Skip to main content
Full Release Validation is the release product-validation umbrella. Most work happens in child workflows so a failed box can be rerun without restarting the whole release. Freeze the product-complete pre-changelog commit as the Code SHA, then run:
provider also accepts anthropic or minimax for cross-OS onboarding and the end-to-end agent turn. The helper infers the beta profile from alpha/beta package versions and stable otherwise. Pass alternate workflow inputs with -f key=value; use -f release_profile=full only for the broad advisory sweep. The helper creates a temporary release-ci/* ref pinned to one trusted origin/main workflow SHA, passes the target SHA only as the candidate ref, and deletes the temporary ref after validation. Every dispatched child must report that same workflow SHA. Pass -f reuse_evidence=false to force a fresh run or --workflow-sha <trusted-main-sha> to select an older workflow commit still reachable from current origin/main. The workflow never creates or updates repository refs itself. When the Code SHA is green, generate and commit only CHANGELOG.md. This new commit is the Release SHA. Run the same helper for the Release SHA. Product evidence is reused only when GitHub proves the Release SHA descends from the Code SHA and the complete changed path set is exactly CHANGELOG.md; npm preflight and package/install acceptance still run on the Release SHA. release_profile=stable and release_profile=full always run the exhaustive live/Docker soak. Pass run_release_soak=true to include the same soak lanes with the beta profile. Stable publication rejects a validation manifest without this soak and blocking product-performance evidence. Package Acceptance normally builds the candidate tarball from the resolved ref, including full-SHA runs dispatched with pnpm ci:full-release. After a beta publish, pass release_package_spec=openclaw@YYYY.M.PATCH-beta.N to reuse the shipped npm package across release checks, Package Acceptance, cross-OS, release-path Docker, and package Telegram. Use package_acceptance_package_spec only when Package Acceptance should intentionally prove a different package. The Codex plugin live package lane follows the same state: published release_package_spec values derive codex_plugin_spec=npm:@openclaw/codex@<version>; SHA/artifact runs pack extensions/codex from the selected ref; and operators can set codex_plugin_spec directly for npm:, npm-pack:, or git: plugin sources. The lane grants the explicit Codex CLI install approval required by that plugin, then runs Codex CLI preflight and same-session OpenAI agent turns.

Top-level stages

For rerun_group=all, a Check for reusable validation evidence job runs first. It looks for the newest prior green full validation with the same release profile, effective soak setting, and validation inputs. Exact-target reruns use exact-target-full-validation-v1. A descendant whose complete delta is exactly CHANGELOG.md uses changelog-only-release-v1; every product lane is skipped and the verifier independently rechecks the GitHub commit comparison, immutable parent artifact, child runs, and dispatch logs. Any other target change requires a fresh Code SHA validation. Pass reuse_evidence=false to force a fresh full run. Evidence reuse runs only from main or a canonical SHA-pinned release-ci/* ref whose workflow commit remains on trusted main lineage; other workflow refs run the selected lanes fresh. Also for rerun_group=all, a Verify Docker runtime image assets job builds the runtime-assets Docker target with OPENCLAW_EXTENSIONS=diagnostics-otel,codex. It runs in parallel with the other stages and is enforced by the umbrella verifier; lanes no longer wait for it before dispatching. A narrower rerun_group skips this preflight. The umbrella always dispatches product performance in artifact-only mode. OpenClaw Performance permits report publication only for scheduled runs or a manual dispatch that explicitly sets publish_reports=true. The artifact-only guard must complete successfully, proving the publisher job stayed skipped. Fresh and reused evidence records controls.performanceReportPublication=artifact-only; the verifier and reuse selector reject evidence without the matching normalized performance-child proof. The verifier uploads the canonical manifest as full-release-validation-<run-id>-<run-attempt>. Evidence tooling validates its artifact ID, digest, producer run, and attempt before downloading that exact artifact ID. It caps the downloaded ZIP, verifies its bytes against the REST sha256: digest, and streams the only allowed bounded manifest entry without extracting the archive. A stable-name alias remains temporarily for older publish consumers. The verifier always prefers the attempt-qualified artifact; as a transition, it accepts the stable name only for an attempt-1 manifest v2 producer. It rejects that legacy name for later attempts and manifest v3. For ref=main with rerun_group=all, for release/* refs, and for Tideclaw alpha refs, a newer umbrella run supersedes an older one with the same ref and rerun group. When the parent is cancelled, its monitor cancels any child workflow it already dispatched. Tag and pinned-SHA validation runs do not cancel each other.

