mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-23 02:11:22 +03:00
fix(release): update clawhub slug pipeline deps
This commit is contained in:
David Abutbul
@@ -1,35 +0,0 @@
|
||||
import fs from "node:fs";
|
||||
import path from "node:path";
|
||||
|
||||
const workspace = process.env.GITHUB_WORKSPACE || process.cwd();
|
||||
const npmRoot = path.join(workspace, ".github", "clawhub-cli", "node_modules");
|
||||
const publishScriptPath = path.join(
|
||||
npmRoot,
|
||||
"clawhub",
|
||||
"dist",
|
||||
"cli",
|
||||
"commands",
|
||||
"publish.js",
|
||||
);
|
||||
|
||||
if (!fs.existsSync(publishScriptPath)) {
|
||||
throw new Error(`clawhub publish script not found: ${publishScriptPath}`);
|
||||
}
|
||||
|
||||
const original = fs.readFileSync(publishScriptPath, "utf8");
|
||||
if (original.includes("acceptLicenseTerms: true")) {
|
||||
console.log(`[patch-clawhub] Already patched: ${publishScriptPath}`);
|
||||
process.exit(0);
|
||||
}
|
||||
|
||||
const payloadPattern = /changelog,\r?\n(\s*)tags,/;
|
||||
if (!payloadPattern.test(original)) {
|
||||
throw new Error(`[patch-clawhub] Could not find expected publish payload pattern in ${publishScriptPath}`);
|
||||
}
|
||||
|
||||
const patched = original.replace(
|
||||
payloadPattern,
|
||||
(_, indent) => `changelog,\n${indent}acceptLicenseTerms: true,\n${indent}tags,`,
|
||||
);
|
||||
fs.writeFileSync(publishScriptPath, patched, "utf8");
|
||||
console.log(`[patch-clawhub] Patched: ${publishScriptPath}`);
|
||||
@@ -4,6 +4,7 @@ import path from "node:path";
|
||||
import { collectDeclaredPlatforms, PLATFORM_KEYS } from "./skill_platforms.mjs";
|
||||
|
||||
const EXPLICIT_SLUGS = new Map([
|
||||
["clawsec-suite", "clawsec"],
|
||||
["openclaw-traffic-guardian", "clawsec-openclaw-traffic-guardian"],
|
||||
["openclaw-audit-watchdog", "clawsec-openclaw-audit-watchdog"],
|
||||
["soul-guardian", "clawsec-openclaw-soul-guardian"],
|
||||
@@ -43,14 +44,14 @@ export function resolveClawHubSlug({ name, platforms = [] }) {
|
||||
throw new Error(`Invalid skill name for ClawHub slug mapping: ${name}`);
|
||||
}
|
||||
|
||||
if (name.startsWith("clawsec-")) {
|
||||
return name;
|
||||
}
|
||||
|
||||
if (EXPLICIT_SLUGS.has(name)) {
|
||||
return EXPLICIT_SLUGS.get(name);
|
||||
}
|
||||
|
||||
if (name.startsWith("clawsec-")) {
|
||||
return name;
|
||||
}
|
||||
|
||||
if (PLATFORM_KEYS.some((platform) => name.startsWith(`${platform}-`))) {
|
||||
return `clawsec-${name}`;
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ const cases = [
|
||||
["picoclaw-traffic-guardian", ["picoclaw"], "clawsec-picoclaw-traffic-guardian"],
|
||||
["clawtributor", ["openclaw", "nanoclaw", "hermes", "picoclaw"], "clawsec-clawtributor"],
|
||||
["clawsec-feed", ["openclaw"], "clawsec-feed"],
|
||||
["clawsec-suite", ["openclaw"], "clawsec-suite"],
|
||||
["clawsec-suite", ["openclaw"], "clawsec"],
|
||||
];
|
||||
|
||||
for (const [name, platforms, expected] of cases) {
|
||||
|
||||
