From 99809f4a339ba8c07cd01256c7ce0a20032f35e8 Mon Sep 17 00:00:00 2001
From: OG T <ogt@WOOOMacMiniM4.local>
Date: Thu, 26 Mar 2026 21:41:31 +0800
Subject: [PATCH] =?UTF-8?q?fix(cd):=20=E6=B3=A8=E5=85=A5=20Telegram=20Toke?=
 =?UTF-8?q?n=20=E5=88=B0=20K8s=20Secret?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

問題: AWOOOI API 的 OPENCLAW_TG_BOT_TOKEN 為空，Telegram 無法發送
修復: CD 部署時從 GitHub Secrets 注入 Token

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .github/workflows/cd.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
index 9c4d1d5d..edb58b93 100644
--- a/.github/workflows/cd.yaml
+++ b/.github/workflows/cd.yaml
@@ -259,6 +259,18 @@ jobs:
         id: tag
         run: echo "tag=$(git rev-parse --short HEAD)-${{ github.run_id }}" >> $GITHUB_OUTPUT
 
+      # 2026-03-26: 注入 Telegram 機密到 K8s Secret
+      - name: Inject Telegram Secrets
+        run: |
+          kubectl patch secret awoooi-secrets -n awoooi-prod --type='json' \
+            -p='[{"op": "replace", "path": "/data/OPENCLAW_TG_BOT_TOKEN", "value": "'$(echo -n "${{ secrets.OPENCLAW_TG_BOT_TOKEN }}" | base64)'"}]' || \
+          kubectl create secret generic awoooi-secrets -n awoooi-prod \
+            --from-literal=OPENCLAW_TG_BOT_TOKEN="${{ secrets.OPENCLAW_TG_BOT_TOKEN }}" \
+            --dry-run=client -o yaml | kubectl apply -f -
+
+          kubectl patch secret awoooi-secrets -n awoooi-prod --type='json' \
+            -p='[{"op": "replace", "path": "/data/OPENCLAW_TG_CHAT_ID", "value": "'$(echo -n "${{ secrets.OPENCLAW_TG_CHAT_ID }}" | base64)'"}]' || true
+
       - name: Deploy
         run: |
           cd k8s/awoooi-prod