vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 16:30:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
33,155 Commits 1,843 Branches 149 Tags
v2026.4.20-beta.1
Commit Graph

472 Commits

Author SHA1 Message Date
Peter Steinberger
f14e91b39f test: add bundled channel dependency Docker smoke 2026-04-21 08:26:23 +01:00
Peter Steinberger
b485ee7e36 docs: support release branch workflow 2026-04-21 05:33:21 +01:00
Peter Steinberger
5c85624eeb Revert "ci: use Blacksmith checkout cache" 
This reverts commit 43734b1dbd.
 2026-04-21 03:21:48 +01:00
Peter Steinberger
43734b1dbd ci: use Blacksmith checkout cache 2026-04-21 03:09:13 +01:00
Peter Steinberger
5ab26a8774 ci: extend checkout fetch timeout 2026-04-21 02:05:26 +01:00
Peter Steinberger
bcd232467f ci: remove channel contract heartbeat 2026-04-21 00:53:50 +01:00
Peter Steinberger
27c52f8062 ci: keep channel contract shards alive 2026-04-20 22:42:57 +01:00
Peter Steinberger
40db9734c4 ci: start windows checks earlier 2026-04-20 21:39:47 +01:00
Peter Steinberger
f5305afcfb test: speed changed lanes and channel contracts 2026-04-20 20:53:38 +01:00
dependabot[bot]
fb74a7f0a4 build(deps): bump actions/checkout from 4 to 6 (#61768) 
Bump actions/checkout from 4 to 6.\n\nThanks @dependabot.
 2026-04-20 20:22:08 +01:00
Peter Steinberger
0c75b9ce00 ci: speed up fast security checks 2026-04-20 18:47:02 +01:00
Peter Steinberger
8b05743df2 ci(windows): normalize node path for bash 2026-04-20 18:22:19 +01:00
Peter Steinberger
b225d31179 ci: split remaining slow CI lanes 2026-04-20 17:29:11 +01:00
Peter Steinberger
eb4a9f2a2a ci: reduce high-core runner fanout 2026-04-20 16:52:13 +01:00
Peter Steinberger
c597db3fb8 ci: target high-core Blacksmith lanes 2026-04-20 16:38:07 +01:00
Peter Steinberger
21fbe416d4 ci: fix Windows node path capture 2026-04-20 16:29:48 +01:00
Peter Steinberger
2b65a5f0ac ci: use faster Blacksmith runners 2026-04-20 16:23:16 +01:00
Peter Steinberger
24644e3c27 ci: remove sticky disk cache plumbing 2026-04-20 16:03:55 +01:00
Peter Steinberger
3ecb713b00 perf: speed local checks and warm builds 2026-04-20 15:08:41 +01:00
Peter Steinberger
91d31197be ci: run architecture check before release 2026-04-20 13:24:49 +01:00
Peter Steinberger
8bfa06e992 refactor: enforce plugin-owned channel boundaries 2026-04-18 22:48:27 +01:00
Vincent Koc
e85e6bc4fb perf(ci): reuse macos swift build outputs 2026-04-18 07:18:21 -07:00
Vincent Koc
6d55fa19db fix(ci): inline fast checkout bootstrap 2026-04-18 06:49:08 -07:00
Vincent Koc
552c0f22a6 refactor(ci): extract fast checkout action 2026-04-18 06:41:22 -07:00
Vincent Koc
dd618aa545 perf(ci): split protocol check from contracts lane 2026-04-18 06:36:44 -07:00
Vincent Koc
de4429ceb3 perf(ci): fan out additional checks 2026-04-18 06:28:50 -07:00
Vincent Koc
334f0a4de2 fix(ci): harden checkout on hot linux lanes 2026-04-18 06:27:27 -07:00
Viz
c778562379 ci(security): harden workflow steps against template-injection (#68431) 
zizmor v1.24.1 reports 8 template-injection findings across three workflow files where GitHub Actions ${{ ... }} expressions are interpolated directly into shell run: blocks. Applies the canonical fix pattern: hoist every dynamic value into a step-level env: block and reference it as a shell variable ("${VAR}") from the script.

Files changed:

- control-ui-locale-refresh.yml: move matrix.locale into env as LOCALE (1 site)

- docker-release.yml: hoist steps.tags.outputs.{value,slim} plus the four needs.build-{amd64,arm64}.outputs.{digest,slim-digest} values into env for both manifest-creation steps (6 sites)

- openclaw-npm-release.yml: hoist steps.publish_tarball.outputs.path into env as PUBLISH_TARBALL_PATH in the Publish step (1 site)

Verified locally with zizmor --persona regular on the three files: 'No findings to report. Good job!'. pnpm format:check and pnpm lint pass.

