ci(release): allow direct publish recovery · openclaw/openclaw@50b7a2f

Recent Commits to openclaw:main

steipete · 2026-05-31 · via Recent Commits to openclaw:main

Original file line number	Diff line number	Diff line change
`@@ -429,12 +429,13 @@ jobs:`
`429`	`429`	`echo "Direct OpenClaw npm publish; relying on this workflow's npm-release environment approval."`
`430`	`430`	`exit 0`
`431`	`431`	`fi`
	`432`	`+ direct_recovery=false`
`432`	`433`	`if [[ "${GITHUB_ACTOR}" != "github-actions[bot]" ]]; then`
`433`		`- echo "OpenClaw npm publish must be dispatched by the OpenClaw Release Publish workflow, not directly by ${GITHUB_ACTOR}." >&2`
`434`		`- exit 1`
	`434`	`+ direct_recovery=true`
	`435`	`+ echo "Direct OpenClaw npm recovery with release_publish_run_id; relying on this workflow's npm-release environment approval."`
`435`	`436`	`fi`
`436`	`437`	`RUN_JSON="$(gh run view "$RELEASE_PUBLISH_RUN_ID" --repo "$GITHUB_REPOSITORY" --json workflowName,headBranch,event,status,conclusion,url)"`
`437`		- printf '%s' "$RUN_JSON" \| node -e 'const fs = require("node:fs"); const run = JSON.parse(fs.readFileSync(0, "utf8")); const checks = [["workflowName", "OpenClaw Release Publish"], ["headBranch", process.env.EXPECTED_WORKFLOW_BRANCH], ["event", "workflow_dispatch"]]; for (const [key, expected] of checks) { if (run[key] !== expected) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must have ${key}=${expected}, got ${run[key] ?? "<missing>"}.`); process.exit(1); } } if (run.status !== "in_progress") { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must still be in_progress, got ${run.status ?? "<missing>"}.`); process.exit(1); } if (run.conclusion) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} already concluded ${run.conclusion}.`); process.exit(1); } console.log(`Using release publish approval run ${process.env.RELEASE_PUBLISH_RUN_ID}: ${run.url}`);'
	`438`	`+ printf '%s' "$RUN_JSON" \| DIRECT_RELEASE_RECOVERY="${direct_recovery}" node scripts/validate-release-publish-approval.mjs`
`438`	`439`
`439`	`440`	`publish_openclaw_npm:`
`440`	`441`	`# KEEP THE REAL RELEASE/PUBLISH PATH ON A GITHUB-HOSTED RUNNER.`

Original file line number	Diff line number	Diff line change
`@@ -222,12 +222,13 @@ jobs:`
`222`	`222`	`echo "Direct Plugin ClawHub Release dispatch; relying on this workflow's clawhub-plugin-release environment approval."`
`223`	`223`	`exit 0`
`224`	`224`	`fi`
	`225`	`+ direct_recovery=false`
`225`	`226`	`if [[ "${GITHUB_ACTOR}" != "github-actions[bot]" ]]; then`
`226`		`- echo "Plugin ClawHub publish must be dispatched by the OpenClaw Release Publish workflow, not directly by ${GITHUB_ACTOR}." >&2`
`227`		`- exit 1`
	`227`	`+ direct_recovery=true`
	`228`	`+ echo "Direct Plugin ClawHub Release recovery with release_publish_run_id; relying on this workflow's clawhub-plugin-release environment approval."`
`228`	`229`	`fi`
`229`	`230`	`RUN_JSON="$(gh run view "$RELEASE_PUBLISH_RUN_ID" --repo "$GITHUB_REPOSITORY" --json workflowName,headBranch,event,status,conclusion,url)"`
`230`		- printf '%s' "$RUN_JSON" \| node -e 'const fs = require("node:fs"); const run = JSON.parse(fs.readFileSync(0, "utf8")); const checks = [["workflowName", "OpenClaw Release Publish"], ["headBranch", process.env.EXPECTED_WORKFLOW_BRANCH], ["event", "workflow_dispatch"]]; for (const [key, expected] of checks) { if (run[key] !== expected) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must have ${key}=${expected}, got ${run[key] ?? "<missing>"}.`); process.exit(1); } } if (run.status !== "in_progress") { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must still be in_progress, got ${run.status ?? "<missing>"}.`); process.exit(1); } if (run.conclusion) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} already concluded ${run.conclusion}.`); process.exit(1); } console.log(`Using release publish approval run ${process.env.RELEASE_PUBLISH_RUN_ID}: ${run.url}`);'
	`231`	`+ printf '%s' "$RUN_JSON" \| DIRECT_RELEASE_RECOVERY="${direct_recovery}" node scripts/validate-release-publish-approval.mjs`
`231`	`232`
`232`	`233`	`preview_plugin_pack:`
`233`	`234`	`needs: preview_plugins_clawhub`

