fix(openclaw-gateway): validate symlinks after overlay patches #47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Pi Packages | |
| on: | |
| push: | |
| branches: [main] | |
| paths: | |
| - "pi-packages/pi-*/package.json" | |
| - "pi-packages/pi-*/src/**" | |
| - "pi-packages/pi-*/index.ts" | |
| workflow_dispatch: | |
| inputs: | |
| package: | |
| description: "Specific package to publish (e.g. pi-dcp), or blank for all changed" | |
| required: false | |
| type: string | |
| dry-run: | |
| description: "Dry run (don't actually publish)" | |
| required: false | |
| type: boolean | |
| default: false | |
| # OIDC for npm Trusted Publishing (no stored NPM_TOKEN needed) | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| detect: | |
| name: Detect changed packages | |
| runs-on: ubuntu-latest | |
| outputs: | |
| packages: ${{ steps.detect.outputs.packages }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - id: detect | |
| run: | | |
| if [ -n "${{ inputs.package }}" ]; then | |
| echo "packages=[\"${{ inputs.package }}\"]" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| # Find packages whose version changed since last commit | |
| changed=() | |
| for pkg_dir in pi-packages/pi-*/; do | |
| pkg=$(basename "$pkg_dir") | |
| pkg_json="$pkg_dir/package.json" | |
| [ -f "$pkg_json" ] || continue | |
| if git diff --name-only HEAD~1 HEAD -- "$pkg_dir" | grep -qE '(package\.json|src/|index\.ts)'; then | |
| old_ver=$(git show HEAD~1:"$pkg_json" 2>/dev/null | jq -r '.version // "0.0.0"') | |
| new_ver=$(jq -r '.version' "$pkg_json") | |
| if [ "$old_ver" != "$new_ver" ]; then | |
| changed+=("$pkg") | |
| fi | |
| fi | |
| done | |
| if [ ${#changed[@]} -eq 0 ]; then | |
| echo "packages=[]" >> "$GITHUB_OUTPUT" | |
| else | |
| json=$(printf '%s\n' "${changed[@]}" | jq -R . | jq -sc .) | |
| echo "packages=$json" >> "$GITHUB_OUTPUT" | |
| fi | |
| - run: echo "Packages to publish:${{ steps.detect.outputs.packages }}" | |
| publish: | |
| name: Publish ${{ matrix.package }} | |
| needs: detect | |
| if: needs.detect.outputs.packages != '[]' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| package: ${{ fromJson(needs.detect.outputs.packages) }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Install workspace dependencies | |
| working-directory: pi-packages | |
| run: npm install --ignore-scripts | |
| - name: Publish | |
| working-directory: pi-packages/${{ matrix.package }} | |
| run: | | |
| FLAGS="--access public" | |
| if [ "${{ inputs.dry-run }}" = "true" ]; then | |
| FLAGS="$FLAGS --dry-run" | |
| fi | |
| npm publish $FLAGS | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |