From 712d3e5a7740a33095e090807606d0b904ffcb77 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Thu, 30 Apr 2026 15:05:16 +0800
Subject: [PATCH] fix(ci): send workflow alerts to SRE group

---
 .gitea/workflows/cd-dev.yaml        |  7 ++++---
 .gitea/workflows/cd.yaml            | 11 ++++++-----
 .gitea/workflows/code-review.yaml   |  5 +++--
 .gitea/workflows/deploy-alerts.yaml |  5 ++++-
 .gitea/workflows/e2e-health.yaml    |  4 ++--
 docs/LOGBOOK.md                     |  1 +
 6 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/.gitea/workflows/cd-dev.yaml b/.gitea/workflows/cd-dev.yaml
index 4e1e23a2..ce1761b5 100644
--- a/.gitea/workflows/cd-dev.yaml
+++ b/.gitea/workflows/cd-dev.yaml
@@ -19,6 +19,7 @@ concurrency:
 env:
   HARBOR: 192.168.0.110:5000
   HARBOR_MIRROR: 192.168.0.110:5001
+  TELEGRAM_ALERT_CHAT_ID: "-1003711974679"
   OTEL_EXPORTER_OTLP_ENDPOINT: http://192.168.0.188:24318
   OTEL_SERVICE_NAME: awoooi-cd-dev
   OTEL_RESOURCE_ATTRIBUTES: service.version=${{ github.sha }},deployment.environment=dev
@@ -43,7 +44,7 @@ jobs:
           ├ 🔖 <code>${{ steps.commit.outputs.short_sha }}</code>
           └ 🌿 dev branch"
           printf '%b' "$MSG" | curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
+            -d "chat_id=${{ env.TELEGRAM_ALERT_CHAT_ID }}" \
             -d "parse_mode=HTML" \
             --data-urlencode "text@-"
 
@@ -182,7 +183,7 @@ jobs:
           ├ ⏱️ 耗時: ${MINUTES}m ${SECONDS}s
           └ 🩺 http://192.168.0.125:32344/api/v1/health"
           printf '%b' "$MSG" | curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
+            -d "chat_id=${{ env.TELEGRAM_ALERT_CHAT_ID }}" \
             -d "parse_mode=HTML" \
             --data-urlencode "text@-"
 
@@ -194,6 +195,6 @@ jobs:
           ├ 🔖 <code>${{ steps.commit.outputs.short_sha }}</code>
           └ 🔗 <a href=\"http://192.168.0.110:3001/wooo/awoooi/actions\">查看日誌</a>"
           printf '%b' "$MSG" | curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
+            -d "chat_id=${{ env.TELEGRAM_ALERT_CHAT_ID }}" \
             -d "parse_mode=HTML" \
             --data-urlencode "text@-"
diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml
index f6f37ce6..f1a05eff 100644
--- a/.gitea/workflows/cd.yaml
+++ b/.gitea/workflows/cd.yaml
@@ -33,6 +33,7 @@ concurrency:
 
 env:
   HARBOR: 192.168.0.110:5000
+  TELEGRAM_ALERT_CHAT_ID: "-1003711974679"
   # Harbor Proxy Cache (指向 DockerHub 的內部 Mirror，避免拉取限額)
   HARBOR_MIRROR: 192.168.0.110:5001
   # OTEL CI/CD 監控 (2026-03-31 #46c - 遷移到 Gitea)
@@ -71,7 +72,7 @@ jobs:
           COMMIT_ESC=$(echo "$COMMIT_MSG" | sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g')
           MSG=$(printf '🚀 <b>AWOOOI 部署開始</b>\n├ 📝 <code>%s</code>\n├ 🔖 <code>%s</code>\n└ 👤 %s' "${COMMIT_ESC}" "${SHORT_SHA}" "${ACTOR}")
           curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
+            -d "chat_id=${{ env.TELEGRAM_ALERT_CHAT_ID }}" \
             -d "parse_mode=HTML" \
             --data-urlencode "text=${MSG}"
 
