CI: expand native release validation coverage (#67144)

* Actions: grant reusable release checks actions read * Actions: use read-all for reusable release checks * CI: add native cross-OS release checks * CI: wire Discord smoke secrets for cross-OS checks * CI: fix native cross-OS installer compatibility * CI: skip empty pnpm cache saves in matrix jobs * CI: honor workflow runner override envs * CI: finish native cross-OS update checks * CI: fix native cross-OS workflow regressions * Installer: capture Windows npm stderr safely * CI: harden cross-OS release checks * CI: resolve reusable workflow harness ref * CI: stabilize cross-OS dev update lanes * CI: tighten release-check workflow semantics * CI: repoint repaired git CLI on POSIX * CI: repair native dev-update shell handoff * CI: preserve real updater semantics * CI: harden supported release-check refs * CI: harden release-check refs and fresh mode * CI: skip dev-update for immutable tag refs * CI: repair fresh installer release checks * CI: fix native release check installer lanes * CI: install release checks from candidate artifacts * CI: use Windows cmd shims in release checks * Installer: run Windows npm shim via PowerShell * CI: pin dev update verification to candidate sha * CI: pin reusable harness and published installers * CI: isolate Windows dev-update PATH validation * CI: align Windows dev-update bootstrap validation * CI: avoid Windows installer gateway flake * CI: run cross-OS release checks via TypeScript * CI: bootstrap tsx for release-check workflow * CI: fix native release-check follow-ups * CI: tighten dev-update release checks * CI: peel annotated workflow refs * CI: harden native release checks * CI: fix release-check verifier drift * CI: fix release-check workflow drift * CI: fix release-check ref resolution * CI: harden Windows release-check gateway startup * CI: fix release-check fallback validation * CI: harden cross-os release checks * CI: pin dev-update release checks to candidate SHA * CI: resolve remote dev target refs * CI: detect cloned dev-update checkouts * CI: harden Windows release-check launcher * Windows: harden task fallback and runner overrides * Release checks: preserve Windows PATH and baseline version reads * CI: add release validation live lanes * CI: expand live and e2e release coverage * CI: add branch dispatch for live and e2e checks
2026-05-06 14:50:45 +00:00 · 2026-04-16 19:58:19 +02:00
parent 687ede50a5
commit 900e291f31
17 changed files with 5457 additions and 206 deletions
--- a/scripts/install.ps1
+++ b/scripts/install.ps1
@@ -29,7 +29,7 @@ function Write-Host {
        "error" { "$ERROR✗$NC $Message" }
        default { "$MUTED·$NC $Message" }
    }
-    Microsoft.PowerShell.Host\Write-Host $msg
+    Microsoft.PowerShell.Utility\Write-Host $msg
 }

 function Write-Banner {
@@ -199,6 +199,76 @@ function Ensure-Git {
    return Install-Git
 }

+function Read-TrimmedFileText {
+    param([string]$Path)
+
+    if (!(Test-Path -LiteralPath $Path)) {
+        return ""
+    }
+
+    return ((Get-Content -LiteralPath $Path -Raw) -replace "(\r?\n)+$", "")
+}
+
+function ConvertTo-PowerShellSingleQuotedLiteral {
+    param([string]$Value)
+
+    return "'" + ($Value -replace "'", "''") + "'"
+}
+
+function Invoke-NativeCommandCapture {
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$FilePath,
+        [string[]]$Arguments = @()
+    )
+
+    $stdoutPath = [System.IO.Path]::GetTempFileName()
+    $stderrPath = [System.IO.Path]::GetTempFileName()
+
+    try {
+        $startFilePath = $FilePath
+        $startArguments = $Arguments
+
+        if ($FilePath -match '(?i)\.(cmd|bat)$') {
+            # Start-Process cannot directly redirect stdio for command shims like
+            # npm.cmd. Run them inside a nested PowerShell so the shim executes
+            # normally while stdout/stderr still flow back to these temp files.
+            $commandParts = @(
+                ConvertTo-PowerShellSingleQuotedLiteral -Value $FilePath
+            )
+            foreach ($argument in $Arguments) {
+                $commandParts += ConvertTo-PowerShellSingleQuotedLiteral -Value $argument
+            }
+            $commandScript = "& " + ($commandParts -join " ") + "`nexit `$LASTEXITCODE"
+            $startFilePath = "powershell.exe"
+            $startArguments = @(
+                "-NoLogo",
+                "-NoProfile",
+                "-NonInteractive",
+                "-ExecutionPolicy",
+                "Bypass",
+                "-Command",
+                $commandScript
+            )
+        }
+
+        $process = Start-Process -FilePath $startFilePath `
+            -ArgumentList $startArguments `
+            -Wait `
+            -PassThru `
+            -RedirectStandardOutput $stdoutPath `
+            -RedirectStandardError $stderrPath
+
+        return @{
+            ExitCode = $process.ExitCode
+            Stdout = Read-TrimmedFileText -Path $stdoutPath
+            Stderr = Read-TrimmedFileText -Path $stderrPath
+        }
+    } finally {
+        Remove-Item -LiteralPath $stdoutPath, $stderrPath -Force -ErrorAction SilentlyContinue
+    }
+}
+
 function Install-OpenClawNpm {
    param([string]$Target = "latest")

@@ -207,8 +277,25 @@ function Install-OpenClawNpm {
    Write-Host "Installing OpenClaw ($installSpec)..." -Level info
    
    try {
-        # Use -ExecutionPolicy Bypass to handle restricted execution policy
-        npm install -g $installSpec --no-fund --no-audit 2>&1
+        # Run npm out-of-process so warning chatter on stderr does not get
+        # promoted into a terminating PowerShell error while the install succeeds.
+        $installResult = Invoke-NativeCommandCapture -FilePath "npm.cmd" -Arguments @(
+            "install",
+            "-g",
+            $installSpec,
+            "--no-fund",
+            "--no-audit"
+        )
+        if ($installResult.Stdout) {
+            Microsoft.PowerShell.Utility\Write-Output $installResult.Stdout
+        }
+        if ($installResult.Stderr) {
+            Microsoft.PowerShell.Utility\Write-Output $installResult.Stderr
+        }
+        if ($installResult.ExitCode -ne 0) {
+            Write-Host "npm install failed with exit code $($installResult.ExitCode)" -Level error
+            return $false
+        }
        Write-Host "OpenClaw installed" -Level success
        return $true
    } catch {
@@ -341,8 +428,13 @@ function Main {
    
    # Try to add npm global bin to PATH
    try {
-        $npmPrefix = npm config get prefix 2>$null
-        if ($npmPrefix) {
+        $prefixResult = Invoke-NativeCommandCapture -FilePath "npm.cmd" -Arguments @(
+            "config",
+            "get",
+            "prefix"
+        )
+        $npmPrefix = $prefixResult.Stdout
+        if ($prefixResult.ExitCode -eq 0 -and $npmPrefix) {
            Add-ToPath -Path "$npmPrefix"
        }
    } catch { }