ci(release): let Telegram QA wait on credential leases

2026-06-06 05:51:15 +08:00 · 2026-05-28 23:58:52 +01:00
parent 74d5aeae1a
commit 201fe25dad
5 changed files with 21 additions and 29 deletions
--- a/.github/workflows/mantis-telegram-live.yml
+++ b/.github/workflows/mantis-telegram-live.yml
@@ -261,9 +261,6 @@ jobs:
    if: ${{ needs.resolve_request.outputs.should_run == 'true' }}
    runs-on: ubuntu-24.04
    timeout-minutes: 180
-    concurrency:
-      group: openclaw-telegram-ci-credential
-      cancel-in-progress: false
    environment: qa-live-shared
    outputs:
      comparison_status: ${{ steps.run_mantis.outputs.comparison_status }}
@@ -380,6 +377,7 @@ jobs:
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
          OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
          OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
+          OPENCLAW_QA_CREDENTIAL_ACQUIRE_TIMEOUT_MS: "1800000"
          OPENCLAW_QA_REDACT_PUBLIC_METADATA: "1"
          OPENCLAW_QA_TELEGRAM_CAPTURE_CONTENT: "1"
          CRABBOX_COORDINATOR: ${{ secrets.CRABBOX_COORDINATOR }}
--- a/.github/workflows/npm-telegram-beta-e2e.yml
+++ b/.github/workflows/npm-telegram-beta-e2e.yml
@@ -111,9 +111,6 @@ jobs:
    runs-on: blacksmith-32vcpu-ubuntu-2404
    continue-on-error: ${{ inputs.advisory }}
    timeout-minutes: 60
-    concurrency:
-      group: openclaw-telegram-ci-credential
-      cancel-in-progress: false
    environment: qa-live-shared
    permissions:
      actions: read
@@ -221,6 +218,7 @@ jobs:
          OPENCLAW_NPM_TELEGRAM_CREDENTIAL_ROLE: ci
          OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
          OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
+          OPENCLAW_QA_CREDENTIAL_ACQUIRE_TIMEOUT_MS: "1800000"
          OPENCLAW_QA_REDACT_PUBLIC_METADATA: "1"
          OPENCLAW_QA_TELEGRAM_CAPTURE_CONTENT: "1"
          INPUT_SCENARIO: ${{ inputs.scenario }}
--- a/.github/workflows/openclaw-release-checks.yml
+++ b/.github/workflows/openclaw-release-checks.yml
@@ -1156,9 +1156,6 @@ jobs:
    continue-on-error: true
    runs-on: ubuntu-24.04
    timeout-minutes: 60
-    concurrency:
-      group: openclaw-telegram-ci-credential
-      cancel-in-progress: false
    permissions:
      contents: read
      pull-requests: read
@@ -1210,6 +1207,7 @@ jobs:
        env:
          OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
          OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
+          OPENCLAW_QA_CREDENTIAL_ACQUIRE_TIMEOUT_MS: "1800000"
          OPENCLAW_QA_REDACT_PUBLIC_METADATA: "1"
          OPENCLAW_QA_TELEGRAM_CAPTURE_CONTENT: "1"
        run: |
--- a/.github/workflows/qa-live-transports-convex.yml
+++ b/.github/workflows/qa-live-transports-convex.yml
@@ -482,9 +482,6 @@ jobs:
    needs: [authorize_actor, validate_selected_ref]
    runs-on: blacksmith-8vcpu-ubuntu-2404
    timeout-minutes: 60
-    concurrency:
-      group: openclaw-telegram-ci-credential
-      cancel-in-progress: false
    environment: qa-live-shared
    steps:
      - name: Checkout selected ref
@@ -533,6 +530,7 @@ jobs:
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
          OPENCLAW_QA_CONVEX_SITE_URL: ${{ secrets.OPENCLAW_QA_CONVEX_SITE_URL }}
          OPENCLAW_QA_CONVEX_SECRET_CI: ${{ secrets.OPENCLAW_QA_CONVEX_SECRET_CI }}
+          OPENCLAW_QA_CREDENTIAL_ACQUIRE_TIMEOUT_MS: "1800000"
          OPENCLAW_QA_REDACT_PUBLIC_METADATA: "1"
          OPENCLAW_QA_TELEGRAM_CAPTURE_CONTENT: "1"
          INPUT_SCENARIO: ${{ github.event_name == 'workflow_dispatch' && inputs.scenario || '' }}
--- a/test/scripts/package-acceptance-workflow.test.ts
+++ b/test/scripts/package-acceptance-workflow.test.ts
@@ -1184,24 +1184,24 @@ describe("package artifact reuse", () => {
    ]);
  });

-  it("serializes CI Telegram bot consumers across release and QA workflows", () => {
-    const sharedTelegramCredential = {
-      group: "openclaw-telegram-ci-credential",
-      "cancel-in-progress": false,
-    };
+  it("lets CI Telegram consumers wait on Convex leases instead of GitHub concurrency", () => {
+    const telegramJobs = [
+      [NPM_TELEGRAM_WORKFLOW, "run_package_telegram_e2e", "Run package Telegram E2E"],
+      [RELEASE_CHECKS_WORKFLOW, "qa_live_telegram_release_checks", "Run Telegram live lane"],
+      [QA_LIVE_TRANSPORTS_WORKFLOW, "run_live_telegram", "Run Telegram live lane"],
+      [
+        ".github/workflows/mantis-telegram-live.yml",
+        "run_telegram_live",
+        "Run Telegram live scenario and capture desktop evidence",
+      ],
+    ] as const;

-    expect(workflowJob(NPM_TELEGRAM_WORKFLOW, "run_package_telegram_e2e").concurrency).toEqual(
-      sharedTelegramCredential,
-    );
-    expect(
-      workflowJob(RELEASE_CHECKS_WORKFLOW, "qa_live_telegram_release_checks").concurrency,
-    ).toEqual(sharedTelegramCredential);
-    expect(workflowJob(QA_LIVE_TRANSPORTS_WORKFLOW, "run_live_telegram").concurrency).toEqual(
-      sharedTelegramCredential,
-    );
-    expect(
-      workflowJob(".github/workflows/mantis-telegram-live.yml", "run_telegram_live").concurrency,
-    ).toEqual(sharedTelegramCredential);
+    for (const [workflowPath, jobName, stepName] of telegramJobs) {
+      const job = workflowJob(workflowPath, jobName);
+      expect(job.concurrency).toBeUndefined();
+      const step = workflowStep(job, stepName);
+      expect(step.env?.OPENCLAW_QA_CREDENTIAL_ACQUIRE_TIMEOUT_MS).toBe("1800000");
+    }
  });

  it("keeps release QA and repo E2E lanes off scarce 32-core runners", () => {