Skip to content

Add DevBuild identity CI marker check#936

Merged
shanselman merged 1 commit into
mainfrom
add-devbuild-ci-marker
Jul 7, 2026
Merged

Add DevBuild identity CI marker check#936
shanselman merged 1 commit into
mainfrom
add-devbuild-ci-marker

Conversation

@shanselman

Copy link
Copy Markdown
Contributor

Summary

  • Adds a CI guard that explicitly builds the WinUI tray app with -p:DevBuild=true.
  • Verifies the generated app-identity.txt marker contains dev, so dev identity remains opt-in and covered.

Closes #934.

Validation

  • .\build.ps1 — passed.
  • dotnet test .\tests\OpenClaw.Shared.Tests\OpenClaw.Shared.Tests.csproj --no-restore — 2703 passed / 31 skipped.
  • dotnet test .\tests\OpenClaw.Tray.Tests\OpenClaw.Tray.Tests.csproj --no-restore — 1584 passed.
  • dotnet build .\src\OpenClaw.Tray.WinUI -c Debug -r win-x64 -p:DevBuild=true --no-restore plus marker assertion — app-identity.txt: dev.
  • git --no-pager diff --check — passed.

Real behavior proof

The new CI command was run locally and verified the DevBuild output marker at src\OpenClaw.Tray.WinUI\bin\Debug\net10.0-windows10.0.22621.0\win-x64\app-identity.txt contains dev.

Notes

This does not change product behavior. It only adds CI coverage for the already-explicit DevBuild identity path.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
@clawsweeper

clawsweeper Bot commented Jul 7, 2026

Copy link
Copy Markdown

Codex review: needs maintainer review before merge. Reviewed July 6, 2026, 11:41 PM ET / 03:41 UTC.

Summary
The PR adds a GitHub Actions step that builds the WinUI tray app with DevBuild=true and fails unless the generated app-identity.txt marker contains dev.

Reproducibility: yes. for the linked CI gap: source inspection shows current main writes the DevBuild marker but the workflow does not assert it. For this PR, the diff directly adds that missing assertion.

Review metrics: 1 noteworthy metric.

  • Workflow scope: 1 file changed, 19 lines added. The patch is limited to CI automation, so the completed Actions run should settle the added guard.

Root-cause cluster
Relationship: fixed_by_candidate
Canonical: #934
Summary: The linked issue requested the exact DevBuild identity marker CI guard, and this PR is its closing implementation candidate.

Members:

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Wait for the pending GitHub Actions test, e2e, and C# CodeQL checks to finish and confirm the new marker step passes in CI.

Risk before merge

  • [P1] At review time, the GitHub Actions test, e2e, and C# CodeQL checks were still pending, so maintainers should wait for completed CI and confirm the new marker step passes in the live workflow.

Maintainer options:

  1. Decide the mitigation before merge
    Land the narrow workflow guard after the current CI run proves the new DevBuild marker step passes in GitHub Actions.
  2. Pause or close
    Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

  • No repair lane is needed because the patch has no actionable review finding; normal maintainer review and completed CI should gate merge.

Security
Cleared: The workflow change adds only a local dotnet build and marker file assertion, with no new third-party action, permission, secret, download, or package source.

Review details

Best possible solution:

Land the narrow workflow guard after the current CI run proves the new DevBuild marker step passes in GitHub Actions.

Do we have a high-confidence way to reproduce the issue?

Yes for the linked CI gap: source inspection shows current main writes the DevBuild marker but the workflow does not assert it. For this PR, the diff directly adds that missing assertion.

Is this the best way to solve the issue?

Yes. This is the narrowest maintainable fix for the linked request: reuse the existing build marker contract and fail CI when the explicit DevBuild build does not produce dev.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against b3a2b4ee75e2.

