mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-09 07:53:56 +00:00
121 lines
3.5 KiB
Bash
121 lines
3.5 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
profile_path="${1:-${RUNNER_TEMP:-/tmp}/openclaw-live.profile}"
|
|
|
|
mkdir -p "$(dirname "$profile_path")"
|
|
: >"$profile_path"
|
|
chmod 600 "$profile_path"
|
|
|
|
append_profile_env() {
|
|
local key="$1"
|
|
local value="${!key:-}"
|
|
if [[ -z "$value" || "$value" == "undefined" || "$value" == "null" ]]; then
|
|
return
|
|
fi
|
|
printf 'export %s=%q\n' "$key" "$value" >>"$profile_path"
|
|
}
|
|
|
|
write_secret_file() {
|
|
local destination="$1"
|
|
local source_env="$2"
|
|
local value="${!source_env:-}"
|
|
if [[ -z "$value" ]]; then
|
|
return
|
|
fi
|
|
mkdir -p "$(dirname "$destination")"
|
|
printf '%s' "$value" >"$destination"
|
|
chmod 600 "$destination"
|
|
}
|
|
|
|
activate_claude_oauth_access_token() {
|
|
local credentials="${OPENCLAW_CLAUDE_CREDENTIALS_JSON:-}"
|
|
if [[ -z "$credentials" ]]; then
|
|
return
|
|
fi
|
|
|
|
local access_token expires_at now_ms
|
|
local min_remaining_ms="$(( 90 * 60 * 1000 ))"
|
|
access_token="$(jq -r '.claudeAiOauth.accessToken // empty' <<<"$credentials" 2>/dev/null || true)"
|
|
expires_at="$(jq -r '.claudeAiOauth.expiresAt // 0' <<<"$credentials" 2>/dev/null || true)"
|
|
now_ms="$(( $(date +%s) * 1000 ))"
|
|
|
|
if [[ "$access_token" != sk-ant-oat* ]]; then
|
|
echo "::warning::Claude credentials JSON has no usable OAuth access token; keeping the configured Anthropic fallback." >&2
|
|
return
|
|
fi
|
|
# Stable live shards can run for an hour, so never shadow the fallback with
|
|
# a token that could expire before setup, retries, and cleanup complete.
|
|
if ! [[ "$expires_at" =~ ^[0-9]+$ ]] || (( expires_at <= now_ms + min_remaining_ms )); then
|
|
echo "::warning::Claude credentials JSON OAuth access token lacks 90 minutes of remaining life; keeping the configured Anthropic fallback." >&2
|
|
return
|
|
fi
|
|
|
|
echo "::add-mask::$access_token"
|
|
export ANTHROPIC_OAUTH_TOKEN="$access_token"
|
|
if [[ -n "${GITHUB_ENV:-}" ]]; then
|
|
printf 'ANTHROPIC_OAUTH_TOKEN=%s\n' "$access_token" >>"$GITHUB_ENV"
|
|
fi
|
|
}
|
|
|
|
activate_claude_oauth_access_token
|
|
|
|
for env_key in \
|
|
OPENAI_API_KEY \
|
|
OPENAI_BASE_URL \
|
|
ANTHROPIC_OAUTH_TOKEN \
|
|
ANTHROPIC_API_KEY \
|
|
ANTHROPIC_API_KEY_OLD \
|
|
ANTHROPIC_API_TOKEN \
|
|
BYTEPLUS_API_KEY \
|
|
CEREBRAS_API_KEY \
|
|
DEEPINFRA_API_KEY \
|
|
DASHSCOPE_API_KEY \
|
|
GROQ_API_KEY \
|
|
KIMI_API_KEY \
|
|
MODELSTUDIO_API_KEY \
|
|
MOONSHOT_API_KEY \
|
|
MISTRAL_API_KEY \
|
|
MINIMAX_API_KEY \
|
|
OPENCODE_API_KEY \
|
|
OPENCODE_ZEN_API_KEY \
|
|
OPENCLAW_LIVE_BROWSER_CDP_URL \
|
|
OPENCLAW_LIVE_SETUP_TOKEN \
|
|
OPENCLAW_LIVE_SETUP_TOKEN_MODEL \
|
|
OPENCLAW_LIVE_SETUP_TOKEN_PROFILE \
|
|
OPENCLAW_LIVE_SETUP_TOKEN_VALUE \
|
|
FACTORY_API_KEY \
|
|
GEMINI_API_KEY \
|
|
GOOGLE_API_KEY \
|
|
OPENROUTER_API_KEY \
|
|
QWEN_API_KEY \
|
|
FAL_KEY \
|
|
RUNWAY_API_KEY \
|
|
DEEPGRAM_API_KEY \
|
|
TOGETHER_API_KEY \
|
|
VYDRA_API_KEY \
|
|
XAI_API_KEY \
|
|
ZAI_API_KEY \
|
|
Z_AI_API_KEY \
|
|
BYTEPLUS_ACCESS_KEY_ID \
|
|
BYTEPLUS_SECRET_ACCESS_KEY \
|
|
CLAUDE_CODE_OAUTH_TOKEN \
|
|
FIREWORKS_API_KEY
|
|
do
|
|
append_profile_env "$env_key"
|
|
done
|
|
|
|
write_secret_file "$HOME/.codex/auth.json" OPENCLAW_CODEX_AUTH_JSON
|
|
write_secret_file "$HOME/.codex/config.toml" OPENCLAW_CODEX_CONFIG_TOML
|
|
write_secret_file "$HOME/.claude.json" OPENCLAW_CLAUDE_JSON
|
|
write_secret_file "$HOME/.claude/.credentials.json" OPENCLAW_CLAUDE_CREDENTIALS_JSON
|
|
write_secret_file "$HOME/.claude/settings.json" OPENCLAW_CLAUDE_SETTINGS_JSON
|
|
write_secret_file "$HOME/.claude/settings.local.json" OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON
|
|
write_secret_file "$HOME/.gemini/settings.json" OPENCLAW_GEMINI_SETTINGS_JSON
|
|
|
|
if [[ -n "${GITHUB_ENV:-}" ]]; then
|
|
{
|
|
echo "OPENCLAW_PROFILE_FILE=$profile_path"
|
|
} >>"$GITHUB_ENV"
|
|
fi
|