From 52aef229091fd56f623cf5811f2d5ad52764bb82 Mon Sep 17 00:00:00 2001 From: Vincent Koc <25068+vincentkoc@users.noreply.github.com> Date: Wed, 24 Jun 2026 13:47:50 +0800 Subject: [PATCH] ci(openshell): provision gateway for e2e --- .../openclaw-live-and-e2e-checks-reusable.yml | 75 ++++++++++++++++++- 1 file changed, 74 insertions(+), 1 deletion(-) diff --git a/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml b/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml index 9dda4357a19..9a1ca39a0d8 100644 --- a/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml +++ b/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml @@ -609,7 +609,6 @@ jobs: requires_repo_e2e: true requires_live_suites: false env: - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} OPENCLAW_E2E_WORKERS: "1" OPENCLAW_VITEST_MAX_WORKERS: "1" steps: @@ -643,9 +642,74 @@ jobs: set -euo pipefail case "${{ matrix.suite_id }}" in openshell-e2e) + echo "OPENCLAW_E2E_OPENSHELL_CONFIG_HOME=$HOME/.config" >> "$GITHUB_ENV" ;; esac + - name: Install OpenShell CLI + if: | + (inputs.live_suite_filter == '' || inputs.live_suite_filter == matrix.suite_id) && + matrix.suite_id == 'openshell-e2e' + shell: bash + run: | + set -euo pipefail + export OPENSHELL_VERSION=v0.0.68 + curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/d64542f69d06694cbd203b64929d286dd0533bbb/install.sh | sh + openshell --version + + - name: Bootstrap OpenShell gateway + if: | + (inputs.live_suite_filter == '' || inputs.live_suite_filter == matrix.suite_id) && + matrix.suite_id == 'openshell-e2e' + shell: bash + run: | + set -euo pipefail + mtls_dir="$HOME/.config/openshell/gateways/openshell/mtls" + gateway_tls_dir="$RUNNER_TEMP/openshell-gateway-certs" + fallback_pid="" + if ! openshell --gateway openshell sandbox list >/dev/null 2>&1; then + rm -rf "$gateway_tls_dir" + openshell-gateway generate-certs \ + --output-dir "$gateway_tls_dir" \ + --server-san 127.0.0.1 \ + --server-san localhost \ + --server-san host.openshell.internal + rm -rf "$mtls_dir" + mkdir -p "$mtls_dir" + cp "$gateway_tls_dir/ca.crt" "$mtls_dir/ca.crt" + cp "$gateway_tls_dir/client/tls.crt" "$mtls_dir/tls.crt" + cp "$gateway_tls_dir/client/tls.key" "$mtls_dir/tls.key" + openshell gateway remove openshell >/dev/null 2>&1 || true + OPENSHELL_LOCAL_TLS_DIR="$gateway_tls_dir" nohup openshell-gateway \ + --bind-address 0.0.0.0 \ + --port 17670 \ + --drivers docker \ + --tls-cert "$gateway_tls_dir/server/tls.crt" \ + --tls-key "$gateway_tls_dir/server/tls.key" \ + --tls-client-ca "$mtls_dir/ca.crt" \ + >"$RUNNER_TEMP/openshell-gateway.log" 2>&1 & + fallback_pid=$! + echo "OPENCLAW_OPENSHELL_FALLBACK_PID=$fallback_pid" >> "$GITHUB_ENV" + for _ in $(seq 1 30); do + if openshell gateway add --local --name openshell https://127.0.0.1:17670; then + break + fi + sleep 1 + done + openshell gateway select openshell + for _ in $(seq 1 60); do + if openshell --gateway openshell sandbox list >/dev/null 2>&1; then + break + fi + sleep 1 + done + fi + if [[ -z "$fallback_pid" ]]; then + echo "OPENCLAW_OPENSHELL_FALLBACK_PID=" >> "$GITHUB_ENV" + fi + openshell --gateway openshell sandbox list >/dev/null + openshell gateway list + - name: Validate suite credentials if: inputs.live_suite_filter == '' || inputs.live_suite_filter == matrix.suite_id shell: bash @@ -665,6 +729,15 @@ jobs: (inputs.live_suite_filter == '' || inputs.live_suite_filter == matrix.suite_id) run: ${{ matrix.command }} + - name: Stop fallback OpenShell gateway + if: always() && matrix.suite_id == 'openshell-e2e' + shell: bash + run: | + set -euo pipefail + if [[ -n "${OPENCLAW_OPENSHELL_FALLBACK_PID:-}" ]]; then + kill "$OPENCLAW_OPENSHELL_FALLBACK_PID" 2>/dev/null || true + fi + validate_docker_e2e: needs: [validate_selected_ref, prepare_docker_e2e_image, plan_release_workflow_matrices] if: inputs.include_release_path_suites && inputs.docker_lanes == '' && needs.plan_release_workflow_matrices.outputs.docker_e2e_count != '0'