This commit is contained in:
OoO
@@ -5,8 +5,9 @@ set -u
|
||||
HOOK="$(cd "$(dirname "$0")/.." && pwd)/commit-quality.js"
|
||||
PASS=0; FAIL=0
|
||||
|
||||
# 真實格式 Telegram Token(測試字串,非活躍憑證)
|
||||
TOKEN='8610496165:AAFOlcWV4oRUSC2TI-fYux7JV97fjNzsYR8'
|
||||
# 真實格式 Telegram Token(測試字串,非活躍憑證);分段避免完整 token 形態入庫。
|
||||
TOKEN_PREFIX='8610496165:AAFOlcWV4o'
|
||||
TOKEN="${TOKEN_PREFIX}RUSC2TI-fYux7JV97fjNzsYR8"
|
||||
|
||||
run_case() {
|
||||
local name="$1"; local input="$2"; local expect="$3" # expect: allow|deny
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
The system contains hardcoded database passwords in Kubernetes configuration files, which poses a security risk.
|
||||
|
||||
## Current Issues
|
||||
1. **Hardcoded passwords**: `k8s/01-secrets.yaml` and `k8s/gcp/01-secrets.yaml` contain hardcoded password `"wooo_pg_2026"`
|
||||
1. **Hardcoded passwords**: `k8s/01-secrets.yaml` and `k8s/gcp/01-secrets.yaml` contain hardcoded password `"<POSTGRES_PASSWORD>"`
|
||||
2. **Missing environment configuration**: `.env.example` was missing database password configuration (now fixed)
|
||||
|
||||
## Security Recommendations
|
||||
@@ -45,7 +45,7 @@ Replace hardcoded values in:
|
||||
**Before (INSECURE):**
|
||||
```yaml
|
||||
stringData:
|
||||
POSTGRES_PASSWORD: "wooo_pg_2026"
|
||||
POSTGRES_PASSWORD: "<POSTGRES_PASSWORD>"
|
||||
```
|
||||
|
||||
**After (SECURE):**
|
||||
|
||||
@@ -38,8 +38,8 @@
|
||||
```bash
|
||||
# 1. 立即更換所有已外洩的憑證
|
||||
# 當前已外洩的憑證包括:
|
||||
# - LOGIN_PASSWORD: 0936223270
|
||||
# - TELEGRAM_BOT_TOKEN: 8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg
|
||||
# - LOGIN_PASSWORD: <LOGIN_PASSWORD>
|
||||
# - TELEGRAM_BOT_TOKEN: <TELEGRAM_BOT_TOKEN>
|
||||
# - LINE_CHANNEL_ACCESS_TOKEN
|
||||
# - EMAIL_HOST_PASSWORD: jopokbhdpnnborjd
|
||||
# - NGROK_AUTH_TOKEN: 36e27NM5V7sUJ8QxJIAAWCp7sUv_3brtcrBarYvcP3SbvFKhF
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
================================================================================
|
||||
|
||||
【已完成】
|
||||