@@ -228,7 +229,7 @@ jobs:
           COMMIT_ESC=$(echo "$COMMIT_MSG" | sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g')
           MSG=$(printf '❌ <b>AWOOOI 部署失敗</b>\n├ 📝 <code>%s</code>\n├ 🔖 <code>%s</code>\n├ 👤 %s\n├ 🧪 Stage: tests\n└ 🔗 http://192.168.0.110:3001/wooo/awoooi/actions' "${COMMIT_ESC}" "${SHORT_SHA}" "${ACTOR}")
           curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
+            -d "chat_id=${{ env.TELEGRAM_ALERT_CHAT_ID }}" \
             -d "parse_mode=HTML" \
             --data-urlencode "text=${MSG}"
 
@@ -732,7 +733,7 @@ jobs:
           COMMIT_ESC=$(echo "$COMMIT_MSG" | sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g')
           MSG=$(printf '❌ <b>AWOOOI 部署失敗</b>\n├ 📝 <code>%s</code>\n├ 🔖 <code>%s</code>\n├ 👤 %s\n├ 🏗️ Stage: build-and-deploy\n└ 🔗 http://192.168.0.110:3001/wooo/awoooi/actions' "${COMMIT_ESC}" "${SHORT_SHA}" "${ACTOR}")
           curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
+            -d "chat_id=${{ env.TELEGRAM_ALERT_CHAT_ID }}" \
             -d "parse_mode=HTML" \
             --data-urlencode "text=${MSG}"
 
@@ -876,7 +877,7 @@ jobs:
           SHORT_SHA="${{ steps.commit.outputs.short_sha }}"
           TG_MSG="✅ AWOOOI 部署完成\n├ 📝 ${COMMIT_MSG}\n├ 🔖 ${SHORT_SHA}\n├ ⏱️ 耗時: ${MINUTES}m ${SECONDS}s\n├ 📦 API: ✅ Web: ✅\n├ 🩺 Health: ✅\n├ 🔗 Alert Chain: ${ALERT_CHAIN_RESULT}\n├ 📊 Monitoring: ${MONITORING_RESULT}\n└ 🎭 Smoke: ${SMOKE_RESULT}"
           printf '%b' "$TG_MSG" | curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
+            -d "chat_id=${{ env.TELEGRAM_ALERT_CHAT_ID }}" \
             --data-urlencode "text@-" || echo "TG notify warning (non-fatal)"
 
       - name: Notify Pipeline Failure
@@ -889,6 +890,6 @@ jobs:
           COMMIT_ESC=$(echo "$COMMIT_MSG" | sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g')
           MSG=$(printf '❌ <b>AWOOOI 部署失敗</b>\n├ 📝 <code>%s</code>\n├ 🔖 <code>%s</code>\n├ 👤 %s\n├ 🩺 Stage: post-deploy-checks\n└ 🔗 http://192.168.0.110:3001/wooo/awoooi/actions' "${COMMIT_ESC}" "${SHORT_SHA}" "${ACTOR}")
           curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
+            -d "chat_id=${{ env.TELEGRAM_ALERT_CHAT_ID }}" \
             -d "parse_mode=HTML" \
             --data-urlencode "text=${MSG}"
diff --git a/.gitea/workflows/code-review.yaml b/.gitea/workflows/code-review.yaml
index d57b2ff1..59d381c9 100644
--- a/.gitea/workflows/code-review.yaml
+++ b/.gitea/workflows/code-review.yaml
@@ -18,6 +18,7 @@ concurrency:
 env:
   REPORT_URL: https://mo.wooo.work/code-review/
   GITEA_ACTIONS_URL: http://192.168.0.110:3001/wooo/awoooi/actions
+  TELEGRAM_ALERT_CHAT_ID: "-1003711974679"
 
