vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 00:10:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
40,543 Commits 1,843 Branches 149 Tags
6d9df1f25ade50d5f75cbbb2e1aceecaef1ab7bf
Commit Graph

36 Commits

Author SHA1 Message Date
Peter Steinberger
bb294bcd20 feat: support alpha releases 2026-05-02 18:29:13 +01:00
Vincent Koc
bd51f82efa fix(security): harden CodeQL secret ref validation 
Remediate current-profile CodeQL findings for file SecretRef id validation and release workflow job permissions. Includes changelog credit. Thanks @vincentkoc.
 2026-04-27 13:53:27 -07:00
Peter Steinberger
2cd23957c0 build: use slim docker runtime 2026-04-26 22:47:48 +01:00
Peter Steinberger
b61954919c ci: verify docker release attestations 2026-04-26 22:40:44 +01:00
Peter Steinberger
824c3e2b71 ci: enable docker image attestations 2026-04-26 22:14:36 +01:00
Vincent Koc
dc05c93c02 chore(docker): expose diagnostics observability settings 2026-04-26 03:05:10 -07:00
dependabot[bot]
68a55cc434 build(deps): bump docker/build-push-action from 6 to 7 (#48053) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-21 21:30:47 -07:00
Viz
c778562379 ci(security): harden workflow steps against template-injection (#68431) 
zizmor v1.24.1 reports 8 template-injection findings across three workflow files where GitHub Actions ${{ ... }} expressions are interpolated directly into shell run: blocks. Applies the canonical fix pattern: hoist every dynamic value into a step-level env: block and reference it as a shell variable ("${VAR}") from the script.

Files changed:

- control-ui-locale-refresh.yml: move matrix.locale into env as LOCALE (1 site)

- docker-release.yml: hoist steps.tags.outputs.{value,slim} plus the four needs.build-{amd64,arm64}.outputs.{digest,slim-digest} values into env for both manifest-creation steps (6 sites)

- openclaw-npm-release.yml: hoist steps.publish_tarball.outputs.path into env as PUBLISH_TARBALL_PATH in the Publish step (1 site)

Verified locally with zizmor --persona regular on the three files: 'No findings to report. Good job!'. pnpm format:check and pnpm lint pass.

Refs #68428. Complements #66884, which covers the remaining 12 sites in openclaw-cross-os-release-checks-reusable.yml.
 2026-04-18 02:04:55 -04:00
Mason Huang
f697b01747 CI: pin Docker-related GitHub Actions (#67632) 
* CI: pin Docker-related GitHub Actions

* CI: pin docker build-push action
 2026-04-16 19:23:03 +08:00
Tak Hoffman
b04ec4bada ci: make docker release tag-driven 2026-03-26 10:47:01 -05:00
Tak Hoffman
240479abef fix(ci): stop dropping pending main workflow runs 2026-03-24 12:38:07 -05:00
Peter Steinberger
412a3eb1ac build: bump version to 2026.3.22 2026-03-22 11:58:33 -07:00
Vincent Koc
6266b842d4 ci(actions): restore audit lane and cache Docker builds (#51933) 
* ci(actions): restore secrets audit lane

* ci(actions): restore audits and cache docker builds
 2026-03-21 16:36:54 -07:00
scoootscooob
ac29edf6c3 fix(ci): update vitest configs after channel move to extensions/ (openclaw#46066) 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-14 13:23:25 -05:00
Onur
62afc4b514 ci: add manual backfill support to Docker release (#46269) 
* ci: add docker release backfill workflow

* ci: add manual backfill support to docker release

* ci: keep docker latest tags off manual backfills
 2026-03-14 16:36:20 +01:00
Onur
b5ba2101c7 ci: move Docker release to GitHub-hosted runners (#46247) 
* ci: move docker release to GitHub-hosted runners