Release checks stages

OpenClaw Release Checks is the largest child workflow. It resolves the target once and prepares a shared release-package-under-test artifact when package or Docker-facing stages need it.

Docker release-path chunks

The Docker release-path stage runs these chunks when live_suite_filter is empty: Use targeted docker_lanes=<lane[,lane]> on the reusable live/E2E workflow when only one Docker lane failed. The release artifacts include per-lane rerun commands with package artifact and image reuse inputs when available.

Release profiles

release_profile mostly controls live/provider breadth inside release checks. It does not remove normal full CI, Plugin Prerelease, install smoke, package acceptance, or QA Lab. Stable and full profiles always run exhaustive repo/live E2E and Docker release-path soak coverage. The beta profile can opt in with run_release_soak=true. Package Acceptance supplies the canonical package Telegram E2E for every full candidate, so the umbrella does not duplicate that live poller.

Full-only additions

These suites are skipped by stable and included by full: stable includes native-live-src-gateway-profiles-anthropic-smoke and native-live-src-gateway-profiles-opencode-go-smoke; full uses the broader Anthropic and OpenCode Go model shards instead. Focused reruns can still use the aggregate native-live-src-gateway-profiles-anthropic or native-live-src-gateway-profiles-opencode-go handles.

Focused reruns

Use rerun_group to avoid repeating unrelated release boxes: Use live_suite_filter with rerun_group=live-e2e when one live suite failed. Valid filter ids are defined in the reusable live/E2E workflow, including docker-live-models, live-gateway-docker, live-gateway-anthropic-docker, live-gateway-google-docker, live-gateway-minimax-docker, live-gateway-advisory-docker, live-cli-backend-docker, live-acp-bind-docker, and live-codex-harness-docker. The live-gateway-advisory-docker handle is an aggregate rerun handle for its three provider shards, so it still fans out to all advisory Docker gateway jobs. Use cross_os_suite_filter with rerun_group=cross-os when one cross-OS lane failed. The filter accepts an OS id, a suite id, or an OS/suite pair, for example windows/packaged-upgrade, windows, or packaged-fresh. Cross-OS summaries include per-phase timings for packaged upgrade lanes, and long-running commands print heartbeat lines so a stuck update is visible before the job timeout. QA release-check failures block normal release validation. The QA runtime tool coverage check (dynamic tool drift between openclaw and codex in the standard tier) also blocks the release-check verifier even though the underlying QA runtime parity lane is advisory. Tideclaw alpha runs may still treat non-package-safety release-check lanes as advisory. With release_profile=beta, the Run repo/live E2E validation live-provider suites are advisory: third-party model deployments change underneath a release, so beta surfaces their failures as warnings while stable and full profiles keep them blocking. When live_suite_filter explicitly requests a gated QA live lane such as Discord, WhatsApp, or Slack, the matching OPENCLAW_RELEASE_QA_*_LIVE_CI_ENABLED repo variable must be enabled; otherwise input capture fails instead of silently skipping the lane. Rerun rerun_group=qa, qa-parity, or qa-live when you need fresh QA evidence.

Evidence to keep

Keep the Full Release Validation summary as the release-level index. It links child run ids and includes slowest-job tables. For failures, inspect the child workflow first, then rerun the smallest matching handle above. Record both Code SHA and Release SHA, the reuse policy and changed-path set, the green Code SHA parent run, and the lightweight Release SHA parent run. Useful artifacts:
  • release-package-under-test from OpenClaw Release Checks
  • Docker release-path artifacts under .artifacts/docker-tests/
  • Package Acceptance package-under-test and Docker acceptance artifacts
  • Cross-OS release-check artifacts for each OS and suite
  • QA parity, runtime parity, Matrix, and Telegram artifacts

Workflow files

  • .github/workflows/full-release-validation.yml
  • .github/workflows/openclaw-release-checks.yml
  • .github/workflows/openclaw-live-and-e2e-checks-reusable.yml
  • .github/workflows/plugin-prerelease.yml
  • .github/workflows/install-smoke.yml
  • .github/workflows/install-smoke-reusable.yml
  • .github/workflows/openclaw-cross-os-release-checks-reusable.yml
  • .github/workflows/package-acceptance.yml
  • .github/workflows/openclaw-performance.yml
  • .github/workflows/npm-telegram-beta-e2e.yml