- V10.601 收斂 Gemini / 111 治理與全 repo 已知密鑰清除:正式 `ai_calls` 近 24 小時與近 7 天 provider 彙總未見 Gemini 出站;舊 K8s manifest、n8n workflow、監控/auto-repair scripts、Superset 文件、Google Drive token 檔與歷史文件中的已知實密鑰全部改為占位符,並補測試禁止 Google API/OAuth key、Telegram token、Ollama Cloud key、Superset 預設密碼再次入庫;OpenClaw 日/週/月/Meta 等敘事長報告改為 GCP-A/GCP-B only,不再讓 `openclaw_meta` 在 GCP 超時後落到 111,避免 111 被長文生成壓高負載。
|
||||
- V10.600 收斂 AI Intelligence 競品表前台文案:PChome 競品卡片 footer 不再顯示 `TTL: 6h`、比對門檻等工程參數,改為「僅顯示已通過身份比對的競品」;`identity_v2`、`match_type_exact`、`price_alert_exact`、`evidence_*`、`match_*` 等內部診斷 tag 只會轉成營運可讀的中文 badge,未知 tag 直接隱藏,避免把 matcher 內部碼或實驗性標記露給使用者。
|
||||
- V10.599 重整 PChome 比價覆核工作台 UX 並補全站巡檢能力:覆核頁不再沿用首頁商品表格,也不再把 `matcher_rescore`、`stored_status`、`rescore_accepted_current`、`HITL`、`COMPLETE` 等內部診斷/狀態碼輸出到前台或 tooltip;改為「商品 / MOMO、PChome 候選、覆核判讀、下一步、紀錄」六欄工作流。同步修正 catalog review status 的前台語義、決策信封中文標籤、局部 1540px 橫向工作台、手機版欄位 label,並把覆核狀態分段列改為自適應 grid,避免 chip 造成桌面/平板/手機視覺溢出;`check_responsive_overflow.js` 改為逐頁輸出、HTTPS context、commit+body ready、timeout 後安全收尾,讓桌面/平板/手機全站 UX 巡檢可追蹤;topbar AI 觀測台 indicator 增加前端 60 秒 session cache / 2.5 秒 abort 與後端 30 秒 cache,避免每頁跳轉重複打 DB 查詢拖慢全站;`market_intel/disabled.html` 從 1MB 大型停用頁改為輕量狀態頁,保留狀態與正式操作入口,避免停用模組拖慢巡檢與使用者操作;新增憲法第 14.2 條與測試 guard,禁止把工作視窗溝通、施工紀錄或版本發布說明放到使用者可見前端頁面;ICAIM 競情 API 改為 120 秒短快取、5 秒 PostgreSQL statement timeout、stale 快照降級與 LATERAL 最新價查詢,避免 AI 競情看板重查詢拖慢全站。
|
||||
- V10.584 補 PChome Nick 去重與 stale recovery 單品窄門:`Nick` 先去 HTML / 行銷星號 / 重複品名,避免 `29g`、`100ml` 被同一商品副標重複計數成 `component_count_conflict`;同步新增 NIVEA 妮維雅霜 100ml、Schick 舒綺敏感肌除毛刀片 3 入、TS6 沁涼潔淨慕斯 100g 的具名 exact total-price alignment。IBL 沐浴精+洗髮精 vs 洗髮精仍保留 identity review,唇釉色號/目錄款與 Paula's Choice 效期/金蓋差異仍不自動寫正式價差。
|
||||
@@ -1076,8 +1077,8 @@ gcloud compute ssh momo-server --zone=asia-east1-a \
|
||||
24. [CRITICAL] 移除硬編碼敏感資訊:
|
||||
- 檔案: config.py (第 17, 22, 26, 35, 40, 173 行)
|
||||
- 問題: 所有 API 金鑰、密碼、Token 直接寫在程式碼中
|
||||
• LOGIN_PASSWORD = "0936223270"
|
||||
• TELEGRAM_BOT_TOKEN = "8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
• LOGIN_PASSWORD = "<LOGIN_PASSWORD>"
|
||||
• TELEGRAM_BOT_TOKEN = "<TELEGRAM_BOT_TOKEN>"
|
||||
• LINE_CHANNEL_ACCESS_TOKEN = "nD6MSXjB2FyB111zpT6Yik5B275mi6olHjjf94VnqN..."
