molecule-ai/molecule-ai-workspace-template-openclaw
35
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: forward runtime_version + ARG RUNTIME_VERSION (cascade cache trap fix)

Browse Source 
Closes the cache trap structurally for this template — same fix
already shipped in claude-code + hermes. publish-image.yml caller
forwards client_payload.runtime_version (set by cascade) to the
molecule-ci reusable workflow as runtime_version input. Reusable
workflow forwards it to docker build as a --build-arg. Dockerfile
declares ARG RUNTIME_VERSION before the pip install layer so cache
key is sensitive to the version. The pip install RUN does an extra
targeted upgrade to guarantee the exact version when ARG is set.

Pairs with molecule-ci PR #12 + molecule-core PR #2181.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Hongming Wang 2026-04-27 07:48:02 -07:00
parent 510694b2a3
commit b058ef2689
2 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/publish-image.yml vendored
View File

@ -2,8 +2,7 @@ name: publish-image
# Builds this workspace template's Dockerfile and pushes it to GHCR as
# `ghcr.io/molecule-ai/workspace-template-<runtime>:latest` + `:sha-<7>`.
# The heavy lifting lives in the reusable workflow in molecule-ci —
# change it there if the publish pattern needs to evolve.
# The heavy lifting lives in the reusable workflow in molecule-ci.
on:
# Re-publish when a new molecule-ai-workspace-runtime is released to
@ -15,6 +14,11 @@ on:
push:
branches: [main]
workflow_dispatch:
inputs:
runtime_version:
description: "Optional explicit runtime version to bake in (forwarded as RUNTIME_VERSION build-arg)"
required: false
type: string
permissions:
contents: read
@ -24,3 +28,9 @@ jobs:
publish:
uses: Molecule-AI/molecule-ci/.github/workflows/publish-template-image.yml@main
secrets: inherit
with:
# Cascade fires with client_payload.runtime_version = the exact
# version PyPI just published. Forwarded as a docker --build-arg
# so the cache key changes per-version and pip install resolves
# freshly. Empty on push/PR — falls back to requirements.txt pin.
runtime_version: ${{ github.event.client_payload.runtime_version || inputs.runtime_version || '' }}

12
Dockerfile
View File

@ -10,8 +10,16 @@ RUN npm install -g openclaw 2>/dev/null || true
RUN useradd -u 1000 -m -s /bin/bash agent
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# RUNTIME_VERSION is forwarded from molecule-ci's reusable publish
# workflow as a docker build-arg. Cascade-triggered builds set it to
# the exact runtime version PyPI just published. Including it as an
# ARG changes the cache key for the pip install layer below — the
# fix for the cascade cache trap that bit us 5x on 2026-04-27.
ARG RUNTIME_VERSION=
 && \
if [ -n "${RUNTIME_VERSION}" ]; then \
pip install --no-cache-dir --upgrade "molecule-ai-workspace-runtime==${RUNTIME_VERSION}"; \
fi
COPY adapter.py .
COPY __init__.py .