039aaf176e
- Fix code-size -> code-analysis job name (5 jobs had wrong dependency) - Remove useless install-check job (was no-op) - Add explicit docs_only guard to release-check - Remove dead submodule checkout steps (no submodules in repo) - Rename detect-docs-only -> detect-docs-changes, add docs_changed output - Reorder check script: format first for faster fail - Fix billing error test (PR #12946 removed fallback detection but not test)
6.6 KiB
title, description
| title | description |
|---|---|
| CI Pipeline | How the OpenClaw CI pipeline works and why jobs are ordered the way they are. |
CI Pipeline
OpenClaw uses a tiered CI pipeline that fails fast on cheap checks before running expensive builds and tests. This saves runner minutes and reduces GitHub API pressure.
Pipeline Tiers
Tier 0 — Scope detection (~12 s, free runners)
docs-scope → changed-scope
Tier 1 — Cheapest gates (parallel, ~43 s)
check-format secrets
Tier 2 — After format (parallel, ~2 min)
check-lint code-analysis
Tier 3 — Build (~3 min)
build-artifacts release-check
Tier 4 — Tests (~5 min)
checks (node tsgo / test / protocol, bun test)
checks-windows (lint / test / protocol)
Tier 5 — Platform (most expensive)
macos (TS tests + Swift lint/build/test)
android (test + build)
ios (disabled)
Dependency Graph
docs-scope ──► changed-scope ──┐
│
check-format ──► check-lint ──►├──► build-artifacts ──► release-check
├─► code-analysis ►│ └──► checks-windows
├──► checks
├──► macos
└──► android
secrets (independent)
Job Details
Tier 0 — Scope Detection
| Job | Runner | Purpose |
|---|---|---|
docs-scope |
ubuntu-latest |
Detects docs-only PRs to skip heavy jobs |
changed-scope |
ubuntu-latest |
Detects which areas changed (node/macos/android) to skip unrelated jobs |
Tier 1 — Cheapest Gates
| Job | Runner | Purpose |
|---|---|---|
check-format |
Blacksmith 4 vCPU | Runs pnpm format — cheapest gate (~43 s) |
secrets |
Blacksmith 4 vCPU | Runs detect-secrets scan against baseline |
Tier 2 — After Format
| Job | Runner | Depends on | Purpose |
|---|---|---|---|
check-lint |
Blacksmith 4 vCPU | check-format |
Runs pnpm lint — cleaner output after format passes |
code-analysis |
Blacksmith 4 vCPU | check-format |
Checks LOC thresholds — accurate counts need formatted code |
Tier 3 — Build
| Job | Runner | Depends on | Purpose |
|---|---|---|---|
build-artifacts |
Blacksmith 4 vCPU | check-lint, code-analysis |
Builds dist and uploads artifact |
release-check |
Blacksmith 4 vCPU | build-artifacts |
Validates npm pack contents |
Tier 4+ — Tests and Platform
| Job | Runner | Depends on | Purpose |
|---|---|---|---|
checks |
Blacksmith 4 vCPU | check-lint, code-analysis |
TypeScript checks, tests (Node + Bun), protocol checks |
checks-windows |
Blacksmith Windows | build-artifacts, check-lint, code-analysis |
Windows-specific lint, tests, protocol checks |
macos |
macos-latest |
check-lint, code-analysis |
TS tests + Swift lint/build/test (PR only) |
android |
Blacksmith 4 vCPU | check-lint, code-analysis |
Gradle test + build |
Code-Analysis Gate
The code-analysis job runs scripts/analyze_code_files.py on PRs to catch:
- Threshold crossings — files that grew past 1000 lines in the PR
- Already-large files growing — files already over 1000 lines that got bigger
- Duplicate function regressions — new duplicate functions introduced by the PR
When --strict is set, any violation fails the job and blocks all downstream
work. On push to main, the code-analysis steps are skipped (the job passes as a
no-op) so pushes still run the full test suite.
Excluded Directories
The analysis skips: node_modules, dist, vendor, .git, coverage,
Swabble, skills, .pi and other non-source directories. See the
SKIP_DIRS set in scripts/analyze_code_files.py for the full list.
Fail-Fast Behavior
Bad PR (formatting violations):
check-formatfails at ~43 scheck-lint,code-analysis, and all downstream jobs never start- Total cost: ~1 runner-minute
Bad PR (lint or LOC violations, good format):
check-formatpasses →check-lintandcode-analysisrun in parallel- One or both fail → all downstream jobs skipped
- Total cost: ~3 runner-minutes
Good PR:
- Critical path:
check-format(43 s) →check-lint(1m 46 s) →build-artifacts→checks code-analysisruns in parallel withcheck-lint, adding no latency
Composite Action
The setup-node-env composite action (.github/actions/setup-node-env/)
handles the shared setup boilerplate:
- Node.js 22 setup
- pnpm via corepack + store cache
- Optional Bun install
pnpm installwith retry
The macos job also caches SwiftPM packages (~/Library/Caches/org.swift.swiftpm)
to speed up dependency resolution.
This eliminates ~40 lines of duplicated YAML per job.
Push vs PR Behavior
| Trigger | code-analysis |
Downstream jobs |
|---|---|---|
Push to main |
Steps skipped (job passes) | Run normally |
| Pull request | Full analysis with --strict |
Blocked on violations |
Runners
| Name | OS | vCPUs | Used by |
|---|---|---|---|
blacksmith-4vcpu-ubuntu-2404 |
Ubuntu 24.04 | 4 | Most jobs |
blacksmith-4vcpu-windows-2025 |
Windows 2025 | 4 | checks-windows |
macos-latest |
macOS | — | macos, ios |
ubuntu-latest |
Ubuntu | 2 | Scope detection |