228 lines
8.5 KiB
YAML
228 lines
8.5 KiB
YAML
name: Deploy
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "[0-9]+.[0-9]+.[0-9]+"
|
|
- "v[0-9]+.[0-9]+.[0-9]+"
|
|
release:
|
|
types:
|
|
- published
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: "Plugin version to install (e.g. 2026.6.1). Leave blank to use the release tag."
|
|
required: false
|
|
default: ""
|
|
force:
|
|
description: "Reinstall even if the same version is already installed."
|
|
required: false
|
|
default: "false"
|
|
type: choice
|
|
options:
|
|
- "false"
|
|
- "true"
|
|
|
|
concurrency:
|
|
group: openclaw-deploy
|
|
cancel-in-progress: false
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
install-on-host:
|
|
name: Update plugin on ubuntu@openclaw.svc.plus
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
SSH_HOST: ubuntu@openclaw.svc.plus
|
|
PLUGIN_NAME: openclaw-multi-session-plugins
|
|
steps:
|
|
- name: Resolve target version
|
|
id: version
|
|
run: |
|
|
set -euo pipefail
|
|
if [ -n "${{ inputs.version }}" ]; then
|
|
value="${{ inputs.version }}"
|
|
else
|
|
ref="${GITHUB_REF_NAME:-}"
|
|
value="${ref}"
|
|
fi
|
|
value="${value##*/}"
|
|
value="${value#v}"
|
|
if ! [[ "${value}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
|
echo "::error::Resolved value '${value}' is not a valid X.Y.Z version"
|
|
exit 1
|
|
fi
|
|
if [ -z "${value}" ]; then
|
|
echo "::error::Could not resolve plugin version from inputs or GITHUB_REF_NAME"
|
|
exit 1
|
|
fi
|
|
echo "value=${value}" >> "$GITHUB_OUTPUT"
|
|
echo "Resolved plugin version: ${value}"
|
|
|
|
- name: Resolve install source
|
|
id: install
|
|
env:
|
|
VERSION: ${{ steps.version.outputs.value }}
|
|
run: |
|
|
set -euo pipefail
|
|
PACKAGE="${PLUGIN_NAME}@${VERSION}"
|
|
ref="${GITHUB_REF_NAME:-release/v${VERSION}}"
|
|
github_spec="git+${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git#${ref}"
|
|
if npm pack "${github_spec}" --dry-run >/dev/null 2>&1; then
|
|
echo "::notice::Installing ${PACKAGE} from ${github_spec}"
|
|
echo "source=github" >> "$GITHUB_OUTPUT"
|
|
echo "install_spec=${github_spec}" >> "$GITHUB_OUTPUT"
|
|
elif npm view "${PACKAGE}" version >/dev/null 2>&1; then
|
|
PUBLISHED="$(npm view "${PACKAGE}" version)"
|
|
echo "::warning::Could not package ${github_spec}; falling back to npm ${PLUGIN_NAME}@${PUBLISHED}"
|
|
echo "source=npm" >> "$GITHUB_OUTPUT"
|
|
echo "install_spec=${PACKAGE}" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "::error::Could not package ${github_spec}, and ${PACKAGE} is not published to npm."
|
|
exit 1
|
|
fi
|
|
|
|
- name: Configure SSH key
|
|
env:
|
|
SSH_PRIVATE_KEY: ${{ secrets.SINGLE_NODE_VPS_SSH_PRIVATE_KEY }}
|
|
run: |
|
|
set -euo pipefail
|
|
if [ -z "${SSH_PRIVATE_KEY}" ]; then
|
|
echo "::error::Secret SINGLE_NODE_VPS_SSH_PRIVATE_KEY is not set."
|
|
exit 1
|
|
fi
|
|
install -m 700 -d ~/.ssh
|
|
printf '%s\n' "${SSH_PRIVATE_KEY}" \
|
|
| perl -pe 's/\\n/\n/g; s/\r$//' \
|
|
> ~/.ssh/openclaw_ed25519
|
|
chmod 600 ~/.ssh/openclaw_ed25519
|
|
ssh-keygen -y -f ~/.ssh/openclaw_ed25519 >/dev/null
|
|
ssh-keyscan -H openclaw.svc.plus >> ~/.ssh/known_hosts 2>/dev/null || true
|
|
|
|
- name: Verify SSH connectivity
|
|
run: |
|
|
ssh -i ~/.ssh/openclaw_ed25519 -o BatchMode=yes -o ConnectTimeout=10 \
|
|
"${SSH_HOST}" 'echo "connected to $(hostname) as $(whoami)"'
|
|
|
|
- name: Install or update plugin on remote host
|
|
env:
|
|
VERSION: ${{ steps.version.outputs.value }}
|
|
INSTALL_SPEC: ${{ steps.install.outputs.install_spec }}
|
|
INSTALL_SOURCE: ${{ steps.install.outputs.source }}
|
|
FORCE: ${{ inputs.force || 'false' }}
|
|
run: |
|
|
ssh -i ~/.ssh/openclaw_ed25519 -o BatchMode=yes -o ServerAliveInterval=30 \
|
|
"${SSH_HOST}" bash -s -- "${PLUGIN_NAME}" "${VERSION}" "${INSTALL_SPEC}" "${INSTALL_SOURCE}" "${FORCE}" <<'REMOTE'
|
|
set -euo pipefail
|
|
PLUGIN_NAME="$1"
|
|
VERSION="$2"
|
|
INSTALL_SPEC="$3"
|
|
INSTALL_SOURCE="$4"
|
|
FORCE="$5"
|
|
PACKAGE="${PLUGIN_NAME}@${VERSION}"
|
|
STATE_DIR="/tmp/openclaw-deploy"
|
|
mkdir -p "${STATE_DIR}"
|
|
|
|
echo "==> Installing ${PACKAGE} from ${INSTALL_SOURCE} on $(hostname) (force=${FORCE})"
|
|
echo "==> Install spec: ${INSTALL_SPEC}"
|
|
|
|
get_installed_version() {
|
|
node -e '
|
|
const { execSync } = require("node:child_process");
|
|
const { join } = require("node:path");
|
|
const { existsSync, readFileSync } = require("node:fs");
|
|
const name = process.argv[1];
|
|
const root = execSync("npm root -g", { encoding: "utf8" }).trim();
|
|
const manifest = join(root, name, "package.json");
|
|
if (existsSync(manifest)) {
|
|
process.stdout.write(JSON.parse(readFileSync(manifest, "utf8")).version || "");