Refs #68428. Complements #66884, which covers the remaining 12 sites in openclaw-cross-os-release-checks-reusable.yml.
 2026-04-18 02:04:55 -04:00
Onur
361750775d CI: stabilize live release lanes (#67838) 
* CI: stabilize live release lanes

* CI: widen codex live exclusions

* Gateway: stop live config/auth lazy re-imports

* CI: mount writable live Docker homes

* Live: tighten retry and provider filter overrides

* CI: use API-key auth for codex live lanes

* CI: fix remaining live lanes

* CI: stop forwarding live OpenAI base URLs

* Gateway: fix live startup loader regression

* CI: stop expanding OpenAI keys in live Docker lanes

* CI: stop expanding installer secrets in Docker

* CI: tighten live secret boundaries

* Gateway: pin Codex harness base URL

* CI: fix reusable workflow runner label

* CI: avoid template expansion in live ref guard

* CI: tighten live trust gate

* Gateway: ignore empty Codex harness base URL

* CI: stabilize remaining live lanes

* CI: harden live retries and canvas auth test

* CI: extend cron live probe budget

* CI: keep codex harness lane on api-key auth

* CI: stage live Docker OpenAI auth via env files

* CI: bootstrap codex login for Docker API-key lanes

* CI: accept hosted-runner codex fallback responses

* CI: accept additional codex sandbox fallback text

* CI: accept hosted-runner live fallback variants

* CI: accept codex current-model fallback

* CI: broaden codex sandbox model fallbacks

* CI: cover extra codex sandbox wording

* CI: extend cli backend cron retry budget

* CI: match codex models fallbacks by predicate

* CI: accept configured-models live fallback

* CI: relax OpenAI websocket warmup timeout

* CI: accept extra codex model fallback wording

* CI: generalize codex model fallback matching

* CI: retry cron verify cancellation wording

* CI: accept interactive codex model entrypoint fallback

* Agents: stabilize Claude bundle skill command test

* CI: prestage live Docker auth homes

* Tests: accept current Codex models wording

* CI: stabilize remaining live lanes

* Tests: widen CLI backend live timeout

* Tests: accept current Codex model summary wording

* CI: disable codex-cli image probe in Docker lane

* Tests: respect CLI override for Codex Docker login

* Tests: accept current Codex session models header

* CI: stabilize remaining live validation lanes

* CI: preserve Gemini ACP coverage in auth fallback

* CI: fix final live validation blockers

* CI: restore Codex auth for CLI backend lane

* CI: drop local Codex config in live Docker lane

* Tests: tolerate Codex cron and model reply drift

* Tests: accept current Codex live replies

* Tests: retry more Codex cron retry wording

* Tests: accept environment-cancelled Codex cron retries

* Tests: retry blank Codex cron probe replies

* Tests: broaden Codex cron retry wording

* Tests: require explicit Codex cron retry replies

* Tests: accept current Codex models environment wording

* CI: restore trusted Codex config in live lane

* CI: bypass nested Codex sandbox in docker

* CI: instrument live codex cron lane

* CI: forward live CLI resume args

* Tests: accept interactive Codex model selection

* Tests: bound websocket warm-up live lane

* CI: close live lane review gaps

* Tests: lazy-load gateway live server

* Tests: avoid gateway live loader regression

* CI: scope reusable workflow secrets

* Tests: tighten codex models live assertion

* Tests: normalize OpenAI speech live text
 2026-04-18 03:18:12 +02:00
Peter Steinberger
0ee5baf6c5 ci: retry failed custom checkouts 2026-04-17 07:20:51 +01:00
Onur
51606e9889 CI: fix release-check caller permissions (#67787) 
* CI: fix release-check caller permissions

* CI: fix scheduled live and e2e checks

* CI: tighten release workflow permissions

* CI: restore release workflow caller permissions

* Actions: harden release check inputs
 2026-04-16 21:41:21 +02:00
Vincent Koc
781b1de921 fix(ci): cap core shard checkout stalls 2026-04-16 12:35:38 -07:00
Peter Steinberger
29427fefc7 ci: make mlx audio manifest patch writable 2026-04-16 20:12:18 +01:00
Vincent Koc
c2db918c60 fix(ci): silence mlx-audio-swift README warnings 2026-04-16 11:27:32 -07:00
Vincent Koc
42d100c390 fix(ci): move macOS jobs to blacksmith 2026-04-16 11:18:50 -07:00
Vincent Koc
00d21d1b23 fix(ci): retry stalled core shard checkout 2026-04-16 11:04:16 -07:00
Onur
900e291f31 CI: expand native release validation coverage (#67144) 
* Actions: grant reusable release checks actions read

