From d26cef42490caae2c7b731973d8a2a10f39072f6 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Thu, 4 Jun 2026 03:59:42 +0200 Subject: [PATCH] fix(ci): preserve crabbox hydrate pnpm store --- .github/workflows/crabbox-hydrate.yml | 24 ++++++++++++------- CHANGELOG.md | 1 + .../package-acceptance-workflow.test.ts | 16 ++++++++++--- 3 files changed, 30 insertions(+), 11 deletions(-) diff --git a/.github/workflows/crabbox-hydrate.yml b/.github/workflows/crabbox-hydrate.yml index 7d48ae3c9fb2..522e2de474bd 100644 --- a/.github/workflows/crabbox-hydrate.yml +++ b/.github/workflows/crabbox-hydrate.yml @@ -34,7 +34,7 @@ env: PNPM_CONFIG_CHILD_CONCURRENCY: "1" PNPM_CONFIG_MODULES_DIR: "/var/tmp/openclaw-pnpm/node_modules" PNPM_CONFIG_NETWORK_CONCURRENCY: "1" - PNPM_CONFIG_STORE_DIR: "/var/tmp/openclaw-pnpm/store" + PNPM_CONFIG_STORE_DIR: "/var/cache/crabbox/pnpm/store" PNPM_CONFIG_VERIFY_DEPS_BEFORE_RUN: "false" PNPM_CONFIG_VIRTUAL_STORE_DIR: "/var/tmp/openclaw-pnpm/virtual-store" @@ -120,16 +120,24 @@ jobs: append_pnpm_option_arg PNPM_CONFIG_MODULES_DIR modules-dir append_pnpm_option_arg PNPM_CONFIG_NETWORK_CONCURRENCY network-concurrency append_pnpm_option_arg PNPM_CONFIG_VIRTUAL_STORE_DIR virtual-store-dir - reset_crabbox_pnpm_root() { - local root="/var/tmp/openclaw-pnpm" - rm -rf -- "$root" - mkdir -p "$root" - if [ -L "$root" ] || [ ! -d "$root" ] || [ ! -O "$root" ]; then - echo "::error::Refusing unsafe pnpm cache root: $root" + require_safe_writable_dir() { + local dir="$1" + if [ -L "$dir" ] || [ ! -d "$dir" ] || [ ! -w "$dir" ]; then + echo "::error::Refusing unsafe pnpm directory: $dir" exit 1 fi } - reset_crabbox_pnpm_root + prepare_crabbox_pnpm_dirs() { + local volatile_root="/var/tmp/openclaw-pnpm" + case "${PNPM_CONFIG_MODULES_DIR:?}" in "$volatile_root"/*) ;; *) echo "::error::PNPM_CONFIG_MODULES_DIR must stay under $volatile_root"; exit 1 ;; esac + case "${PNPM_CONFIG_VIRTUAL_STORE_DIR:?}" in "$volatile_root"/*) ;; *) echo "::error::PNPM_CONFIG_VIRTUAL_STORE_DIR must stay under $volatile_root"; exit 1 ;; esac + rm -rf -- "$volatile_root" + mkdir -p "$volatile_root" "$PNPM_CONFIG_STORE_DIR" + require_safe_writable_dir "$volatile_root" + require_safe_writable_dir "$PNPM_CONFIG_STORE_DIR" + mkdir -p "$PNPM_CONFIG_MODULES_DIR" "$PNPM_CONFIG_VIRTUAL_STORE_DIR" + } + prepare_crabbox_pnpm_dirs if [ -L node_modules ] && [ "$(readlink node_modules)" = "${PNPM_CONFIG_MODULES_DIR:-}" ]; then rm -f node_modules fi diff --git a/CHANGELOG.md b/CHANGELOG.md index bc81a896afa6..3849ef69e98c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,7 @@ Docs: https://docs.openclaw.ai - Plugins/auth: keep Hermes migration reports pointed at SQLite auth-profile stores and keep plugin auth-profile reuse tests on the current store path. - Security/config/tooling: reject corrupt shell snapshots, suspicious gateway startup configs, malformed release/test/tooling/Docker/perf numeric limits, oversized audit responses, unsafe exec precheck env, and invalid pending-agent SQLite scaffold denials. (#89701, #89705, #89480, #81488) Thanks @RomneyDa and @mmaps. - Release/CI/E2E: restore package changelog extraction after the post-2026.6.1 version bump, keep hydrated pnpm modules under `node_modules` for ARM/Linux package lifecycle scripts, keep OpenAI live-cache prerequisites advisory while Anthropic prerequisites stay blocking, retry Windows Parallels background log appends on transient file-lock errors, bound candidate GitHub and cross-OS Discord fetches, harden ARM smoke/browser checks, show Docker build heartbeats, reset Crabbox pnpm hydrate state, and isolate Testbox/Docker/release journey artifacts. +- Release/CI/E2E: keep Crabbox hydrate pnpm stores on the persistent cache volume while still resetting volatile modules, reducing cold installs and runner memory churn. ## 2026.6.1 diff --git a/test/scripts/package-acceptance-workflow.test.ts b/test/scripts/package-acceptance-workflow.test.ts index 6f80a95f7eda..07e8a002d697 100644 --- a/test/scripts/package-acceptance-workflow.test.ts +++ b/test/scripts/package-acceptance-workflow.test.ts @@ -141,9 +141,19 @@ describe("package acceptance workflow", () => { expect(hydratePnpm.if).toBeUndefined(); expect(hydratePnpm.run).toContain('corepack enable --install-directory "$PNPM_HOME"'); expect(hydratePnpm.run).toContain("COREPACK_HOME"); - expect(hydratePnpm.run).toContain("reset_crabbox_pnpm_root"); - expect(hydratePnpm.run).toContain('rm -rf -- "$root"'); - expect(hydratePnpm.run).toContain("Refusing unsafe pnpm cache root"); + expect(workflowText).toContain('PNPM_CONFIG_STORE_DIR: "/var/cache/crabbox/pnpm/store"'); + expect(hydratePnpm.run).toContain("prepare_crabbox_pnpm_dirs"); + expect(hydratePnpm.run).toContain('case "${PNPM_CONFIG_MODULES_DIR:?}" in "$volatile_root"/*)'); + expect(hydratePnpm.run).toContain( + 'case "${PNPM_CONFIG_VIRTUAL_STORE_DIR:?}" in "$volatile_root"/*)', + ); + expect(hydratePnpm.run).toContain('rm -rf -- "$volatile_root"'); + expect(hydratePnpm.run).toContain('mkdir -p "$volatile_root" "$PNPM_CONFIG_STORE_DIR"'); + expect(hydratePnpm.run).toContain( + 'mkdir -p "$PNPM_CONFIG_MODULES_DIR" "$PNPM_CONFIG_VIRTUAL_STORE_DIR"', + ); + expect(hydratePnpm.run).toContain("Refusing unsafe pnpm directory"); + expect(hydratePnpm.run).not.toContain('rm -rf -- "${PNPM_CONFIG_MODULES_DIR:?}"'); expect(hydratePnpm.run).toContain( '[ "$(readlink node_modules)" = "${PNPM_CONFIG_MODULES_DIR:-}" ]', );