vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 11:50:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

CI: expand native release validation coverage (#67144)

Browse Source 
* Actions: grant reusable release checks actions read

* Actions: use read-all for reusable release checks

* CI: add native cross-OS release checks

* CI: wire Discord smoke secrets for cross-OS checks

* CI: fix native cross-OS installer compatibility

* CI: skip empty pnpm cache saves in matrix jobs

* CI: honor workflow runner override envs

* CI: finish native cross-OS update checks

* CI: fix native cross-OS workflow regressions

* Installer: capture Windows npm stderr safely

* CI: harden cross-OS release checks

* CI: resolve reusable workflow harness ref

* CI: stabilize cross-OS dev update lanes

* CI: tighten release-check workflow semantics

* CI: repoint repaired git CLI on POSIX

* CI: repair native dev-update shell handoff

* CI: preserve real updater semantics

* CI: harden supported release-check refs

* CI: harden release-check refs and fresh mode

* CI: skip dev-update for immutable tag refs

* CI: repair fresh installer release checks

* CI: fix native release check installer lanes

* CI: install release checks from candidate artifacts

* CI: use Windows cmd shims in release checks

* Installer: run Windows npm shim via PowerShell

* CI: pin dev update verification to candidate sha

* CI: pin reusable harness and published installers

* CI: isolate Windows dev-update PATH validation

* CI: align Windows dev-update bootstrap validation

* CI: avoid Windows installer gateway flake

* CI: run cross-OS release checks via TypeScript

* CI: bootstrap tsx for release-check workflow

* CI: fix native release-check follow-ups

* CI: tighten dev-update release checks

* CI: peel annotated workflow refs

* CI: harden native release checks

* CI: fix release-check verifier drift

* CI: fix release-check workflow drift

* CI: fix release-check ref resolution

* CI: harden Windows release-check gateway startup

* CI: fix release-check fallback validation

* CI: harden cross-os release checks

* CI: pin dev-update release checks to candidate SHA

* CI: resolve remote dev target refs

* CI: detect cloned dev-update checkouts

* CI: harden Windows release-check launcher

* Windows: harden task fallback and runner overrides

* Release checks: preserve Windows PATH and baseline version reads

* CI: add release validation live lanes

* CI: expand live and e2e release coverage

* CI: add branch dispatch for live and e2e checks
This commit is contained in:
Onur
2026-04-16 19:58:19 +02:00
committed by GitHub
parent 687ede50a5
commit 900e291f31
17 changed files with 5457 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
scripts/ci-hydrate-live-auth.sh Normal file
View File

