openclaw/nix-openclaw
openclaw/nix-openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

CI: run cache/config guards after yolo pins

Browse Source 
What: trigger Cache Only + Config Options Guard via workflow_run on Yolo Update Pins
Why: Yolo uses GITHUB_TOKEN so push workflows don't fire; ensures guardrails run on pin bumps
Tests: not run (CI config change)
This commit is contained in:
DJTBOT 2026-01-29 21:37:29 +01:00
parent c7b2cd9177
commit 6a6ca672e5
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/cache-only.yml vendored
View File

@ -4,13 +4,21 @@ on:
pull_request:
push:
branches: [ main ]
workflow_run:
workflows: [ "Yolo Update Pins" ]
types: [ completed ]
jobs:
cache-only:
if: ${{ github.event_name != 'workflow_run' || (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main') }}
runs-on: ubuntu-latest
env:
TARGET_SHA: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_sha || github.sha }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ env.TARGET_SHA }}
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v13
@ -22,12 +30,13 @@ jobs:
const waitMinutes = 30
const intervalMs = 30_000
const deadline = Date.now() + waitMinutes * 60 * 1000
const targetSha = process.env.TARGET_SHA || context.sha
while (true) {
const { data } = await github.rest.checks.listForRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: context.sha,
ref: targetSha,
})
const garnix = data.check_runs.find((run) => run.name === 'All Garnix checks')
if (garnix && garnix.status === 'completed') {

8
.github/workflows/config-options-check.yml vendored
View File

@ -4,13 +4,21 @@ on:
pull_request:
push:
branches: [ main ]
workflow_run:
workflows: [ "Yolo Update Pins" ]
types: [ completed ]
jobs:
config-options:
if: ${{ github.event_name != 'workflow_run' || (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main') }}
runs-on: ubuntu-latest
env:
TARGET_SHA: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_sha || github.sha }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ env.TARGET_SHA }}
- name: Verify flake.lock owners
run: scripts/check-flake-lock-owners.sh