Skip to content

Commit 2a87c21

Browse files
fuller-stack-devfuller-stack-dev
authored
Merge branch 'main' into codex/codex-terminal-overflow-binding
2 parents 444d102 + 9f30af5 commit 2a87c21

6 files changed

Lines changed: 847 additions & 38 deletions

File tree

.github/workflows/dependency-guard.yml

Lines changed: 78 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,20 +14,96 @@ concurrency:
1414
cancel-in-progress: true
1515

1616
jobs:
17-
dependency-guard:
17+
dependency-guard-detect:
1818
if: ${{ !github.event.pull_request.draft }}
1919
runs-on: ubuntu-24.04
2020
timeout-minutes: 5
21+
outputs:
22+
autoscrub: ${{ steps.guard.outputs.autoscrub }}
23+
autoscrub-owner: ${{ steps.guard.outputs.autoscrub-owner }}
24+
autoscrub-repository: ${{ steps.guard.outputs.autoscrub-repository }}
25+
steps:
26+
- name: Check out trusted base workflow scripts
27+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
28+
with:
29+
ref: ${{ github.event.pull_request.base.sha }}
30+
persist-credentials: false
31+
32+
- name: Detect dependency changes
33+
id: guard
34+
env:
35+
GITHUB_TOKEN: ${{ github.token }}
36+
OPENCLAW_DEPENDENCY_GUARD_MODE: detect
37+
OPENCLAW_SECURITY_APPROVERS: vincentkoc,steipete,joshavant
38+
OPENCLAW_SECURITY_TEAM_SLUG: openclaw-secops
39+
run: node scripts/github/dependency-guard.mjs
40+
41+
dependency-guard-autoscrub:
42+
if: ${{ !github.event.pull_request.draft && needs.dependency-guard-detect.outputs.autoscrub == 'true' }}
43+
needs: dependency-guard-detect
44+
runs-on: ubuntu-24.04
45+
timeout-minutes: 5
46+
permissions:
47+
contents: read
48+
issues: write
49+
pull-requests: read
50+
steps:
51+
- name: Check out trusted base workflow scripts
52+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
53+
with:
54+
ref: ${{ github.event.pull_request.base.sha }}
55+
persist-credentials: false
56+
57+
- name: Create autoscrub app token
58+
id: app-token
59+
continue-on-error: true
60+
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
61+
with:
62+
app-id: "2729701"
63+
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
64+
owner: ${{ needs.dependency-guard-detect.outputs.autoscrub-owner }}
65+
repositories: ${{ needs.dependency-guard-detect.outputs.autoscrub-repository }}
66+
permission-contents: write
67+
68+
- name: Create fallback autoscrub app token
69+
id: app-token-fallback
70+
continue-on-error: true
71+
if: steps.app-token.outcome == 'failure'
72+
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
73+
with:
74+
app-id: "2971289"
75+
private-key: ${{ secrets.GH_APP_PRIVATE_KEY_FALLBACK }}
76+
owner: ${{ needs.dependency-guard-detect.outputs.autoscrub-owner }}
77+
repositories: ${{ needs.dependency-guard-detect.outputs.autoscrub-repository }}
78+
permission-contents: write
79+
80+
- name: Remove package lockfile changes
81+
env:
82+
GITHUB_TOKEN: ${{ github.token }}
83+
OPENCLAW_DEPENDENCY_GUARD_AUTOSCRUB_TOKEN: ${{ steps.app-token.outputs.token || steps.app-token-fallback.outputs.token }}
84+
OPENCLAW_DEPENDENCY_GUARD_MODE: autoscrub
85+
OPENCLAW_SECURITY_APPROVERS: vincentkoc,steipete,joshavant
86+
OPENCLAW_SECURITY_TEAM_SLUG: openclaw-secops
87+
run: node scripts/github/dependency-guard.mjs
88+
89+
dependency-guard:
90+
if: ${{ !github.event.pull_request.draft && always() }}
91+
needs:
92+
- dependency-guard-detect
93+
- dependency-guard-autoscrub
94+
runs-on: ubuntu-24.04
95+
timeout-minutes: 5
2196
steps:
2297
- name: Check out trusted base workflow scripts
2398
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2499
with:
25100
ref: ${{ github.event.pull_request.base.sha }}
26101
persist-credentials: false
27102

28-
- name: Label, comment, and guard dependency changes
103+
- name: Enforce dependency guard
29104
env:
30105
GITHUB_TOKEN: ${{ github.token }}
106+
OPENCLAW_DEPENDENCY_GUARD_MODE: enforce
31107
OPENCLAW_SECURITY_APPROVERS: vincentkoc,steipete,joshavant
32108
OPENCLAW_SECURITY_TEAM_SLUG: openclaw-secops
33109
run: node scripts/github/dependency-guard.mjs

scripts/e2e/lib/bundled-plugin-install-uninstall/runtime-smoke.mjs

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -420,27 +420,36 @@ export async function stopGateway(child) {
420420
}
421421
}
422422

423-
async function waitForReady(params) {
423+
export async function waitForReady(params) {
424424
const started = Date.now();
425425
let lastError = "";
426426
const readyLogSeen = createReadyLogScanner(params.logPath);
427427
while (Date.now() - started < READY_TIMEOUT_MS) {
428+
const remainingMs = Math.max(1, READY_TIMEOUT_MS - (Date.now() - started));
428429
if (hasChildExited(params.child)) {
429430
throw new Error(`gateway exited before ready\n${tailFile(params.logPath)}`);
430431
}
431432
try {
432-
const res = await fetchHttpProbeStatus(params.port, "/readyz");
433+
const res = await fetchHttpProbeStatus(params.port, "/readyz", {
434+
timeoutMs: Math.min(HTTP_PROBE_TIMEOUT_MS, remainingMs),
435+
});
433436
if (res.ok) {
434437
return;
435438
}
436439
lastError = `readyz status ${res.status}`;
437440
} catch (error) {
438441
lastError = error instanceof Error ? error.message : String(error);
439442
}
440-
if (readyLogSeen() && (await httpOk(params.port, "/healthz"))) {
443+
const healthRemainingMs = Math.max(1, READY_TIMEOUT_MS - (Date.now() - started));
444+
if (
445+
readyLogSeen() &&
446+
(await httpOk(params.port, "/healthz", {
447+
timeoutMs: Math.min(HTTP_PROBE_TIMEOUT_MS, healthRemainingMs),
448+
}))
449+
) {
441450
return;
442451
}
443-
await delay(250);
452+
await delay(Math.min(250, Math.max(1, READY_TIMEOUT_MS - (Date.now() - started))));
444453
}
445454
throw new Error(`gateway did not become ready: ${lastError}\n${tailFile(params.logPath)}`);
446455
}

0 commit comments

Comments
 (0)