@@ -5,12 +5,10 @@ const workflowPath = new URL('../.github/workflows/skill-release.yml', import.me
|
||||
const ciWorkflowPath = new URL('../.github/workflows/ci.yml', import.meta.url);
|
||||
const validateSkillInstallDocsPath = new URL('./ci/validate_skill_install_docs.mjs', import.meta.url);
|
||||
const installClawhubCliPath = new URL('./ci/install_clawhub_cli.sh', import.meta.url);
|
||||
const patchClawhubPayloadPath = new URL('./ci/patch_clawhub_publish_payload.mjs', import.meta.url);
|
||||
const workflow = await readFile(workflowPath, 'utf8');
|
||||
const ciWorkflow = await readFile(ciWorkflowPath, 'utf8');
|
||||
const validateSkillInstallDocs = await readFile(validateSkillInstallDocsPath, 'utf8');
|
||||
const installClawhubCli = await readFile(installClawhubCliPath, 'utf8');
|
||||
const patchClawhubPayload = await readFile(patchClawhubPayloadPath, 'utf8');
|
||||
|
||||
assert.match(
|
||||
workflow,
|
||||
@@ -341,18 +339,18 @@ assert.match(
|
||||
'ClawHub publish must use the resolved ClawHub slug',
|
||||
);
|
||||
|
||||
assert.match(
|
||||
workflow,
|
||||
/clawhub publish "\$SKILL_PATH"[\s\S]*--slug "\$CLAWHUB_SLUG"/,
|
||||
'ClawHub publish must use the resolved ClawHub slug',
|
||||
);
|
||||
|
||||
assert.equal(
|
||||
workflow.match(/bash scripts\/ci\/install_clawhub_cli\.sh/g)?.length,
|
||||
2,
|
||||
'ClawHub publish and republish jobs must share the same pinned CLI installer',
|
||||
);
|
||||
|
||||
assert.equal(
|
||||
workflow.match(/node scripts\/ci\/patch_clawhub_publish_payload\.mjs/g)?.length,
|
||||
2,
|
||||
'ClawHub publish and republish jobs must share the same payload patch helper',
|
||||
);
|
||||
|
||||
assert.doesNotMatch(
|
||||
workflow,
|
||||
/npm ci --prefix \.github\/clawhub-cli/,
|
||||
@@ -365,6 +363,12 @@ assert.doesNotMatch(
|
||||
'ClawHub payload patching must not be duplicated inline in the workflow',
|
||||
);
|
||||
|
||||
assert.doesNotMatch(
|
||||
workflow,
|
||||
/patch_clawhub_publish_payload\.mjs|Patch clawhub publish payload workaround/,
|
||||
'Current ClawHub CLI publish flow must not rely on the retired acceptLicenseTerms payload patch workaround',
|
||||
);
|
||||
|
||||
for (const secret of ['AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY', 'AWS_SESSION_TOKEN']) {
|
||||
assert.match(
|
||||
workflow,
|
||||
@@ -391,18 +395,6 @@ assert.match(
|
||||
'ClawHub CLI installer must expose the pinned clawhub binary on GITHUB_PATH',
|
||||
);
|
||||
|
||||
assert.match(
|
||||
patchClawhubPayload,
|
||||
/const payloadPattern = \/changelog,\\r\?\\n\(\\s\*\)tags,\/;/,
|
||||
'ClawHub payload patch helper must target the expected publish payload shape',
|
||||
);
|
||||
|
||||
assert.match(
|
||||
patchClawhubPayload,
|
||||
/acceptLicenseTerms: true/,
|
||||
'ClawHub payload patch helper must preserve the acceptLicenseTerms workaround',
|
||||
);
|
||||
|
||||
assert.doesNotMatch(
|
||||
workflow,
|
||||
/clawhub inspect "\$SKILL_NAME" --version "\$VERSION" --json/,
|
||||
|
||||
Reference in New Issue
Block a user