From d22424f7d20db6e9dd5501bc015549aee68b07b8 Mon Sep 17 00:00:00 2001
From: Altay <altay@uinaf.dev>
Date: Fri, 8 May 2026 16:32:11 +0300
Subject: [PATCH] fix(ci): keep Docker patch smoke on pnpm workspace config

---
 .github/workflows/install-smoke.yml         | 22 ++++++++++++++++++---
 Dockerfile                                  |  1 +
 src/dockerfile.test.ts                      |  6 ++++++
 src/plugins/pi-package-graph.test.ts        |  2 +-
 test/scripts/test-install-sh-docker.test.ts |  3 +++
 5 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/install-smoke.yml b/.github/workflows/install-smoke.yml
index d048adbc724..9def90d0048 100644
--- a/.github/workflows/install-smoke.yml
+++ b/.github/workflows/install-smoke.yml
@@ -137,8 +137,9 @@ jobs:
             node -e "
               const fs = require(\"node:fs\");
               const path = require(\"node:path\");
-              const pkg = require(\"/app/package.json\");
-              for (const [dep, rel] of Object.entries(pkg.pnpm?.patchedDependencies ?? {})) {
+              const YAML = require(\"yaml\");
+              const workspace = YAML.parse(fs.readFileSync(\"/app/pnpm-workspace.yaml\", \"utf8\")) ?? {};
+              for (const [dep, rel] of Object.entries(workspace.patchedDependencies ?? {})) {
                 const absolute = path.join(\"/app\", rel);
                 if (!fs.existsSync(absolute)) {
                   throw new Error(`missing patch for ${dep}: ${rel}`);
@@ -321,7 +322,22 @@ jobs:
         env:
           IMAGE_REF: ${{ needs.root_dockerfile_image.outputs.image_ref }}
         run: |
-          docker run --rm --entrypoint sh "$IMAGE_REF" -lc 'which openclaw && openclaw --version'
+          docker run --rm --entrypoint sh "$IMAGE_REF" -lc '
+            which openclaw &&
+            openclaw --version &&
+            node -e "
+              const fs = require(\"node:fs\");
+              const path = require(\"node:path\");
+              const YAML = require(\"yaml\");
+              const workspace = YAML.parse(fs.readFileSync(\"/app/pnpm-workspace.yaml\", \"utf8\")) ?? {};
+              for (const [dep, rel] of Object.entries(workspace.patchedDependencies ?? {})) {
+                const absolute = path.join(\"/app\", rel);
+                if (!fs.existsSync(absolute)) {
+                  throw new Error(`missing patch for ${dep}: ${rel}`);
+                }
+              }
+            "
+          '
 
       - name: Run agents delete shared workspace Docker CLI smoke
         env:
diff --git a/Dockerfile b/Dockerfile
index a5fff0297d1..0cbab3c3f9b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -168,6 +168,7 @@ RUN chown node:node /app
 COPY --from=runtime-assets --chown=node:node /app/dist ./dist
 COPY --from=runtime-assets --chown=node:node /app/node_modules ./node_modules
 COPY --from=runtime-assets --chown=node:node /app/package.json .
+COPY --from=runtime-assets --chown=node:node /app/pnpm-workspace.yaml .
 COPY --from=runtime-assets --chown=node:node /app/patches ./patches
 COPY --from=runtime-assets --chown=node:node /app/openclaw.mjs .
 COPY --from=runtime-assets --chown=node:node /app/${OPENCLAW_BUNDLED_PLUGIN_DIR} ./${OPENCLAW_BUNDLED_PLUGIN_DIR}
diff --git a/src/dockerfile.test.ts b/src/dockerfile.test.ts
index 39d98efa6ec..d91702edb72 100644
--- a/src/dockerfile.test.ts
+++ b/src/dockerfile.test.ts
@@ -134,6 +134,9 @@ describe("Dockerfile", () => {
     expect(dockerfile).toContain(
       "COPY --from=runtime-assets --chown=node:node /app/node_modules ./node_modules",
     );
+    expect(dockerfile).toContain(
+      "COPY --from=runtime-assets --chown=node:node /app/pnpm-workspace.yaml .",
+    );
     expect(dockerfile).toContain(
       "COPY --from=runtime-assets --chown=node:node /app/patches ./patches",
     );
@@ -146,6 +149,9 @@ describe("Dockerfile", () => {
     };
 
     expect(Object.keys(pnpmWorkspace.patchedDependencies ?? {})).not.toHaveLength(0);
+    expect(dockerfile).toContain(
+      "COPY --from=runtime-assets --chown=node:node /app/pnpm-workspace.yaml .",
+    );
     expect(dockerfile).toContain(
       "COPY --from=runtime-assets --chown=node:node /app/patches ./patches",
     );
diff --git a/src/plugins/pi-package-graph.test.ts b/src/plugins/pi-package-graph.test.ts
index d2228ad2067..8bd9675de48 100644
--- a/src/plugins/pi-package-graph.test.ts
+++ b/src/plugins/pi-package-graph.test.ts
@@ -89,7 +89,7 @@ describe("pi package graph guardrails", () => {
 
     expectNoGraphViolations(
       piOverrides,
-      `pnpm.overrides must not target Pi packages. Found: ${piOverrides.join(", ") || "<none>"}. Pi-specific overrides can silently create an unsupported package graph.`,
+      `pnpm-workspace.yaml overrides must not target Pi packages. Found: ${piOverrides.join(", ") || "<none>"}. Pi-specific overrides can silently create an unsupported package graph.`,
     );
   });
 });
diff --git a/test/scripts/test-install-sh-docker.test.ts b/test/scripts/test-install-sh-docker.test.ts
index fdbc177447a..bf0589e7225 100644
--- a/test/scripts/test-install-sh-docker.test.ts
+++ b/test/scripts/test-install-sh-docker.test.ts
@@ -229,6 +229,9 @@ describe("bun global install smoke", () => {
     expect(workflow).not.toContain('timeout 300s docker pull "$IMAGE_REF"');
     expect(workflow).toContain("--progress=plain");
     expect(workflow).toContain("--load");
+    expect(workflow).toContain("pnpm-workspace.yaml");
+    expect(workflow).toContain("workspace.patchedDependencies");
+    expect(workflow).not.toContain("pkg.pnpm?.patchedDependencies");
     expect(workflow).not.toContain("--cache-from");
     expect(workflow).not.toContain("--cache-to");
     expect(workflow).not.toContain("type=gha");