@@ -0,0 +1,84 @@
#!/usr/bin/env bash
set -euo pipefail
profile_path="${1:-${RUNNER_TEMP:-/tmp}/openclaw-live.profile}"
mkdir -p "$(dirname "$profile_path")"
: >"$profile_path"
chmod 600 "$profile_path"
append_profile_env() {
local key="$1"
local value="${!key:-}"
if [[ -z "$value" || "$value" == "undefined" || "$value" == "null" ]]; then
return
fi
printf 'export %s=%q\n' "$key" "$value" >>"$profile_path"
}
write_secret_file() {
local destination="$1"
local source_env="$2"
local value="${!source_env:-}"
if [[ -z "$value" ]]; then
return
fi
mkdir -p "$(dirname "$destination")"
printf '%s' "$value" >"$destination"
chmod 600 "$destination"
}
for env_key in \
OPENAI_API_KEY \
OPENAI_BASE_URL \
ANTHROPIC_API_KEY \
ANTHROPIC_API_KEY_OLD \
ANTHROPIC_API_TOKEN \
BYTEPLUS_API_KEY \
CEREBRAS_API_KEY \
DASHSCOPE_API_KEY \
GROQ_API_KEY \
KIMI_API_KEY \
MODELSTUDIO_API_KEY \
MOONSHOT_API_KEY \
MISTRAL_API_KEY \
MINIMAX_API_KEY \
OPENCODE_API_KEY \
OPENCODE_ZEN_API_KEY \
OPENCLAW_LIVE_BROWSER_CDP_URL \
OPENCLAW_LIVE_SETUP_TOKEN \
OPENCLAW_LIVE_SETUP_TOKEN_MODEL \
OPENCLAW_LIVE_SETUP_TOKEN_PROFILE \
OPENCLAW_LIVE_SETUP_TOKEN_VALUE \
GEMINI_API_KEY \
GOOGLE_API_KEY \
OPENROUTER_API_KEY \
QWEN_API_KEY \
FAL_KEY \
RUNWAY_API_KEY \
DEEPGRAM_API_KEY \
TOGETHER_API_KEY \
VYDRA_API_KEY \
XAI_API_KEY \
ZAI_API_KEY \
Z_AI_API_KEY \
BYTEPLUS_ACCESS_KEY_ID \
BYTEPLUS_SECRET_ACCESS_KEY \
CLAUDE_CODE_OAUTH_TOKEN
do
append_profile_env "$env_key"
done
write_secret_file "$HOME/.codex/auth.json" OPENCLAW_CODEX_AUTH_JSON
write_secret_file "$HOME/.codex/config.toml" OPENCLAW_CODEX_CONFIG_TOML
write_secret_file "$HOME/.claude.json" OPENCLAW_CLAUDE_JSON
write_secret_file "$HOME/.claude/.credentials.json" OPENCLAW_CLAUDE_CREDENTIALS_JSON
write_secret_file "$HOME/.claude/settings.json" OPENCLAW_CLAUDE_SETTINGS_JSON
write_secret_file "$HOME/.claude/settings.local.json" OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON
write_secret_file "$HOME/.gemini/settings.json" OPENCLAW_GEMINI_SETTINGS_JSON
if [[ -n "${GITHUB_ENV:-}" ]]; then
{
echo "OPENCLAW_PROFILE_FILE=$profile_path"
} >>"$GITHUB_ENV"
fi

