fix(release): validate built tarballs in workflows

2026-04-23 22:55:24 +00:00 · 2026-03-28 22:33:24 +00:00
parent 1249dad6c4
commit 664680318e
2 changed files with 40 additions and 25 deletions
--- a/.github/workflows/macos-release.yml
+++ b/.github/workflows/macos-release.yml
@@ -58,6 +58,12 @@ jobs:
          RELEASE_TAG: ${{ inputs.tag }}
        run: gh release view "$RELEASE_TAG" --repo "$GITHUB_REPOSITORY" >/dev/null

+      - name: Build
+        run: pnpm build
+
+      - name: Build Control UI
+        run: pnpm ui:build
+
      - name: Validate release tag and package metadata
        env:
          RELEASE_TAG: ${{ inputs.tag }}
--- a/.github/workflows/openclaw-npm-release.yml
+++ b/.github/workflows/openclaw-npm-release.yml
@@ -52,19 +52,6 @@ jobs:
          install-bun: "false"
          use-sticky-disk: "false"

-      - name: Validate release tag and package metadata
-        env:
-          RELEASE_TAG: ${{ inputs.tag }}
-          RELEASE_MAIN_REF: origin/main
-        run: |
-          set -euo pipefail
-          RELEASE_SHA=$(git rev-parse HEAD)
-          export RELEASE_SHA RELEASE_TAG RELEASE_MAIN_REF
-          # Fetch the full main ref so merge-base ancestry checks keep working
-          # for older tagged commits that are still contained in main.
-          git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
-          pnpm release:openclaw:npm:check
-
      - name: Ensure version is not already published
        env:
          PREFLIGHT_ONLY: ${{ inputs.preflight_only }}
@@ -89,6 +76,22 @@ jobs:
      - name: Build
        run: pnpm build

+      - name: Build Control UI
+        run: pnpm ui:build
+
+      - name: Validate release tag and package metadata
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
+          RELEASE_MAIN_REF: origin/main
+        run: |
+          set -euo pipefail
+          RELEASE_SHA=$(git rev-parse HEAD)
+          export RELEASE_SHA RELEASE_TAG RELEASE_MAIN_REF
+          # Fetch the full main ref so merge-base ancestry checks keep working
+          # for older tagged commits that are still contained in main.
+          git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
+          pnpm release:openclaw:npm:check
+
      - name: Verify release contents
        run: pnpm release:check

@@ -142,6 +145,24 @@ jobs:
          install-bun: "false"
          use-sticky-disk: "false"

+      - name: Ensure version is not already published
+        run: |
+          set -euo pipefail
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+
+          if npm view "openclaw@${PACKAGE_VERSION}" version >/dev/null 2>&1; then
+            echo "openclaw@${PACKAGE_VERSION} is already published on npm."
+            exit 1
+          fi
+
+          echo "Publishing openclaw@${PACKAGE_VERSION}"
+
+      - name: Build
+        run: pnpm build
+
+      - name: Build Control UI
+        run: pnpm ui:build
+
      - name: Validate release tag and package metadata
        env:
          RELEASE_TAG: ${{ inputs.tag }}
@@ -155,17 +176,5 @@ jobs:
          git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
          pnpm release:openclaw:npm:check

-      - name: Ensure version is not already published
-        run: |
-          set -euo pipefail
-          PACKAGE_VERSION=$(node -p "require('./package.json').version")
-
-          if npm view "openclaw@${PACKAGE_VERSION}" version >/dev/null 2>&1; then
-            echo "openclaw@${PACKAGE_VERSION} is already published on npm."
-            exit 1
-          fi
-
-          echo "Publishing openclaw@${PACKAGE_VERSION}"
-
      - name: Publish
        run: bash scripts/openclaw-npm-publish.sh --publish