


















@@ -104,6 +104,7 @@ function createEnv(
104104OPENCLAW_GATEWAY_TOKEN: "test-token",
105105OPENCLAW_CONFIG_DIR: join(sandbox.rootDir, "config"),
106106OPENCLAW_WORKSPACE_DIR: join(sandbox.rootDir, "openclaw"),
107+OPENCLAW_AUTH_PROFILE_SECRET_DIR: join(sandbox.rootDir, "auth-profile-secrets"),
107108};
108109109110for (const [key, value] of Object.entries(overrides)) {
@@ -258,11 +259,17 @@ describe("scripts/docker/setup.sh", () => {
258259expect(envFile).toContain("OPENCLAW_EXTRA_MOUNTS=");
259260expect(envFile).toContain("OPENCLAW_HOME_VOLUME=openclaw-home"); // pragma: allowlist secret
260261expect(envFile).toContain("OPENCLAW_DISABLE_BONJOUR=");
262+expect(envFile).toContain(
263+`OPENCLAW_AUTH_PROFILE_SECRET_DIR=${join(activeSandbox.rootDir, "auth-profile-secrets")}`,
264+);
261265const extraCompose = await readFile(
262266join(activeSandbox.rootDir, "docker-compose.extra.yml"),
263267"utf8",
264268);
265269expect(extraCompose).toContain("openclaw-home:/home/node");
270+expect(extraCompose).toContain(
271+`${join(activeSandbox.rootDir, "auth-profile-secrets")}:/home/node/.config/openclaw`,
272+);
266273expect(extraCompose).toContain("volumes:");
267274expect(extraCompose).toContain("openclaw-home:");
268275const log = await readDockerLog(activeSandbox);
@@ -383,6 +390,27 @@ describe("scripts/docker/setup.sh", () => {
383390expect(log).toContain("run --rm --no-deps --user root --entrypoint sh openclaw-gateway -c");
384391});
385392393+it("precreates auth profile secret key dir outside the mounted state dir", async () => {
394+const activeSandbox = requireSandbox(sandbox);
395+const configDir = join(activeSandbox.rootDir, "config-auth-profile-key");
396+const workspaceDir = join(activeSandbox.rootDir, "workspace-auth-profile-key");
397+const secretDir = join(activeSandbox.rootDir, "auth-profile-secret-key");
398+399+const result = runDockerSetup(activeSandbox, {
400+OPENCLAW_CONFIG_DIR: configDir,
401+OPENCLAW_WORKSPACE_DIR: workspaceDir,
402+OPENCLAW_AUTH_PROFILE_SECRET_DIR: secretDir,
403+});
404+405+expect(result.status).toBe(0);
406+const secretDirStat = await stat(secretDir);
407+expect(secretDirStat.isDirectory()).toBe(true);
408+expect(secretDir.startsWith(`${configDir}/`)).toBe(false);
409+410+const log = await readDockerLog(activeSandbox);
411+expect(log).toContain("find /home/node/.config/openclaw -xdev");
412+});
413+386414it("reuses existing config token when OPENCLAW_GATEWAY_TOKEN is unset", async () => {
387415const activeSandbox = requireSandbox(sandbox);
388416const { result, envFile } = await runDockerSetupWithUnsetGatewayToken(
@@ -645,6 +673,15 @@ describe("scripts/docker/setup.sh", () => {
645673);
646674});
647675676+it("keeps docker-compose auth profile secret key source durable outside state", async () => {
677+const compose = await readFile(join(repoRoot, "docker-compose.yml"), "utf8");
678+expect(
679+compose.split(
680+"${OPENCLAW_AUTH_PROFILE_SECRET_DIR:-${HOME:-/tmp}/.openclaw-auth-profile-secrets}:/home/node/.config/openclaw",
681+),
682+).toHaveLength(3);
683+});
684+648685it("keeps docker-compose optional env files aligned across services", async () => {
649686const compose = await readFile(join(repoRoot, "docker-compose.yml"), "utf8");
650687expect(compose.match(/env_file:\n {6}- path: \.env\n {8}required: false/g)).toHaveLength(2);
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。