diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 6d0b9eb19..c35bb9755 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "b7fba2100f1780f9d2485ed7452482359747d1a1", - "syncedAt": "2026-04-24T06:33:36.993Z" + "sha": "972c7112a292f2776b8008b8c0e311e64569236f", + "syncedAt": "2026-04-24T06:38:26.026Z" } diff --git a/docs/help/testing.md b/docs/help/testing.md index f86373d78..6703a5689 100644 --- a/docs/help/testing.md +++ b/docs/help/testing.md @@ -112,7 +112,16 @@ runs the same lanes before release approval. live Telegram QA lane with that installed package as the SUT Gateway. - Defaults to `OPENCLAW_NPM_TELEGRAM_PACKAGE_SPEC=openclaw@beta`. - Uses the same Telegram env credentials or Convex credential source as - `pnpm openclaw qa telegram`. + `pnpm openclaw qa telegram`. For CI/release automation, set + `OPENCLAW_NPM_TELEGRAM_CREDENTIAL_SOURCE=convex` plus + `OPENCLAW_QA_CONVEX_SITE_URL` and the role secret. If + `OPENCLAW_QA_CONVEX_SITE_URL` and a Convex role secret are present in CI, + the Docker wrapper selects Convex automatically. + - `OPENCLAW_NPM_TELEGRAM_CREDENTIAL_ROLE=ci|maintainer` overrides the shared + `OPENCLAW_QA_CREDENTIAL_ROLE` for this lane only. + - GitHub Actions exposes this lane as the manual maintainer workflow + `NPM Telegram Beta E2E`. It does not run on merge. The workflow uses the + `qa-live-shared` environment and Convex CI credential leases. - `pnpm test:docker:bundled-channel-deps` - Packs and installs the current OpenClaw build in Docker, starts the Gateway with OpenAI configured, then enables bundled channel/plugins via config diff --git a/docs/reference/RELEASING.md b/docs/reference/RELEASING.md index 3df429a05..b3ee390dd 100644 --- a/docs/reference/RELEASING.md +++ b/docs/reference/RELEASING.md @@ -88,9 +88,14 @@ OpenClaw has three public release lanes: `node --import tsx scripts/openclaw-npm-postpublish-verify.ts YYYY.M.D` (or the matching beta/correction version) to verify the published registry install path in a fresh temp prefix -- After a beta publish, run `OPENCLAW_NPM_TELEGRAM_PACKAGE_SPEC=openclaw@YYYY.M.D-beta.N pnpm test:docker:npm-telegram-live` +- After a beta publish, run `OPENCLAW_NPM_TELEGRAM_PACKAGE_SPEC=openclaw@YYYY.M.D-beta.N OPENCLAW_NPM_TELEGRAM_CREDENTIAL_SOURCE=convex OPENCLAW_NPM_TELEGRAM_CREDENTIAL_ROLE=ci pnpm test:docker:npm-telegram-live` to verify installed-package onboarding, Telegram setup, and real Telegram E2E - against the published npm package. + against the published npm package using the shared leased Telegram credential + pool. Local maintainer one-offs may omit the Convex vars and pass the three + `OPENCLAW_QA_TELEGRAM_*` env credentials directly. +- Maintainers can run the same post-publish check from GitHub Actions via the + manual `NPM Telegram Beta E2E` workflow. It is intentionally manual-only and + does not run on every merge. - Maintainer release automation now uses preflight-then-promote: - real npm publish must pass a successful npm `preflight_run_id` - the real npm publish must be dispatched from the same `main` or