reports.git"
|
||||
if git -C "$reports_root" ls-remote --exit-code --heads origin main >/dev/null 2>&1; then
|
||||
git -C "$reports_root" fetch --depth=1 origin main
|
||||
git -C "$reports_root" checkout -B main FETCH_HEAD
|
||||
@@ -501,10 +499,13 @@ jobs:
|
||||
|
||||
- name: Publish to clawgrit reports
|
||||
if: ${{ steps.kova.outputs.report_json != '' && steps.clawgrit.outputs.present == 'true' }}
|
||||
env:
|
||||
CLAWGRIT_REPORTS_TOKEN: ${{ secrets.CLAWGRIT_REPORTS_TOKEN }}
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
reports_root=".artifacts/clawgrit-reports"
|
||||
git -C "$reports_root" remote set-url origin "https://x-access-token:${CLAWGRIT_REPORTS_TOKEN}@github.com/openclaw/clawgrit-reports.git"
|
||||
ref_slug="$(printf '%s' "${TESTED_REF}" | tr -c 'A-Za-z0-9._-' '-')"
|
||||
run_slug="${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}"
|
||||
dest="${reports_root}/openclaw-performance/${ref_slug}/${run_slug}/${LANE_ID}"
|
||||
|
||||
@@ -23,6 +23,7 @@ Docs: https://docs.openclaw.ai
|
||||
- Telegram: allow trusted local Bot API media files whose filenames start with dots instead of falling back to remote download.
|
||||
- Agents/Codex app-server: remap injected context files under dot-dot-prefixed workspace directories when a run switches to an effective sandbox workspace.
|
||||
- Control UI/i18n: use the installed workspace pi runtime for locale refreshes, update the fallback package pin, and skip scheduled refreshes with invalid provider credentials instead of failing main.
|
||||
- CI/performance: authenticate the clawgrit report repository remote during both checkout and publish so performance report pushes do not fail after benchmarks complete.
|
||||
- Hooks: load workspace-relative legacy hook modules from dot-dot-prefixed directories without treating the filename prefix as parent traversal.
|
||||
- Plugins: preserve installed package metadata and persisted registry freshness checks for plugin package paths under dot-dot-prefixed directories.
|
||||
- Agents: allow dot-dot-prefixed filenames such as `..note.txt` through sandbox FS bridge, remote sandbox reads, and apply_patch summaries without mistaking the name for parent traversal.
|
||||
|
||||
47
test/scripts/openclaw-performance-workflow.test.ts
Normal file
47
test/scripts/openclaw-performance-workflow.test.ts
Normal file
@@ -0,0 +1,47 @@
|
||||
import { readFileSync } from "node:fs";
|
||||
import { describe, expect, it } from "vitest";
|
||||
import { parse } from "yaml";
|
||||
|
||||
const WORKFLOW = ".github/workflows/openclaw-performance.yml";
|
||||
|
||||
type WorkflowStep = {
|
||||
name?: string;
|
||||
run?: string;
|
||||
env?: Record<string, string>;
|
||||
};
|
||||
|
||||
type WorkflowJob = {
|
||||
steps?: WorkflowStep[];
|
||||
};
|
||||
|
||||
type Workflow = {
|
||||
jobs?: Record<string, WorkflowJob>;
|
||||
};
|
||||
|
||||
function readWorkflow(): Workflow {
|
||||
return parse(readFileSync(WORKFLOW, "utf8")) as Workflow;
|
||||
}
|
||||
|
||||
function findStep(name: string): WorkflowStep {
|
||||
const steps = readWorkflow().jobs?.kova?.steps ?? [];
|
||||
const step = steps.find((candidate) => candidate.name === name);
|
||||
expect(step).toBeDefined();
|
||||
return step as WorkflowStep;
|
||||
}
|
||||
|
||||
describe("OpenClaw performance workflow", () => {
|
||||
it("uses the clawgrit reports token for every report repo push path", () => {
|
||||
const prepare = findStep("Prepare clawgrit reports checkout");
|
||||
const publish = findStep("Publish to clawgrit reports");
|
||||
|
||||
expect(prepare.env?.CLAWGRIT_REPORTS_TOKEN).toBe("${{ secrets.CLAWGRIT_REPORTS_TOKEN }}");
|
||||
expect(publish.env?.CLAWGRIT_REPORTS_TOKEN).toBe("${{ secrets.CLAWGRIT_REPORTS_TOKEN }}");
|
||||
expect(prepare.run).toContain(
|
||||
'remote add origin "https://x-access-token:${CLAWGRIT_REPORTS_TOKEN}@github.com/openclaw/clawgrit-reports.git"',
|
||||
);
|
||||
expect(publish.run).toContain(
|
||||
'remote set-url origin "https://x-access-token:${CLAWGRIT_REPORTS_TOKEN}@github.com/openclaw/clawgrit-reports.git"',
|
||||
);
|
||||
expect(publish.run).toContain('git -C "$reports_root" push origin HEAD:main');
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user