2026 OpenClaw on Rented Mac Mini: GitHub API workflow_dispatch Night Batch Chains, Checkpoints & Backoff Alerts

Read time: 8 mins

Teams that rent a Mac Mini for seven by twenty four OpenClaw work still need a sober control plane for night batches without installing yet another privileged daemon on the same host.

This article centers on the GitHub REST endpoint that fires workflow_dispatch by workflow file name so inputs, concurrency, and immutable run URLs live in GitHub while launchd or cron on the rental box owns the quiet-hours clock and backoff loop.

Unlike GitLab schedules, this path keeps the wake timer on the Mini. See launchd backoff and the 7×24 scheduling matrix.

  1. Over-scoped tokens. Personal tokens that inherit admin or broad workflow rights turn every script on the Mini into a lateral movement hazard.
  2. Double fire. A reboot replaying launchd while someone manually dispatches the same batch_id duplicates side effects against downstream APIs.
  3. Noisy alerts. Treating every HTTP 429 from GitHub like an outage burns the on-call channel before real OpenClaw regressions appear.

Dispatch versus schedule decision matrix

Pick one clock. Mixing GitHub schedule with Mac dispatch overlaps quiet windows on APFS.

Pattern Best when Minimal credential
workflow_dispatch from the Mini Local quiet hours plus GitHub audit logs Fine-grained PAT, actions write, one repo
on schedule in Actions YAML GitHub owns the clock; Mini pulls artifacts Same token plus contents read
repository_dispatch External buses emit custom events Tight contents and metadata scopes

Minimal token permissions

Start with a fine-grained PAT limited to the repository that stores the workflow. Grant Metadata read, optional Contents read if jobs must checkout private docs, and Actions write so the REST client can call workflow_dispatch.

Skip Administration or Workflow unless YAML is automated. Prefer a GitHub App installation token for rotation.

  • Store the secret in login keychain or a root-only env file sourced by launchd.
  • Rotate on a calendar; align rollbacks with gateway upgrade checkpoints.

Cron and launchd triggers

Use launchd StartCalendarInterval between 01:00 and 05:00 local so OpenClaw bursts avoid SSH peaks (Help Center).

Wrap curl with pinned TLS, read the bearer token from stdin, parse status, then backoff on 429 or 503 up to three tries before the failure path.

Set ThrottleInterval plus stdout and stderr under ~/Library/Logs/OpenClaw/ for seven by twenty four diffs without opening GitHub first.

Idempotent checkpoints

Pass structured inputs such as batch_id, segment, and force_rerun in the JSON body so Actions jobs can branch deterministically.

Add concurrency: group openclaw-night with cancel-in-progress: false so overlapping dispatches queue safely.

Persist last batch_id and run_id under /var/db/openclaw/dispatch.ckpt. Skip repeats within thirty minutes unless force_rerun is true. 

curl -sS -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer ${GITHUB_DISPATCH_TOKEN}" \
  https://api.github.com/repos/OWNER/REPO/actions/workflows/night-openclaw.yml/dispatches \
  -d '{"ref":"main","inputs":{"batch_id":"'"$(date +%Y%m%d)"'","segment":"02","force_rerun":"false"}}'

Failure webhook with backoff

After backoff fails, POST JSON to Slack or a collector like daemon health webhooks.

Sign with HMAC SHA-256 using a second secret. Include repo, workflow file, HTTP status, response snippet under five hundred twelve bytes, and batch_id.

Page only after two consecutive nightly failures or repeated 401, not the first 429 burst.

Minimal reproducible chain

  1. Create the workflow YAML with workflow_dispatch inputs and concurrency block, merge to main.
  2. Generate the fine-grained token, validate it with a manual dry dispatch from a secure workstation.
  3. Install the launchd plist referencing a wrapper script that reads the token, calls dispatch, handles backoff, and updates the checkpoint file.
  4. Log UTC time, HTTP code, and run URL when headers expose it.
  5. Wire the failure webhook after the third hard error; test with a bad token in staging.
  6. Observe one full night on the rented Mini before enabling production plist.
  7. Rollback is disable plist plus revoke token in one ticket.

Citeable parameters:

  • Three exponential backoff attempts with jittered sleep between four and sixty seconds before failure webhook.
  • Thirty minute local cooldown for duplicate batch_id unless force_rerun is true.
  • Two consecutive nightly failures required before paging on-call for GitHub transport issues.
  • Quiet window anchor 01:00 to 05:00 host local for seven by twenty four OpenClaw chains on RunMini nodes.

FAQ

Dispatch returns two hundred four but nothing queues
Confirm the workflow file name matches the path segment, the default branch contains the YAML, and the token still has actions write. Empty bodies still return two hundred four when GitHub accepts the request.
How does this coexist with seven by twenty four OpenClaw daemons
Actions orchestrate cadence; daemons follow heartbeat recovery on the Mini.

Closing. Stable Apple Silicon for overnight automation starts at Pricing, continues with Purchase using login-free checkout, and stays observable through Help Center SSH tips.

Rent a Mac Mini for OpenClaw plus GitHub dispatch

Run seven by twenty four batches with spare CPU and NVMe headroom. Open Home, compare Plans, then Rent nowno login required at checkout. Browse the Blog for more OpenClaw ops guides.

View Plans Rent Now Help Center

Bookmark Blog and Purchase before you widen dispatch permissions on the shared Mini.

Rent Mac Mini for OpenClaw night batch