@@ -117,9 +117,9 @@ vYYYY.M.D-beta.N` from the matching `release/YYYY.M.D` branch. The helper runs
117117`OpenClaw Release Publish`, reusing the successful preflight artifact via
118118`preflight_run_id`; stable macOS release readiness also requires the
119119 packaged `.zip`, `.dmg`, `.dSYM.zip`, and updated `appcast.xml` on `main`.
120- The private macOS publish workflow publishes the signed appcast to public
121-`main` automatically after release assets verify; if branch protection blocks
122-the direct push, it opens or updates an appcast PR.
120+ The macOS publish workflow publishes the signed appcast to public `main`
121+ automatically after release assets verify; if branch protection blocks the
122+ direct push, it opens or updates an appcast PR.
12312311. After publish, run the npm post-publish verifier, optional standalone
124124 published-npm Telegram E2E when you need post-publish channel proof,
125125 dist-tag promotion when needed, verify the generated GitHub release page,
@@ -157,7 +157,7 @@ vYYYY.M.D-beta.N` from the matching `release/YYYY.M.D` branch. The helper runs
157157 published package from the rest of release validation. Provide
158158`package_acceptance_package_spec` when Package Acceptance should use a
159159 different published package from the release package spec. Provide
160-`evidence_package_spec` when the private evidence report should prove that the
160+`evidence_package_spec` when the release evidence report should prove that the
161161 validation matches a published npm package without forcing Telegram E2E.
162162 Example:
163163`gh workflow run full-release-validation.yml --ref main -f ref=release/YYYY.M.D`
@@ -285,14 +285,14 @@ Validation` or from the `main`/release workflow ref so workflow logic and
285285- stable npm releases default to `beta`
286286- stable npm publish can target `latest` explicitly via workflow input
287287- token-based npm dist-tag mutation now lives in
288-`openclaw/releases-private/.github/workflows/openclaw-npm-dist-tags.yml`
289-for security, because `npm dist-tag add` still needs `NPM_TOKEN` while the
290-public repo keeps OIDC-only publish
288+`openclaw/releases/.github/workflows/openclaw-npm-dist-tags.yml` because
289+`npm dist-tag add` still needs `NPM_TOKEN` while the source repo keeps
290+ OIDC-only publish
291291- public `macOS Release` is validation-only; when a tag lives only on a
292292 release branch but the workflow is dispatched from `main`, set
293293`public_release_branch=release/YYYY.M.D`
294-- real private mac publish must pass successful private mac
295-`preflight_run_id` and `validate_run_id`
294+- real macOS publish must pass successful macOS `preflight_run_id` and
295+`validate_run_id`
296296- the real publish paths promote prepared artifacts instead of rebuilding
297297 them again
298298- For stable correction releases like `YYYY.M.D-N`, the post-publish verifier
@@ -317,7 +317,7 @@ Validation` or from the `main`/release workflow ref so workflow logic and
317317- Stable macOS release readiness also includes the updater surfaces:
318318- the GitHub release must end up with the packaged `.zip`, `.dmg`, and `.dSYM.zip`
319319- `appcast.xml` on `main` must point at the new stable zip after publish; the
320-private macOS publish workflow commits it automatically, or opens an appcast
320+ macOS publish workflow commits it automatically, or opens an appcast
321321 PR when direct push is blocked
322322- the packaged app must keep a non-debug bundle id, a non-empty Sparkle feed
323323 URL, and a `CFBundleVersion` at or above the canonical Sparkle build floor
@@ -751,16 +751,16 @@ When cutting a stable npm release:
7517516. Run `OpenClaw Release Publish` with the same `tag`, the same `npm_dist_tag`,
752752 and the saved `preflight_run_id`; it publishes externalized plugins to npm
753753 and ClawHub before promoting the OpenClaw npm package
754-7. If the release landed on `beta`, use the private
755-`openclaw/releases-private/.github/workflows/openclaw-npm-dist-tags.yml`
754+7. If the release landed on `beta`, use the
755+`openclaw/releases/.github/workflows/openclaw-npm-dist-tags.yml`
756756 workflow to promote that stable version from `beta` to `latest`
7577578. If the release intentionally published directly to `latest` and `beta`
758- should follow the same stable build immediately, use that same private
758+ should follow the same stable build immediately, use that same release
759759 workflow to point both dist-tags at the stable version, or let its scheduled
760760 self-healing sync move `beta` later
761761762-The dist-tag mutation lives in the private repo for security because it still
763-requires `NPM_TOKEN`, while the public repo keeps OIDC-only publish.
762+The dist-tag mutation lives in the release ledger repo because it still requires
763+`NPM_TOKEN`, while the source repo keeps OIDC-only publish.
764764765765That keeps the direct publish path and the beta-first promotion path both
766766documented and operator-visible.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。