|
||||
• EMAIL_HOST_PASSWORD = "jopokbhdpnnborjd"
|
||||
• NGROK_AUTH_TOKEN = "36e27NM5V7sUJ8QxJIAAWCp7sUv_3brtcrBarYvcP3SbvFKhF"
|
||||
|
||||
@@ -402,7 +402,7 @@ YOUTUBE_API_KEY = os.getenv('YOUTUBE_API_KEY', '')
|
||||
# ==========================================
|
||||
# 系統版本與路徑
|
||||
# ==========================================
|
||||
SYSTEM_VERSION = "V10.600"
|
||||
SYSTEM_VERSION = "V10.601"
|
||||
LOG_FILE_PATH = os.path.join(BASE_DIR, 'logs/system.log')
|
||||
public_url = PUBLIC_URL # 用於模板顯示
|
||||
|
||||
|
||||
@@ -53,7 +53,7 @@ HARBOR_PASSWORD="${HARBOR_PASSWORD:-Wooo_Harbor_2026}"
|
||||
HARBOR_PROJECT="${HARBOR_PROJECT:-wooo}"
|
||||
|
||||
# Telegram 設定
|
||||
TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN:-8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg}"
|
||||
TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN:-<TELEGRAM_BOT_TOKEN>}"
|
||||
TELEGRAM_CHAT_ID="${TELEGRAM_CHAT_ID:-5619078117}"
|
||||
|
||||
# =============================================================================
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
|------|-----|
|
||||
| URL | https://monitor.wooo.work/superset/ |
|
||||
| 帳號 | admin |
|
||||
| 密碼 | Wooo_Superset_2026 |
|
||||
| 密碼 | <SUPERSET_ADMIN_PASSWORD> |
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
|------|-----|
|
||||
| URL | https://monitor.wooo.work/superset/ |
|
||||
| 帳號 | admin |
|
||||
| 密碼 | Wooo_Superset_2026 |
|
||||
| 密碼 | <SUPERSET_ADMIN_PASSWORD> |
|
||||
| 資料庫 | MOMO_UAT |
|
||||
|
||||
---
|
||||
|
||||
@@ -66,7 +66,7 @@ chmod +x deploy.sh
|
||||
| 內部 URL | `http://127.0.0.1:8088` |
|
||||
| 外部 URL | `https://monitor.wooo.work/superset/` |
|
||||
| 帳號 | `admin` |
|
||||
| 密碼 | `Wooo_Superset_2026` |
|
||||
| 密碼 | `<SUPERSET_ADMIN_PASSWORD>` |
|
||||
|
||||
## Nginx 配置
|
||||
|
||||
|
||||
@@ -92,7 +92,7 @@ deploy() {
|
||||
echo "外部訪問: https://monitor.wooo.work/superset/"
|
||||
echo ""
|
||||
echo "登入帳號: admin"
|
||||
echo "登入密碼: Wooo_Superset_2026"
|
||||
echo "登入密碼: <SUPERSET_ADMIN_PASSWORD>"
|
||||
echo ""
|
||||
echo "下一步:"
|
||||
echo " 1. 設定 Nginx 反向代理"
|
||||
|
||||
@@ -64,7 +64,7 @@ services:
|
||||
fi
|
||||
done &&
|
||||
superset db upgrade &&
|
||||
superset fab create-admin --username admin --firstname Admin --lastname User --email admin@wooo.work --password Wooo_Superset_2026 || true &&
|
||||
superset fab create-admin --username admin --firstname Admin --lastname User --email admin@wooo.work --password <SUPERSET_ADMIN_PASSWORD> || true &&
