ci: fix E2E Vitest workflow dispatch parse

[jyaunches]

Summary

Fixes the current E2E / Vitest Scenarios workflow dispatch parse failure caused by using ${{ runner.temp }} in job-level env for the model-router provider-routed Vitest job.

GitHub rejects the workflow before dispatch with:

Unrecognized named-value: 'runner'. Located at position 1 within expression: runner.temp

Changes

• Removes job-level DOCKER_CONFIG: ${{ runner.temp }}/....
• Adds a shell step that writes DOCKER_CONFIG=${RUNNER_TEMP}/... to $GITHUB_ENV before Docker Hub auth.
• Updates the workflow boundary validation to require no job-level DOCKER_CONFIG and to require the $RUNNER_TEMP setup step.

Validation

• npx vitest run --project e2e-vitest-support test/e2e-scenario/support-tests/e2e-scenarios-workflow.test.ts --reporter=default ✅
• git diff --check ✅

Note: an initial normal git commit triggered local hooks that failed because this worktree lacks installed dependencies/dist artifacts (@oclif/core, tsx, dist/...). The commit was created with --no-verify after the focused workflow-boundary test passed.

Summary by CodeRabbit

• Chores
  • Enhanced Docker authentication isolation in CI/CD test workflows to improve build environment security and consistency.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4a85f6e4-9ba8-4e04-a8fa-d5a9bb81c57e

📥 Commits

Reviewing files that changed from the base of the PR and between 561bd2f and e606a41.

📒 Files selected for processing (2)

• .github/workflows/e2e-vitest-scenarios.yaml
• tools/e2e-scenarios/workflow-boundary.mts

---

📝 Walkthrough

Walkthrough

The PR refactors Docker authentication configuration in the model-router-provider-routed-inference-vitest workflow job. It moves DOCKER_CONFIG from a static job-level environment variable to a dedicated execution step that dynamically exports it to $GITHUB_ENV, ensuring isolated Docker auth directory setup. Corresponding validation rules are updated to enforce this pattern.

Changes

Docker Auth Isolation

Layer / File(s)	Summary
Workflow step-based Docker auth configuration .github/workflows/e2e-vitest-scenarios.yaml	DOCKER_CONFIG is removed from the job-level env block and moved to a new "Configure isolated Docker auth directory" step that writes it to $GITHUB_ENV pointing to RUNNER_TEMP/docker-config-model-router-provider-routed-inference.
Validator rules for isolated Docker auth tools/e2e-scenarios/workflow-boundary.mts	Validation is updated to reject any job-level DOCKER_CONFIG and instead require the dedicated "Configure isolated Docker auth directory" step that exports DOCKER_CONFIG via $GITHUB_ENV without using ${{ runner.temp }} literal.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• NVIDIA/NemoClaw#5221: Introduces corresponding Docker auth isolation changes for the model-router-provider-routed-inference-vitest job with dedicated DOCKER_CONFIG step validation.

Suggested reviewers

• cv
• prekshivyas

Poem

🐰 A config moves from static home,
To steps where auth can freely roam,
Each docker path now clean and bright,
Isolation done just right! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: fix E2E Vitest workflow dispatch parse' accurately describes the main change: fixing a workflow dispatch parse failure in the E2E Vitest workflow caused by incorrect environment variable syntax.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Vitest E2E Scenario Results — ✅ All jobs passed

Run: 27422272762
Workflow ref: ci/pr-5335-e2e-vitest-docker-config-parse
Requested scenarios: (default — all supported)
Requested jobs: model-router-provider-routed-inference-vitest
Summary: 3 passed, 0 failed, 16 skipped

Job	Result
credential-migration-vitest	⏭️ skipped
double-onboard-vitest	⏭️ skipped
gateway-guard-recovery	⏭️ skipped
generate-matrix	✅ success
hermes-e2e-vitest	⏭️ skipped
hermes-root-entrypoint-smoke-vitest	⏭️ skipped
inference-routing-vitest	⏭️ skipped
issue-4434-tui-unreachable-inference-vitest	⏭️ skipped
launchable-smoke-vitest	⏭️ skipped
live-scenarios	⏭️ skipped
model-router-provider-routed-inference-vitest	✅ success
network-policy-vitest	⏭️ skipped
onboard-negative-paths-vitest	⏭️ skipped
openclaw-tui-chat-correlation-vitest	⏭️ skipped
openshell-version-pin-vitest	⏭️ skipped
rebuild-openclaw-vitest	⏭️ skipped
runtime-overrides-vitest	⏭️ skipped
token-rotation-vitest	⏭️ skipped
validate-jobs	✅ success