When incorporating OpenClaw into CI, the core is "who triggers it, where it runs, and how to authenticate it." The GitHub Actions native macOS Runner can be used in combination with the MacCloud self-hosted Runner.
1. Trigger strategy
Use for long tasksworkflow_dispatchor timing; use path filtering on PRs to reduce invalid runs. Avoid mounting the full OpenClaw pipeline on every push to reduce minutes consumption.
2. Keys and Tokens
Protect production keys with GitHub Environments + Required reviewers. When you need to access the MacCloud API or work order interface, use short-term tokens and rotate them instead of hard-coding them in the warehouse files.
3. Self-hosted Runner (MacCloud)
After registering the Runner on the dedicated Mac, tag the OpenClaw related Job (such asruns-on: [self-hosted, macOS, openclaw]), isolated from the common build job queue.
4. Caching and artifacts
Large dependencies use Actions Cache or internal artifact libraries; logs and reports are uploaded as artifacts to facilitate alignment with OpenClaw-side audit records.
