Merge remote-tracking branch 'gitea/main' into codex/security-supply-chain-contracts-20260512

2026-05-13 20:33:31 +08:00
parent eecc1c2de1 453e22f80d
commit ea02578bd8
3 changed files with 15 additions and 5 deletions
--- a/apps/api/src/services/channel_hub.py
+++ b/apps/api/src/services/channel_hub.py
@@ -49,6 +49,11 @@ _INTERIM_WAIT_SECONDS = 30
 _OUTBOUND_REDACTION_VERSION = "audit_sink_v1"


+def _db_timestamp_now() -> datetime:
+    """Return UTC now in the timestamp shape accepted by the production DB path."""
+    return datetime.now(UTC).replace(tzinfo=None)
+
+
 def _input_sha256(input_payload: dict[str, Any] | None) -> str | None:
    """計算 Run input 的穩定 hash，讓 mirror run 也能保留最小完整性證據。"""
    if not input_payload:
@@ -459,7 +464,7 @@ async def record_grouped_alert_event(
                channel_chat_id=f"alert-group:{group_key}",
                content_type="text",
                raw_content=content,
-                provider_ts=datetime.now(UTC),
+                provider_ts=_db_timestamp_now(),
                run_id=run_id,
            )

@@ -576,7 +581,7 @@ async def record_alertmanager_event(
                channel_chat_id=f"alertmanager:{namespace or 'default'}",
                content_type="text",
                raw_content=content,
-                provider_ts=datetime.now(UTC),
+                provider_ts=_db_timestamp_now(),
                run_id=run_id,
                is_duplicate=is_duplicate,
            )
@@ -648,7 +653,7 @@ async def record_outbound_message(

    actual_status = "shadow" if is_shadow else send_status
    sent_at = (
-        datetime.now(UTC).replace(tzinfo=None)
+        _db_timestamp_now()
        if actual_status == "sent"
        else None
    )
--- a/apps/api/tests/test_channel_hub_grouped_alert_events.py
+++ b/apps/api/tests/test_channel_hub_grouped_alert_events.py
@@ -1,6 +1,7 @@
 from __future__ import annotations

 from src.services.channel_hub import (
+    _db_timestamp_now,
    build_alertmanager_provider_event_id,
    build_alertmanager_run_id,
    build_grouped_alert_provider_event_id,
@@ -13,6 +14,10 @@ from src.services.channel_hub import (
 )


+def test_db_timestamp_now_is_naive_utc_for_asyncpg() -> None:
+    assert _db_timestamp_now().tzinfo is None
+
+
 def test_build_grouped_alert_provider_event_id_is_deterministic() -> None:
    event_id = build_grouped_alert_provider_event_id(
        "INC-20260507-ABCD12",
--- a/k8s/awoooi-prod/kustomization.yaml
+++ b/k8s/awoooi-prod/kustomization.yaml
@@ -40,7 +40,7 @@ resources:
 images:
 - name: 192.168.0.110:5000/library/api:IMAGE_TAG_PLACEHOLDER
  newName: 192.168.0.110:5000/awoooi/api
-  newTag: 6064e6d03fe43346cd8f98880e89120640a5811d
+  newTag: c6e47526a7ecf906aac007434a73db9f6157d376
 - name: 192.168.0.110:5000/library/web:IMAGE_TAG_PLACEHOLDER
  newName: 192.168.0.110:5000/awoooi/web
-  newTag: 6064e6d03fe43346cd8f98880e89120640a5811d
+  newTag: c6e47526a7ecf906aac007434a73db9f6157d376