Label changes

Label changes:

  • add P3: This is a low-risk CI confidence guard for an already implemented DevBuild identity path, not a user-facing regression.
  • add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes the exact local DevBuild build plus marker assertion result (app-identity.txt: dev), which is adequate real command proof for this CI guard.
  • add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
  • add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes the exact local DevBuild build plus marker assertion result (app-identity.txt: dev), which is adequate real command proof for this CI guard.

Label justifications:

  • P3: This is a low-risk CI confidence guard for an already implemented DevBuild identity path, not a user-facing regression.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes the exact local DevBuild build plus marker assertion result (app-identity.txt: dev), which is adequate real command proof for this CI guard.
  • proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes the exact local DevBuild build plus marker assertion result (app-identity.txt: dev), which is adequate real command proof for this CI guard.
Evidence reviewed

What I checked:

  • Repository policy read: AGENTS.md was read fully; its required validation and PR proof guidance was applied to this CI-only review. (AGENTS.md:1, b3a2b4ee75e2)
  • Current main workflow lacks the requested guard: Current main builds the WinUI tray app normally and then runs tests/accessibility validation, with no DevBuild marker assertion before uploading test results. (.github/workflows/ci.yml:132, b3a2b4ee75e2)
  • PR diff adds the requested workflow step: The PR adds Verify DevBuild identity marker, runs dotnet build src/OpenClaw.Tray.WinUI -c Debug -r win-x64 -p:DevBuild=true --no-restore, finds the win-x64 app-identity.txt, and throws unless it equals dev. (.github/workflows/ci.yml:306, 6433cfb1fac8)
  • Marker generation contract exists on main: The WinUI project maps DevBuild=true to AppIdentityMarker=dev and writes app-identity.txt after Build. (src/OpenClaw.Tray.WinUI/OpenClaw.Tray.WinUI.csproj:19, b3a2b4ee75e2)
  • Existing tests cover local scripts, not CI: Installer assertion tests check DevBuild script/project hooks and marker text, but they do not exercise the GitHub Actions workflow guard this PR adds. (tests/OpenClaw.Tray.Tests/InstallerIssAssertionTests.cs:156, b3a2b4ee75e2)
  • Linked issue is the canonical request: The linked issue asks for this exact DevBuild marker CI step, and GitHub reports this PR as its closing pull request.

Likely related people:

  • shanselman: Authored the recent DevBuild opt-in and stabilization commits that added the build marker path and related tests now being guarded by CI. (role: recent area contributor; confidence: high; commits: af9edc74bf04, b3a2b4ee75e2; files: src/OpenClaw.Tray.WinUI/OpenClaw.Tray.WinUI.csproj, tests/OpenClaw.Tray.Tests/InstallerIssAssertionTests.cs, src/OpenClaw.Shared/OpenClawAppIdentity.cs)
  • karkarl: Introduced the side-by-side dev/release identity marker work and authored the adjacent accessibility CI changes near this new workflow step. (role: feature introducer and adjacent CI contributor; confidence: high; commits: dae64b6c49e9, e0a2301ce2e8; files: src/OpenClaw.Tray.WinUI/OpenClaw.Tray.WinUI.csproj, scripts/build-inno-local.ps1, .github/workflows/ci.yml)
  • steipete: Merged the side-by-side identity and accessibility CI pull requests, and made adjacent installer assertion changes in the same DevBuild validation area. (role: merger and adjacent contributor; confidence: medium; commits: 38fd2cf15e71; files: tests/OpenClaw.Tray.Tests/InstallerIssAssertionTests.cs, .github/workflows/ci.yml, scripts/build-inno-local.ps1)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. P3 Low-risk cleanup, docs, polish, ergonomics, or speculative feature. labels Jul 7, 2026
@shanselman shanselman merged commit cb84026 into main Jul 7, 2026
21 checks passed
@shanselman shanselman deleted the add-devbuild-ci-marker branch July 7, 2026 03:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

P3 Low-risk cleanup, docs, polish, ergonomics, or speculative feature. proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add DevBuild identity marker check to CI

1 participant