102
scripts/install.ps1
View File

@@ -29,7 +29,7 @@ function Write-Host {
"error" { "$ERROR$NC $Message" }
default { "$MUTED·$NC $Message" }
}
Microsoft.PowerShell.Host\Write-Host $msg
Microsoft.PowerShell.Utility\Write-Host $msg
}
function Write-Banner {
@@ -199,6 +199,76 @@ function Ensure-Git {
return Install-Git
}
function Read-TrimmedFileText {
param([string]$Path)
if (!(Test-Path -LiteralPath $Path)) {
return ""
}
return ((Get-Content -LiteralPath $Path -Raw) -replace "(\r?\n)+$", "")
}
function ConvertTo-PowerShellSingleQuotedLiteral {
param([string]$Value)
return "'" + ($Value -replace "'", "''") + "'"
}
function Invoke-NativeCommandCapture {
param(
[Parameter(Mandatory = $true)]
[string]$FilePath,
[string[]]$Arguments = @()
)
$stdoutPath = [System.IO.Path]::GetTempFileName()
$stderrPath = [System.IO.Path]::GetTempFileName()
try {
$startFilePath = $FilePath
$startArguments = $Arguments
if ($FilePath -match '(?i)\.(cmd|bat)$') {
# Start-Process cannot directly redirect stdio for command shims like
# npm.cmd. Run them inside a nested PowerShell so the shim executes
# normally while stdout/stderr still flow back to these temp files.
$commandParts = @(
ConvertTo-PowerShellSingleQuotedLiteral -Value $FilePath
)
foreach ($argument in $Arguments) {
$commandParts += ConvertTo-PowerShellSingleQuotedLiteral -Value $argument
}
$commandScript = "& " + ($commandParts -join " ") + "`nexit `$LASTEXITCODE"
$startFilePath = "powershell.exe"
$startArguments = @(
"-NoLogo",
"-NoProfile",
"-NonInteractive",
"-ExecutionPolicy",
"Bypass",
"-Command",
$commandScript
)
}
$process = Start-Process -FilePath $startFilePath `
-ArgumentList $startArguments `
-Wait `
-PassThru `
-RedirectStandardOutput $stdoutPath `
-RedirectStandardError $stderrPath
return @{
ExitCode = $process.ExitCode
Stdout = Read-TrimmedFileText -Path $stdoutPath
Stderr = Read-TrimmedFileText -Path $stderrPath
}
} finally {
Remove-Item -LiteralPath $stdoutPath, $stderrPath -Force -ErrorAction SilentlyContinue
}
}
function Install-OpenClawNpm {
param([string]$Target = "latest")
@@ -207,8 +277,25 @@ function Install-OpenClawNpm {
Write-Host "Installing OpenClaw ($installSpec)..." -Level info
try {
# Use -ExecutionPolicy Bypass to handle restricted execution policy
npm install -g $installSpec --no-fund --no-audit 2>&1
# Run npm out-of-process so warning chatter on stderr does not get
# promoted into a terminating PowerShell error while the install succeeds.
$installResult = Invoke-NativeCommandCapture -FilePath "npm.cmd" -Arguments @(
"install",
"-g",
$installSpec,
"--no-fund",
"--no-audit"
)
if ($installResult.Stdout) {
Microsoft.PowerShell.Utility\Write-Output $installResult.Stdout
}
if ($installResult.Stderr) {
Microsoft.PowerShell.Utility\Write-Output $installResult.Stderr
}
if ($installResult.ExitCode -ne 0) {
Write-Host "npm install failed with exit code $($installResult.ExitCode)" -Level error
return $false
}
Write-Host "OpenClaw installed" -Level success
return $true
} catch {
@@ -341,8 +428,13 @@ function Main {
# Try to add npm global bin to PATH
try {
$npmPrefix = npm config get prefix 2>$null
if ($npmPrefix) {
$prefixResult = Invoke-NativeCommandCapture -FilePath "npm.cmd" -Arguments @(
"config",
"get",
"prefix"
)
$npmPrefix = $prefixResult.Stdout
if ($prefixResult.ExitCode -eq 0 -and $npmPrefix) {
Add-ToPath -Path "$npmPrefix"
}
} catch { }

13
scripts/install.sh
View File

@@ -1942,6 +1942,11 @@ resolve_beta_version() {
echo "$beta"
}
to_lowercase_ascii() {
# macOS still ships Bash 3.2, so avoid `${value,,}` here.
printf '%s' "${1:-}" | tr '[:upper:]' '[:lower:]'
}
is_explicit_package_install_spec() {
local value="${1:-}"
[[ "$value" == *"://"* || "$value" == *"#"* || "$value" =~ ^(file|github|git\+ssh|git\+https|git\+http|git\+file|npm): ]]
@@ -1949,10 +1954,12 @@ is_explicit_package_install_spec() {
can_resolve_registry_package_version() {
local value="${1:-}"
local normalized_value=""
normalized_value="$(to_lowercase_ascii "$value")"
if [[ -z "$value" ]]; then
return 0
fi
if [[ "${value,,}" == "main" ]]; then
if [[ "$normalized_value" == "main" ]]; then
return 1
fi
if is_explicit_package_install_spec "$value"; then
@@ -1964,7 +1971,9 @@ can_resolve_registry_package_version() {
resolve_package_install_spec() {
local package_name="$1"
local value="$2"
if [[ "${value,,}" == "main" ]]; then
local normalized_value=""
normalized_value="$(to_lowercase_ascii "$value")"
if [[ "$normalized_value" == "main" ]]; then
echo "github:openclaw/openclaw#main"
return 0
fi

2975
scripts/openclaw-cross-os-release-checks.ts Normal file
View File

File diff suppressed because it is too large Load Diff