 jobs:
   ai-code-review:
@@ -81,7 +82,7 @@ jobs:
       - name: Notify Code Review Start
         env:
           TG_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
-          TG_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}
+          TG_CHAT_ID: ${{ env.TELEGRAM_ALERT_CHAT_ID }}
           SHORT_SHA: ${{ steps.ctx.outputs.short_sha }}
           BRANCH: ${{ steps.ctx.outputs.branch }}
           COMMIT_MSG: ${{ steps.ctx.outputs.commit_msg }}
@@ -117,7 +118,7 @@ jobs:
         if: always()
         env:
           TG_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
-          TG_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}
+          TG_CHAT_ID: ${{ env.TELEGRAM_ALERT_CHAT_ID }}
           SHORT_SHA: ${{ steps.ctx.outputs.short_sha }}
         run: |
           set -euo pipefail
diff --git a/.gitea/workflows/deploy-alerts.yaml b/.gitea/workflows/deploy-alerts.yaml
index abe58765..30e9bfb7 100644
--- a/.gitea/workflows/deploy-alerts.yaml
+++ b/.gitea/workflows/deploy-alerts.yaml
@@ -14,6 +14,9 @@ on:
       - 'ops/monitoring/alerts-unified.yml'
   workflow_dispatch:
 
+env:
+  TELEGRAM_ALERT_CHAT_ID: "-1003711974679"
+
 jobs:
   deploy-alerts:
     name: "Deploy Prometheus Alert Rules"
@@ -48,5 +51,5 @@ jobs:
           SHORT_SHA="${SHORT_SHA:0:7}"
           MSG="${EMOJI} Prometheus 告警規則部署 ${STATUS} (${SHORT_SHA})"
           curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
+            -d "chat_id=${{ env.TELEGRAM_ALERT_CHAT_ID }}" \
             --data-urlencode "text=${MSG}" || true
diff --git a/.gitea/workflows/e2e-health.yaml b/.gitea/workflows/e2e-health.yaml
index 8795af7f..db05a5d0 100644
--- a/.gitea/workflows/e2e-health.yaml
+++ b/.gitea/workflows/e2e-health.yaml
@@ -19,6 +19,7 @@ env:
   OTEL_EXPORTER_OTLP_ENDPOINT: http://192.168.0.188:24318
   OTEL_SERVICE_NAME: awoooi-e2e
   OTEL_RESOURCE_ATTRIBUTES: deployment.environment=production
+  TELEGRAM_ALERT_CHAT_ID: "-1003711974679"
 
 jobs:
   e2e-health:
@@ -54,7 +55,6 @@ jobs:
         if: failure()
         run: |
           curl -s -X POST "https://api.telegram.org/bot${{ secrets.OPENCLAW_TG_BOT_TOKEN }}/sendMessage" \
-            -d chat_id="${{ secrets.OPENCLAW_TG_CHAT_ID }}" \
+            -d chat_id="${{ env.TELEGRAM_ALERT_CHAT_ID }}" \
             -d parse_mode="HTML" \
             -d text="🔴 <b>[E2E Health Check]</b> 失敗%0A%0A📅 $(TZ=Asia/Taipei date '+%Y-%m-%d %H:%M')%0A🔗 API 健康檢查未通過%0A%0A請檢查 K3s 叢集狀態"
-
diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md
index e762fbb2..1a157ad1 100644
--- a/docs/LOGBOOK.md
+++ b/docs/LOGBOOK.md
@@ -14,6 +14,7 @@
 - `TelegramGateway.alert_chat_id` 統一告警目的地：`SRE_GROUP_CHAT_ID` 優先，只有缺群組設定才 fail-soft fallback 到 `OPENCLAW_TG_CHAT_ID`。
 - `send_approval_card()` 改為單次送 SRE 群組，不再先送 DM 再背景補群組；同時把 `tg_approval:*`、`tg_msg:*`、`approval_records.telegram_chat_id` 記到實際群組訊息。
 - Drift / Meta / SecOps / Business / Escalation 卡片、執行結果、rollback 提案、auto-repair fallback、AI provider failover、成本警告、容量預測、Hermes 規則品質、合規、Coverage、Gitea/Code Review 通知全部改為群組優先。
+- Gitea CD / Code Review / deploy-alerts / E2E health / dev CD workflow 的 Telegram sendMessage 也改用 SRE 群組 ID，避免 workflow 通知仍打到個人 DM。
 - 更新 ADR-093、Alert Chain E2E runbook、Human-in-the-loop 文件，避免後續驗收仍檢查 @tsenyangbot 個人 DM。
 
 ### 驗證