diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml index 28ba5f11..5a1918f8 100644 --- a/.gitea/workflows/cd.yaml +++ b/.gitea/workflows/cd.yaml @@ -142,6 +142,8 @@ jobs: # 2026-04-01 Claude Code: Langfuse LLMOps keys (Phase 15.1 補齊 CD 注入) LANGFUSE_PUBLIC_KEY: ${{ secrets.LANGFUSE_PUBLIC_KEY }} LANGFUSE_SECRET_KEY: ${{ secrets.LANGFUSE_SECRET_KEY }} + # 2026-04-02 Claude Code: Telegram 白名單 (授權簽核用) + TG_USER_WHITELIST: ${{ secrets.OPENCLAW_TG_USER_WHITELIST }} run: | mkdir -p ~/.ssh echo "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key @@ -186,6 +188,13 @@ jobs: echo "⚠️ LANGFUSE_PUBLIC_KEY/SECRET_KEY 未設定,跳過 (現有 K8s secret 值維持不變)" fi + # 2026-04-02 Claude Code: Telegram Whitelist (授權簽核用戶 ID) + if [ -n "${TG_USER_WHITELIST}" ]; then + sudo kubectl patch secret awoooi-secrets -n awoooi-prod --type='json' -p='[ + {"op":"add","path":"/data/OPENCLAW_TG_USER_WHITELIST","value":"'$(echo -n "${TG_USER_WHITELIST}" | base64 -w 0)'"} + ]' && echo "✅ TG_USER_WHITELIST 已注入" || echo "⚠️ TG_USER_WHITELIST patch 失敗" + fi + echo "✅ 所有 Secrets 注入完成" SECRETS diff --git a/apps/api/src/db/base.py b/apps/api/src/db/base.py index 4fe5b810..5ada0444 100644 --- a/apps/api/src/db/base.py +++ b/apps/api/src/db/base.py @@ -16,6 +16,7 @@ Features: from collections.abc import AsyncGenerator from contextlib import asynccontextmanager +from sqlalchemy import text from sqlalchemy.ext.asyncio import ( AsyncEngine, AsyncSession, @@ -145,6 +146,24 @@ async def init_db() -> None: async with engine.begin() as conn: await conn.run_sync(Base.metadata.create_all) + # 2026-04-02 Claude Code: 確保 risklevel enum 包含 'high' 值 + # Phase 23 新增,避免舊 DB 缺少此值導致 InvalidTextRepresentation + await conn.execute( + text(""" + DO $$ + BEGIN + IF NOT EXISTS ( + SELECT 1 FROM pg_enum + WHERE enumtypid = 'risklevel'::regtype + AND enumlabel = 'high' + ) THEN + ALTER TYPE risklevel ADD VALUE 'high'; + END IF; + END + $$; + """) + ) + async def close_db() -> None: """