Skip to content

Commit a3f6f24

Browse files
vincentkocvincentkoc
committed
ci: gate slack live qa credentials
1 parent 2d849bb commit a3f6f24

3 files changed

Lines changed: 23 additions & 4 deletions

File tree

.github/workflows/openclaw-release-checks.yml

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -208,12 +208,19 @@ jobs:
208208
RELEASE_PROFILE_INPUT: ${{ inputs.release_profile }}
209209
RELEASE_RERUN_GROUP_INPUT: ${{ inputs.rerun_group }}
210210
RELEASE_LIVE_SUITE_FILTER_INPUT: ${{ inputs.live_suite_filter }}
211+
RELEASE_QA_SLACK_LIVE_CI_ENABLED: ${{ vars.OPENCLAW_QA_SLACK_LIVE_CI_ENABLED || 'false' }}
211212
RELEASE_PACKAGE_ACCEPTANCE_PACKAGE_SPEC_INPUT: ${{ inputs.package_acceptance_package_spec }}
212213
run: |
213214
set -euo pipefail
214215
qa_live_matrix_enabled=true
215216
qa_live_telegram_enabled=true
216-
qa_live_slack_enabled=true
217+
qa_live_slack_enabled=false
218+
qa_live_slack_ci_enabled="$(printf '%s' "$RELEASE_QA_SLACK_LIVE_CI_ENABLED" | tr '[:upper:]' '[:lower:]')"
219+
if [[ "$qa_live_slack_ci_enabled" != "true" && "$qa_live_slack_ci_enabled" != "1" && "$qa_live_slack_ci_enabled" != "yes" ]]; then
220+
qa_live_slack_ci_enabled=false
221+
else
222+
qa_live_slack_ci_enabled=true
223+
fi
217224
218225
filter="$(printf '%s' "$RELEASE_LIVE_SUITE_FILTER_INPUT" | tr '[:upper:]' '[:lower:]')"
219226
if [[ -n "${filter// }" ]]; then
@@ -233,7 +240,6 @@ jobs:
233240
qa_filter_seen=true
234241
matrix_selected=true
235242
telegram_selected=true
236-
slack_selected=true
237243
;;
238244
qa-live-non-slack|qa-non-slack|non-slack|no-slack|without-slack)
239245
qa_filter_seen=true
@@ -250,7 +256,7 @@ jobs:
250256
;;
251257
qa-live-slack|qa-slack|slack)
252258
qa_filter_seen=true
253-
slack_selected=true
259+
slack_selected="$qa_live_slack_ci_enabled"
254260
;;
255261
esac
256262
done
@@ -883,7 +889,7 @@ jobs:
883889
qa_live_slack_release_checks:
884890
name: Run QA Lab live Slack lane
885891
needs: [resolve_target]
886-
if: contains(fromJSON('["all","qa","qa-live"]'), needs.resolve_target.outputs.rerun_group) && needs.resolve_target.outputs.qa_live_slack_enabled == 'true'
892+
if: contains(fromJSON('["all","qa","qa-live"]'), needs.resolve_target.outputs.rerun_group) && needs.resolve_target.outputs.qa_live_slack_enabled == 'true' && vars.OPENCLAW_QA_SLACK_LIVE_CI_ENABLED == 'true'
887893
runs-on: blacksmith-8vcpu-ubuntu-2404
888894
timeout-minutes: 60
889895
permissions:

.github/workflows/qa-live-transports-convex.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -562,6 +562,7 @@ jobs:
562562
run_live_slack:
563563
name: Run Slack live QA lane with Convex leases
564564
needs: [authorize_actor, validate_selected_ref]
565+
if: vars.OPENCLAW_QA_SLACK_LIVE_CI_ENABLED == 'true'
565566
runs-on: blacksmith-8vcpu-ubuntu-2404
566567
timeout-minutes: 60
567568
environment: qa-live-shared

test/scripts/package-acceptance-workflow.test.ts

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -575,6 +575,18 @@ describe("package artifact reuse", () => {
575575
);
576576
});
577577

578+
it("keeps Slack live QA disabled in CI until credentials are provisioned", () => {
579+
const releaseWorkflow = readFileSync(RELEASE_CHECKS_WORKFLOW, "utf8");
580+
const qaWorkflow = readFileSync(QA_LIVE_TRANSPORTS_WORKFLOW, "utf8");
581+
582+
expect(releaseWorkflow).toContain("qa_live_slack_enabled=false");
583+
expect(releaseWorkflow).toContain(
584+
"RELEASE_QA_SLACK_LIVE_CI_ENABLED: ${{ vars.OPENCLAW_QA_SLACK_LIVE_CI_ENABLED || 'false' }}",
585+
);
586+
expect(releaseWorkflow).toContain("vars.OPENCLAW_QA_SLACK_LIVE_CI_ENABLED == 'true'");
587+
expect(qaWorkflow).toContain("if: vars.OPENCLAW_QA_SLACK_LIVE_CI_ENABLED == 'true'");
588+
});
589+
578590
it("names package acceptance Telegram as artifact-backed package validation", () => {
579591
const workflow = readFileSync(PACKAGE_ACCEPTANCE_WORKFLOW, "utf8");
580592

0 commit comments

Comments
 (0)