* Actions: use read-all for reusable release checks

* CI: add native cross-OS release checks

* CI: wire Discord smoke secrets for cross-OS checks

* CI: fix native cross-OS installer compatibility

* CI: skip empty pnpm cache saves in matrix jobs

* CI: honor workflow runner override envs

* CI: finish native cross-OS update checks

* CI: fix native cross-OS workflow regressions

* Installer: capture Windows npm stderr safely

* CI: harden cross-OS release checks

* CI: resolve reusable workflow harness ref

* CI: stabilize cross-OS dev update lanes

* CI: tighten release-check workflow semantics

* CI: repoint repaired git CLI on POSIX

* CI: repair native dev-update shell handoff

* CI: preserve real updater semantics

* CI: harden supported release-check refs

* CI: harden release-check refs and fresh mode

* CI: skip dev-update for immutable tag refs

* CI: repair fresh installer release checks

* CI: fix native release check installer lanes

* CI: install release checks from candidate artifacts

* CI: use Windows cmd shims in release checks

* Installer: run Windows npm shim via PowerShell

* CI: pin dev update verification to candidate sha

* CI: pin reusable harness and published installers

* CI: isolate Windows dev-update PATH validation

* CI: align Windows dev-update bootstrap validation

* CI: avoid Windows installer gateway flake

* CI: run cross-OS release checks via TypeScript

* CI: bootstrap tsx for release-check workflow

* CI: fix native release-check follow-ups

* CI: tighten dev-update release checks

* CI: peel annotated workflow refs

* CI: harden native release checks

* CI: fix release-check verifier drift

* CI: fix release-check workflow drift

* CI: fix release-check ref resolution

* CI: harden Windows release-check gateway startup

* CI: fix release-check fallback validation

* CI: harden cross-os release checks

* CI: pin dev-update release checks to candidate SHA

* CI: resolve remote dev target refs

* CI: detect cloned dev-update checkouts

* CI: harden Windows release-check launcher

* Windows: harden task fallback and runner overrides

* Release checks: preserve Windows PATH and baseline version reads

* CI: add release validation live lanes

* CI: expand live and e2e release coverage

* CI: add branch dispatch for live and e2e checks
 2026-04-16 19:58:19 +02:00
Mason Huang
69d25f5f16 CI: add daily schedule to CodeQL workflow (#67645) 
* CI: add weekly schedule to CodeQL workflow

* CI: add daily schedule to CodeQL workflow and pin third-party actions
 2026-04-16 21:27:45 +08:00
Mason Huang
f697b01747 CI: pin Docker-related GitHub Actions (#67632) 
* CI: pin Docker-related GitHub Actions

* CI: pin docker build-push action
 2026-04-16 19:23:03 +08:00
Mason Huang
01b7516a95 CI: add explicit permissions to all workflow jobs (fixes code-scanning #40-#57) (#67612) 2026-04-16 18:18:35 +08:00
Gustavo Madeira Santana
51b5d16faf CI: cap parity gate concurrency 2026-04-16 02:27:44 -04:00
Gustavo Madeira Santana
4ffa6218c4 CI: pin Node 22 runners to 22.18.0 2026-04-15 20:33:12 -04:00
Vincent Koc
890e299e30 fix(ci): align docker smoke cache tests and reuse built dist 2026-04-15 12:12:58 +01:00
Vincent Koc
7bb670c0bc ci: raise extension boundary compile concurrency 2026-04-15 10:52:37 +01:00
Vincent Koc
f1c2be7d32 fix(ci): slim build-artifacts dist producer 2026-04-15 00:13:01 +01:00
Onur Solmaz
06a4bf5701 Actions: add reusable cross-OS release checks workflow (#66812) 2026-04-14 23:21:37 +02:00
Vincent Koc
fdbb0fb561 fix(ci): trim dist fanout from source-only node shards 2026-04-14 20:52:18 +01:00
Onur Solmaz
27b14124d0 Release: move npm dist-tag ops private (#66660) 2026-04-14 18:18:27 +02:00
Peter Steinberger
8f0628d43b ci: use scoped npm auth for dist-tag sync 2026-04-14 15:43:24 +01:00
Peter Steinberger
c4b8d6d5ab ci: add stable npm dist-tag sync 2026-04-13 13:58:04 +01:00