* ci: annotate docker release runner guardrails
 2026-03-14 15:54:06 +01:00
Peter Steinberger
6a812b621d ci: modernize GitHub Actions workflow versions 2026-03-13 16:57:23 +00:00
Peter Steinberger
41718404a1 ci: opt workflows into Node 24 action runtime 2026-03-13 16:41:22 +00:00
Peter Steinberger
9f08af1f06 fix(ci): harden docker builds and unblock config docs 2026-03-12 16:45:29 +00:00
Ayaan Zaidi
93c44e3dad ci: drop gha cache from docker release (#41692) 2026-03-10 09:14:57 +05:30
Vincent Koc
6d5e142b93 Docker: improve build cache reuse (#40351) 
* Docker: improve build cache reuse

* Tests: cover Docker build cache layout

* Docker: fix sandbox cache mount continuations

* Docker: document qr-import manifest scope

* Docker: narrow e2e install inputs

* CI: cache Docker builds in workflows

* CI: route sandbox smoke through setup script

* CI: keep sandbox smoke on script path
 2026-03-08 17:57:46 -07:00
Sally O'Malley
499c1ee6e3 reduce image size, offer slim image (#38479) 
Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-07 14:26:29 -05:00
Vincent Koc
85d17fd429 CI: migrate docker release build cache to Blacksmith 2026-03-02 18:48:18 -08:00
Vincent Koc
030565b18c Docker: add OCI base-image labels and document base-image metadata (#31196) 
* Docker: add OCI base image labels

* Docs(Docker): document base image metadata context

* Changelog: note Docker base annotation docs update

* Changelog: add author credit for Docker base annotations

* Update docker.md

* Docker: add OCI source and docs labels

* CI(Docker): publish OCI revision/version labels

* Docs(Docker): list OCI image annotations

* Changelog: expand OCI annotation coverage note

* Docker: set OCI license annotation to MIT

* Docs(Docker): align OCI license annotation to MIT

* Docker: note docs sync path for OCI annotations

* Docker: normalize OCI label block indentation
 2026-03-01 19:22:44 -08:00
Ayaan Zaidi
7493f11b40 fix(ci): allow legacy patch tags to publish docker latest 2026-02-26 09:38:13 +05:30
Ayaan Zaidi
41314c691d fix(ci): gate docker latest tag to stable release format 2026-02-26 09:38:13 +05:30
Ayaan Zaidi
bf70614943 fix(ci): publish latest tag for stable docker release 2026-02-26 09:38:13 +05:30
Peter Steinberger
ce1f0c0a10 ci: move workflows to blacksmith 16vcpu runners 2026-02-19 17:25:15 +01:00
Peter Steinberger
586b1f6ee6 ci: drop docker metadata action to avoid API throttling 2026-02-19 08:44:32 +00:00
Peter Steinberger
072b16b58f ci: use git context for docker metadata extraction 2026-02-19 08:37:36 +00:00
Peter Steinberger
1e4cf489e0 fix(ci): keep main runs alive while coalescing newer pushes 2026-02-16 09:53:36 +01:00
Peter Steinberger
ada7a6289f fix(ci): dedupe docker release runs by ref 2026-02-16 09:50:37 +01:00
quotentiroler
bf308cf6a8 CI: expand Docker Release paths-ignore to skip on any markdown 2026-02-10 00:39:26 -08:00
quotentiroler
ffeed212dc ci(docker): use registry cache for persistent layer storage 2026-02-09 15:05:37 -08:00
quotentiroler
a172ff9ed2 docs: SEO and AI discoverability improvements 
- Add description to docs.json for llms.txt blockquote summary
- Add title frontmatter to 10 docs files for llms.txt link text
- ci(docker): skip builds for docs-only changes
 2026-02-09 14:20:56 -08:00
Denys Vitali
15a9c21203 Add Build & Release Docker Image workflows (#1602) 
* ci: build & release docker image

* ci: sync docker-release workflow updates

Squashes:
- ci: use correct runs-on
- ci: build images

Co-Authored-By: Claude <noreply@anthropic.com>

* Remove submodule checkout from docker-release.yml

Removed submodule checkout step from Docker release workflow.

* Simplify Docker release workflow by removing submodule checkout

Removed submodule checkout step from Docker release workflow.

---------

Co-authored-by: Claude <noreply@anthropic.com>
 2026-01-24 19:23:55 +00:00