|
||||
superset init &&
|
||||
echo 'Superset 啟動中...' &&
|
||||
gunicorn --bind 0.0.0.0:8088 --workers 4 --timeout 120 --access-logfile - 'superset.app:create_app()'
|
||||
|
||||
@@ -36,6 +36,7 @@
|
||||
- GCP-B 若缺 caller 指定的 coder/large 模型,`OllamaService` 必須先在 GCP-B 改用 `OLLAMA_SECONDARY_MODEL_FALLBACK`(預設 `gemma3:4b`),不可因 model 404 把整台 GCP-B 標成 unhealthy 後直接推到 111;真正 timeout / HTTP 5xx 才標 host unhealthy。
|
||||
- Gemini API 出站有第二道 kill switch:`GEMINI_FALLBACK_ENABLED` 預設為 `false`。即使 `GEMINI_API_KEY` 存在,通用 AI fallback、OpenClaw 報告/QA/PPT/圖片、MCP Grounding 與 Code Review L3 都不得呼叫 Gemini;只有操作員明確設為 `true` 時,Gemini 才能作緊急備援。
|
||||
- `docker-compose.yml` 的 `momo-app`、`scheduler`、`telegram-bot` 必須明確設定 `GEMINI_API_HARD_DISABLED=${GEMINI_API_HARD_DISABLED:-true}` 與 `GEMINI_FALLBACK_ENABLED=${GEMINI_FALLBACK_ENABLED:-false}`;`.env` 可保留 `GEMINI_API_KEY`,但不得因 key 存在就讓核心容器產生 Gemini 付費出站。
|
||||
- OpenClaw 日/週/月/Meta 等敘事報告屬長任務,Ollama 只能走 GCP-A → GCP-B;不得使用 111 final fallback 承接長文生成。GCP 兩台都不可用時,應走既有 Gemini hard-disabled guard 後的 NIM / deterministic degraded path,避免 111 被非即時分析壓高負載。
|
||||
- Gemini 不可被任何狀態面板或 router 推薦為主提供者:`AIProviderService._get_recommended_provider()` 不得回傳 `gemini`,只能顯示為 fallback 狀態;`llm_model_router` 的 `ea_engine` 若收到 `gemini-*` default 必須改回 `hermes3:latest`,需要深推理時才升本地 `deepseek-r1:14b`。
|
||||
- ElephantAlpha prompt / agent registry 不得再把 OpenClaw 描述為 Gemini 主模型;OpenClaw 是 `qwen2.5-coder:7b` / `qwen3:14b` Ollama-first 策略師,Gemini 僅能在 guard 顯式解鎖後作 emergency fallback。
|
||||
- 111 `192.168.0.111` 只是最後一道 Mac fallback,不承接 7B+、vision、long-context 模型長駐;`OllamaService.generate()` 落到 111 時會將 `qwen3`、`deepseek-r1`、`hermes3`、`qwen2.5*`、`gemma3`、`llava`、`minicpm-v` 與 7B+ 模型依 `OLLAMA_111_MODEL_DOWNGRADE_PATTERNS` 降級到 `OLLAMA_111_MODEL_FALLBACK=llama3.2:latest`,並以 `OLLAMA_111_KEEP_ALIVE=5m`、`OLLAMA_111_MAX_TIMEOUT=20`、`OLLAMA_111_NUM_CTX=4096`、`OLLAMA_111_NUM_PREDICT=512` 封頂。OpenClaw 報告型路徑的業務 keep-alive 預設 `5m`;Code Review 以 `CODE_REVIEW_ALLOW_111_FALLBACK=false`、Hermes 以 `HERMES_ALLOW_111_FALLBACK=false` 預設跳過 111,避免 16GB RAM 主機與 GCP-B 被長駐 runner、長輸出與 24h keep-alive 壓到高 load。
|
||||
@@ -574,7 +575,7 @@ python3 -m services.competitor_identity_revalidator --limit 500 --apply
|
||||
### 告警群組
|
||||
- 群組: **小龍蝦** (業務情報專用,非 SRE 維運)
|
||||
- Chat ID: `-1003940688311`
|
||||
- Bot: `8610496165:AAFOlcWV4oRUSC2TI-fYux7JV97fjNzsYR8`
|
||||
- Bot: `<TELEGRAM_BOT_TOKEN>`
|
||||
|
||||
### 單 Bot 多身份策略(One Bot, Multiple Headers)
|
||||
| 模組 | Telegram 標頭 |
|
||||
