mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-20 17:46:52 +00:00
cf194419c3
* ci(proof): trust maintainer label for private org members Private organization memberships report author_association=CONTRIBUTOR on PRs, so the real-behavior-proof gate currently demands proof from maintainers whose membership is private. The labeler workflow already applies the 'maintainer' label via the team-membership API (which sees private members), so treat that label as an equivalent privileged signal in evaluateRealBehaviorProof. * ci(proof): drop noisy comments * ci(proof): check maintainer team membership via GitHub App token Replace the label-based private-maintainer skip with a direct getMembershipForUserInOrg call using a minted GitHub App token, mirroring the pattern labeler.yml already uses for the same lookup. Removes the race against the labeler workflow and the implicit dependency on the 'maintainer' label having landed first. The App-token steps are continue-on-error so the gate still runs (using the existing author_association path) when the App key secrets are absent or both mints fail. * ci(proof): narrow App token to members:read ClawSweeper review #83418: actions/create-github-app-token defaults to the full installation permission set, but the proof gate only needs the org-members read scope used by teams.getMembershipForUserInOrg. Set permission-members: read on both the primary and fallback mint steps. * docs(changelog): private maintainers skip the real-behavior-proof gate |
||
|---|---|---|
| .. | ||
| barnacle-auto-response.mjs | ||
| real-behavior-proof-check.mjs | ||
| real-behavior-proof-policy.mjs | ||
| resolve-openclaw-ref.sh | ||
| run-openclaw-cross-os-release-checks.sh | ||