Original file line number	Diff line number	Diff line change
`@@ -199,12 +199,13 @@ jobs:`
`199`	`199`	`echo "Direct Plugin NPM Release dispatch; relying on this workflow's npm-release environment approval."`
`200`	`200`	`exit 0`
`201`	`201`	`fi`
	`202`	`+ direct_recovery=false`
`202`	`203`	`if [[ "${GITHUB_ACTOR}" != "github-actions[bot]" ]]; then`
`203`		`- echo "Plugin npm publish must be dispatched by the OpenClaw Release Publish workflow, not directly by ${GITHUB_ACTOR}." >&2`
`204`		`- exit 1`
	`204`	`+ direct_recovery=true`
	`205`	`+ echo "Direct Plugin NPM Release recovery with release_publish_run_id; relying on this workflow's npm-release environment approval."`
`205`	`206`	`fi`
`206`	`207`	`RUN_JSON="$(gh run view "$RELEASE_PUBLISH_RUN_ID" --repo "$GITHUB_REPOSITORY" --json workflowName,headBranch,event,status,conclusion,url)"`
`207`		- printf '%s' "$RUN_JSON" \| node -e 'const fs = require("node:fs"); const run = JSON.parse(fs.readFileSync(0, "utf8")); const checks = [["workflowName", "OpenClaw Release Publish"], ["headBranch", process.env.EXPECTED_WORKFLOW_BRANCH], ["event", "workflow_dispatch"]]; for (const [key, expected] of checks) { if (run[key] !== expected) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must have ${key}=${expected}, got ${run[key] ?? "<missing>"}.`); process.exit(1); } } if (run.status !== "in_progress") { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} must still be in_progress, got ${run.status ?? "<missing>"}.`); process.exit(1); } if (run.conclusion) { console.error(`Referenced release publish run ${process.env.RELEASE_PUBLISH_RUN_ID} already concluded ${run.conclusion}.`); process.exit(1); } console.log(`Using release publish approval run ${process.env.RELEASE_PUBLISH_RUN_ID}: ${run.url}`);'
	`208`	`+ printf '%s' "$RUN_JSON" \| DIRECT_RELEASE_RECOVERY="${direct_recovery}" node scripts/validate-release-publish-approval.mjs`
`208`	`209`
`209`	`210`	`preview_plugin_pack:`
`210`	`211`	`needs: preview_plugins_npm`

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,57 @@`
	`1`	`+#!/usr/bin/env node`
	`2`	`+import fs from "node:fs";`
	`3`	`+`
	`4`	`+const run = JSON.parse(fs.readFileSync(0, "utf8"));`
	`5`	`+`
	`6`	`+const releasePublishRunId = process.env.RELEASE_PUBLISH_RUN_ID ?? "";`
	`7`	`+const expectedBranch = process.env.EXPECTED_WORKFLOW_BRANCH ?? "";`
	`8`	`+const directRecovery = process.env.DIRECT_RELEASE_RECOVERY === "true";`
	`9`	`+`
	`10`	`+const checks = [`
	`11`	`+["workflowName", "OpenClaw Release Publish"],`
	`12`	`+["headBranch", expectedBranch],`
	`13`	`+["event", "workflow_dispatch"],`
	`14`	`+];`
	`15`	`+`
	`16`	`+for (const [key, expected] of checks) {`
	`17`	`+if (run[key] !== expected) {`
	`18`	`+console.error(`
	`19`	+`Referenced release publish run ${releasePublishRunId} must have ${key}=${expected}, got ${run[key] ?? "<missing>"}.`,
	`20`	`+);`
	`21`	`+process.exit(1);`
	`22`	`+}`
	`23`	`+}`
	`24`	`+`
	`25`	`+if (!directRecovery) {`
	`26`	`+if (run.status !== "in_progress") {`
	`27`	`+console.error(`
	`28`	+`Referenced release publish run ${releasePublishRunId} must still be in_progress, got ${run.status ?? "<missing>"}.`,
	`29`	`+);`
	`30`	`+process.exit(1);`
	`31`	`+}`
	`32`	`+if (run.conclusion) {`
	`33`	`+console.error(`
	`34`	+`Referenced release publish run ${releasePublishRunId} already concluded ${run.conclusion}.`,
	`35`	`+);`
	`36`	`+process.exit(1);`
	`37`	`+}`
	`38`	+console.log(`Using release publish approval run ${releasePublishRunId}: ${run.url}`);
	`39`	`+process.exit(0);`
	`40`	`+}`
	`41`	`+`
	`42`	`+if (run.status === "in_progress" && !run.conclusion) {`
	`43`	+console.log(`Using active release publish run ${releasePublishRunId}: ${run.url}`);
	`44`	`+process.exit(0);`
	`45`	`+}`
	`46`	`+`
	`47`	`+if (run.status === "completed" && ["success", "failure"].includes(run.conclusion)) {`
	`48`	`+console.log(`
	`49`	+`Using completed release publish run ${releasePublishRunId} (${run.conclusion}) for direct recovery: ${run.url}`,
	`50`	`+);`
	`51`	`+process.exit(0);`
	`52`	`+}`
	`53`	`+`
	`54`	`+console.error(`
	`55`	+`Direct release recovery run ${releasePublishRunId} must be in_progress or completed with success/failure, got status=${run.status ?? "<missing>"} conclusion=${run.conclusion ?? "<missing>"}.`,
	`56`	`+);`
	`57`	`+process.exit(1);`