|
|
}
|
|
' "${PLUGIN_NAME}" 2>/dev/null || true
|
|
}
|
|
|
|
# Record the previously installed version for rollback.
|
|
PREVIOUS_VERSION="$(get_installed_version)"
|
|
echo "==> Previously installed version: ${PREVIOUS_VERSION:-<none>}"
|
|
|
|
# Skip when the requested version is already present unless forced.
|
|
if [ "${FORCE}" != "true" ] && [ "${PREVIOUS_VERSION}" = "${VERSION}" ]; then
|
|
echo "==> ${PACKAGE} already installed and force=false; nothing to do"
|
|
exit 0
|
|
fi
|
|
|
|
printf '%s\n' "${PREVIOUS_VERSION}" > "${STATE_DIR}/previous-version"
|
|
|
|
rollback() {
|
|
local rc=$?
|
|
echo "::remote-error::Install failed (exit ${rc}); attempting rollback"
|
|
local prev
|
|
prev="$(cat "${STATE_DIR}/previous-version" 2>/dev/null || true)"
|
|
if [ -n "${prev}" ] && [ "${prev}" != "${VERSION}" ]; then
|
|
echo "::remote-warning::Reinstalling ${PLUGIN_NAME}@${prev}"
|
|
npm install -g "${PLUGIN_NAME}@${prev}" || true
|
|
if command -v openclaw >/dev/null 2>&1; then
|
|
openclaw plugins enable "${PLUGIN_NAME}" || true
|
|
fi
|
|
else
|
|
echo "::remote-warning::No previous version recorded; leaving host as-is"
|
|
fi
|
|
exit "${rc}"
|
|
}
|
|
trap rollback ERR
|
|
|
|
install_plugin() {
|
|
if [ "${INSTALL_SOURCE}" = "github" ]; then
|
|
global_root="$(npm root -g)"
|
|
global_target="${global_root}/${PLUGIN_NAME}"
|
|
if [ -e "${global_target}" ] && [ ! -d "${global_target}" ]; then
|
|
echo "::remote-warning::Removing invalid global package path ${global_target}"
|
|
rm -f "${global_target}"
|
|
fi
|
|
npm install -g "${INSTALL_SPEC}"
|
|
elif command -v openclaw >/dev/null 2>&1; then
|
|
openclaw plugins install "${INSTALL_SPEC}" \
|
|
|| openclaw plugins update "${INSTALL_SPEC}" \
|
|
|| npm install -g "${INSTALL_SPEC}"
|
|
else
|
|
npm install -g "${INSTALL_SPEC}"
|
|
fi
|
|
}
|
|
|
|
install_plugin
|
|
|
|
if command -v openclaw >/dev/null 2>&1; then
|
|
openclaw plugins enable "${PLUGIN_NAME}" || true
|
|
fi
|
|
|
|
# Verify the installed version matches the requested version.
|
|
INSTALLED="$(get_installed_version)"
|
|
if [ "${INSTALLED}" != "${VERSION}" ]; then
|
|
echo "::remote-error::Verification failed: expected ${VERSION}, found ${INSTALLED:-<none>}"
|
|
exit 1
|
|
fi
|
|
|
|
trap - ERR
|
|
rm -f "${STATE_DIR}/previous-version"
|
|
|
|
echo "==> Installed plugin state:"
|
|
if command -v openclaw >/dev/null 2>&1; then
|
|
openclaw plugins info "${PLUGIN_NAME}" || true
|
|
fi
|
|
npm ls -g "${PLUGIN_NAME}" || true
|
|
echo "==> ${PACKAGE} is now active on $(hostname)"
|
|
REMOTE
|
|
|
|
- name: Summarize deploy
|
|
if: always()
|
|
env:
|
|
VERSION: ${{ steps.version.outputs.value }}
|
|
run: |
|
|
if [ "${{ job.status }}" = "success" ]; then
|
|
echo "::notice::openclaw-multi-session-plugins@${VERSION} deployed to ubuntu@openclaw.svc.plus"
|
|
else
|
|
echo "::error::Deploy to ubuntu@openclaw.svc.plus failed for openclaw-multi-session-plugins@${VERSION}"
|
|
exit 1
|
|
fi
|