Slim down SKILL.md to reduce scanner false positive #898
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - run: npm ci | |
| - run: npm run lint | |
| backend-postgres: | |
| name: Backend (PostgreSQL) | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_USER: myuser | |
| POSTGRES_PASSWORD: mypassword | |
| POSTGRES_DB: mydatabase | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd "pg_isready -U myuser -d mydatabase" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| env: | |
| DATABASE_URL: postgresql://myuser:mypassword@localhost:5432/mydatabase | |
| BETTER_AUTH_SECRET: ci-test-secret-at-least-32-characters-long!! | |
| NODE_ENV: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - run: npm ci | |
| - run: npx tsc --noEmit | |
| working-directory: packages/backend | |
| - run: npm run build --workspace=packages/backend | |
| - name: Test migrations | |
| run: npm run migration:run --workspace=packages/backend | |
| - run: npm test --workspace=packages/backend -- --coverage --coverageReporters=lcov | |
| - run: npm run test:e2e --workspace=packages/backend -- --coverage --coverageReporters=lcov | |
| - name: Upload backend coverage to Codecov | |
| if: always() | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| flags: backend | |
| directory: packages/backend/coverage | |
| fail_ci_if_error: false | |
| backend-sqljs: | |
| name: Backend (sql.js / ${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| env: | |
| MANIFEST_MODE: local | |
| BETTER_AUTH_SECRET: ci-test-secret-at-least-32-characters-long!! | |
| NODE_ENV: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - run: npm ci | |
| - run: npm run build --workspace=packages/backend | |
| - name: Unit tests (sql.js dialect) | |
| run: npm test --workspace=packages/backend | |
| - name: E2E tests (sql.js in-memory) | |
| run: npm run test:e2e --workspace=packages/backend | |
| frontend: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - run: npm ci | |
| - run: npx tsc --noEmit | |
| working-directory: packages/frontend | |
| - run: npm test --workspace=packages/frontend -- --coverage | |
| - run: npx vite build | |
| working-directory: packages/frontend | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Upload frontend coverage to Codecov | |
| if: always() | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| flags: frontend | |
| directory: packages/frontend/coverage | |
| fail_ci_if_error: false | |
| plugin: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - run: npm ci | |
| - run: npm test --workspace=packages/openclaw-plugin -- --coverage --coverageReporters=lcov | |
| - name: Upload plugin coverage to Codecov | |
| if: always() | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| flags: plugin | |
| directory: packages/openclaw-plugin/coverage | |
| fail_ci_if_error: false | |
| changeset-check: | |
| name: Changeset status | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' && github.head_ref != 'changeset-release/main' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - run: npm ci | |
| - name: Check changeset status | |
| run: npx changeset status --since=origin/main | |
| continue-on-error: true | |
| - name: Require manifest changeset for backend/frontend changes | |
| run: | | |
| CHANGED_FILES=$(git diff --name-only origin/main...HEAD) | |
| if echo "$CHANGED_FILES" | grep -qE '^packages/(backend|frontend)/'; then | |
| echo "Backend or frontend files changed — checking for manifest changeset..." | |
| NEW_CHANGESETS=$(git diff --name-only origin/main...HEAD -- '.changeset/*.md' | grep -v README.md || true) | |
| if [ -z "$NEW_CHANGESETS" ]; then | |
| echo "::error::Backend or frontend files changed but no new changeset found in this PR." | |
| echo "Run 'npx changeset' and add a patch/minor bump for manifest." | |
| exit 1 | |
| fi | |
| if ! grep -l '"manifest"' $NEW_CHANGESETS 2>/dev/null; then | |
| echo "::error::Backend or frontend files changed but no manifest changeset in this PR." | |
| echo "Run 'npx changeset' and add a patch/minor bump for manifest." | |
| exit 1 | |
| fi | |
| echo "Found manifest changeset." | |
| else | |
| echo "No backend/frontend changes detected — skipping check." | |
| fi |