Original file line number	Diff line number	Diff line change
`@@ -1365,6 +1365,7 @@ describe("package artifact reuse", () => {`
`1365`	`1365`	`const clawHubWorkflow = readFileSync(".github/workflows/plugin-clawhub-release.yml", "utf8");`
`1366`	`1366`	`const pluginNpmWorkflow = readFileSync(".github/workflows/plugin-npm-release.yml", "utf8");`
`1367`	`1367`	`const openclawNpmWorkflow = readFileSync(".github/workflows/openclaw-npm-release.yml", "utf8");`
	`1368`	`+const approvalScript = readFileSync("scripts/validate-release-publish-approval.mjs", "utf8");`
`1368`	`1369`
`1369`	`1370`	`expect(packageJson.scripts?.["release:verify-beta"]).toBe(`
`1370`	`1371`	`"node --import tsx scripts/release-verify-beta.ts",`
`@@ -1422,9 +1423,14 @@ describe("package artifact reuse", () => {`
`1422`	`1423`	`expect(pluginNpmWorkflow).toContain('GITHUB_ACTOR}" != "github-actions[bot]"');`
`1423`	`1424`	`expect(clawHubWorkflow).toContain('GITHUB_ACTOR}" != "github-actions[bot]"');`
`1424`	`1425`	`expect(openclawNpmWorkflow).toContain('GITHUB_ACTOR}" != "github-actions[bot]"');`
`1425`		`-expect(pluginNpmWorkflow).toContain("must still be in_progress");`
`1426`		`-expect(clawHubWorkflow).toContain("must still be in_progress");`
`1427`		`-expect(openclawNpmWorkflow).toContain("must still be in_progress");`
	`1426`	`+expect(pluginNpmWorkflow).toContain("Direct Plugin NPM Release recovery");`
	`1427`	`+expect(clawHubWorkflow).toContain("Direct Plugin ClawHub Release recovery");`
	`1428`	`+expect(openclawNpmWorkflow).toContain("Direct OpenClaw npm recovery");`
	`1429`	`+expect(pluginNpmWorkflow).toContain("validate-release-publish-approval.mjs");`
	`1430`	`+expect(clawHubWorkflow).toContain("validate-release-publish-approval.mjs");`
	`1431`	`+expect(openclawNpmWorkflow).toContain("validate-release-publish-approval.mjs");`
	`1432`	`+expect(approvalScript).toContain("must still be in_progress");`
	`1433`	`+expect(approvalScript).toContain("completed with success/failure");`
`1428`	`1434`	`expect(pluginNpmWorkflow).toContain("environment: npm-release");`
`1429`	`1435`	`expect(clawHubWorkflow).toContain("environment: clawhub-plugin-release");`
`1430`	`1436`	`expect(openclawNpmWorkflow).toContain("environment: npm-release");`

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。

推荐订阅源

Recent Commits to openclaw:main