fix(skill-release): authenticate pinned clawhub install

2026-06-24 10:51:22 +03:00 · 2026-06-15 12:33:13 +03:00
parent 8bc61144c9
commit c14ccea355
4 changed files with 145 additions and 84 deletions
@@ -1685,6 +1685,10 @@ jobs:
      contents: read
    env:
      CLAWHUB_TOKEN: ${{ secrets.CLAWHUB_TOKEN }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
+      AWS_REGION: eu-north-1
    steps:
      - name: Check if publishable
        if: needs.release-tag.outputs.publish_clawhub != 'true'
@@ -1704,52 +1708,12 @@ jobs:

      - name: Install clawhub CLI
        if: needs.release-tag.outputs.publish_clawhub == 'true' && env.CLAWHUB_TOKEN != ''
-        run: |
-          npm ci --prefix .github/clawhub-cli
-          echo "${GITHUB_WORKSPACE}/.github/clawhub-cli/node_modules/.bin" >> "$GITHUB_PATH"
+        run: bash scripts/ci/install_clawhub_cli.sh

      - name: Patch clawhub publish payload workaround
        # Temporary: clawhub@0.7.0 publish payload is missing acceptLicenseTerms.
        if: needs.release-tag.outputs.publish_clawhub == 'true' && env.CLAWHUB_TOKEN != ''
-        run: |
-          node <<'NODE'
-          const fs = require("node:fs");
-          const path = require("node:path");
-
-          const npmRoot = path.join(process.env.GITHUB_WORKSPACE, ".github", "clawhub-cli", "node_modules");
-          const publishScriptPath = path.join(
-            npmRoot,
-            "clawhub",
-            "dist",
-            "cli",
-            "commands",
-            "publish.js"
-          );
-
-          if (!fs.existsSync(publishScriptPath)) {
-            throw new Error(`clawhub publish script not found: ${publishScriptPath}`);
-          }
-
-          const original = fs.readFileSync(publishScriptPath, "utf8");
-          if (original.includes("acceptLicenseTerms: true")) {
-            console.log(`[patch-clawhub] Already patched: ${publishScriptPath}`);
-            process.exit(0);
-          }
-
-          const payloadPattern = /changelog,\r?\n(\s*)tags,/;
-          if (!payloadPattern.test(original)) {
-            throw new Error(
-              `[patch-clawhub] Could not find expected publish payload pattern in ${publishScriptPath}`
-            );
-          }
-
-          const patched = original.replace(
-            payloadPattern,
-            (_, indent) => `changelog,\n${indent}acceptLicenseTerms: true,\n${indent}tags,`
-          );
-          fs.writeFileSync(publishScriptPath, patched, "utf8");
-          console.log(`[patch-clawhub] Patched: ${publishScriptPath}`);
-          NODE
+        run: node scripts/ci/patch_clawhub_publish_payload.mjs

      - name: Login to ClawHub
        if: needs.release-tag.outputs.publish_clawhub == 'true' && env.CLAWHUB_TOKEN != ''
@@ -1831,6 +1795,10 @@ jobs:
      contents: read
    env:
      CLAWHUB_TOKEN: ${{ secrets.CLAWHUB_TOKEN }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
+      AWS_REGION: eu-north-1
    steps:
      - name: Parse tag
        id: parse
@@ -1895,51 +1863,11 @@ jobs:
        run: node scripts/ci/validate_skill_install_docs.mjs --skills "${{ steps.parse.outputs.skill_path }}"

      - name: Install clawhub CLI
-        run: |
-          npm ci --prefix .github/clawhub-cli
-          echo "${GITHUB_WORKSPACE}/.github/clawhub-cli/node_modules/.bin" >> "$GITHUB_PATH"
+        run: bash scripts/ci/install_clawhub_cli.sh

      - name: Patch clawhub publish payload workaround
        # Temporary: clawhub@0.7.0 publish payload is missing acceptLicenseTerms.
-        run: |
-          node <<'NODE'
-          const fs = require("node:fs");
-          const path = require("node:path");
-
-          const npmRoot = path.join(process.env.GITHUB_WORKSPACE, ".github", "clawhub-cli", "node_modules");
-          const publishScriptPath = path.join(
-            npmRoot,
-            "clawhub",
-            "dist",
-            "cli",
-            "commands",
-            "publish.js"
-          );
-
-          if (!fs.existsSync(publishScriptPath)) {
-            throw new Error(`clawhub publish script not found: ${publishScriptPath}`);
-          }
-
-          const original = fs.readFileSync(publishScriptPath, "utf8");
-          if (original.includes("acceptLicenseTerms: true")) {
-            console.log(`[patch-clawhub] Already patched: ${publishScriptPath}`);
-            process.exit(0);
-          }
-
-          const payloadPattern = /changelog,\r?\n(\s*)tags,/;
-          if (!payloadPattern.test(original)) {
-            throw new Error(
-              `[patch-clawhub] Could not find expected publish payload pattern in ${publishScriptPath}`
-            );
-          }
-
-          const patched = original.replace(
-            payloadPattern,
-            (_, indent) => `changelog,\n${indent}acceptLicenseTerms: true,\n${indent}tags,`
-          );
-          fs.writeFileSync(publishScriptPath, patched, "utf8");
-          console.log(`[patch-clawhub] Patched: ${publishScriptPath}`);
-          NODE
+        run: node scripts/ci/patch_clawhub_publish_payload.mjs

      - name: Login to ClawHub
        run: |