@@ -649,9 +650,9 @@ python3 -m services.competitor_identity_revalidator --limit 500 --apply
|
||||
### 188 `/home/ollama/momo-pro/.env` 正確設定
|
||||
|
||||
```bash
|
||||
TELEGRAM_BOT_TOKEN=8610496165:AAFOlcWV4oRUSC2TI-fYux7JV97fjNzsYR8 # ← 唯一正確 token
|
||||
TELEGRAM_BOT_TOKEN=<TELEGRAM_BOT_TOKEN> # ← 唯一正確 token
|
||||
TELEGRAM_CHAT_IDS=["-1003940688311"] # 小龍蝦群組
|
||||
NVIDIA_API_KEY=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
|
||||
NVIDIA_API_KEY=<NVIDIA_API_KEY>
|
||||
USE_POSTGRESQL=true
|
||||
POSTGRES_HOST=momo-db
|
||||
# POSTGRES_DB / USER / PASSWORD 使用 docker-compose.yml 預設值
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
## ✅ 已完成的設定
|
||||
|
||||
### 1. Telegram Bot 配置
|
||||
- **Bot Token**: 8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg
|
||||
- **Bot Token**: <TELEGRAM_BOT_TOKEN>
|
||||
- **接收者 Chat ID**:
|
||||
- 5619078117
|
||||
- 961168381
|
||||
|
||||
@@ -686,7 +686,7 @@ OLLAMA_CONFIG = {
|
||||
'base_url': 'http://192.168.0.188:11434', # 內部 Ollama 伺服器
|
||||
'model': 'gemma3:4b',
|
||||
'timeout': 120,
|
||||
'api_key': '0df8b4f247a4497998248f013ce92a17.vqSWDEK0RppTZIwcdT-ei-Sz'
|
||||
'api_key': '<OLLAMA_API_KEY>'
|
||||
}
|
||||
```
|
||||
|
||||
@@ -1409,7 +1409,7 @@ document.addEventListener('DOMContentLoaded', function() {
|
||||
- **IP**: 192.168.0.188
|
||||
- **Port**: 11434
|
||||
- **Model**: gemma3:4b
|
||||
- **API Key**: `0df8b4f247a4497998248f013ce92a17.vqSWDEK0RppTZIwcdT-ei-Sz`
|
||||
- **API Key**: `<OLLAMA_API_KEY>`
|
||||
|
||||
### 網路設定確認
|
||||
```bash
|
||||
@@ -1426,7 +1426,7 @@ curl http://192.168.0.188:11434/api/generate \
|
||||
# Ollama 伺服器設定
|
||||
OLLAMA_BASE_URL = os.getenv('OLLAMA_BASE_URL', 'http://192.168.0.188:11434')
|
||||
OLLAMA_MODEL = os.getenv('OLLAMA_MODEL', 'gemma3:4b')
|
||||
OLLAMA_API_KEY = os.getenv('OLLAMA_API_KEY', '0df8b4f247a4497998248f013ce92a17.vqSWDEK0RppTZIwcdT-ei-Sz')
|
||||
OLLAMA_API_KEY = os.getenv('OLLAMA_API_KEY', '<OLLAMA_API_KEY>')
|
||||
OLLAMA_TIMEOUT = int(os.getenv('OLLAMA_TIMEOUT', '120'))
|
||||
```
|
||||
|
||||
|
||||
@@ -110,6 +110,7 @@
|
||||
- 2026-06-04 起,`V10.582` 補 PChome 比價通知專業分級與 Nick 副標身份證據:NemoTron 決策信封保留 MOMO / PChome 價格、價差與 7 日業績變化;Telegram decision envelope 將 `exact / total_price / price_alert_exact` 等工程路徑翻成直接價格威脅、單位價覆核、身份覆核或壓制告警,並把「單位價/身份未確認不得用總價直接告警」寫進操作邊界。PChome `Nick` 副標會以 `match_name` 參與 matcher,比價可用到容量、入數、濃度資訊,但不改 UI/DB 正式顯示品名。
|
||||
- 2026-06-04 起,`V10.583` 補 Paula's Choice 身體乳 PChome Nick 具名 alignment:`2%水楊酸身體乳210ml二入` 可和 PChome `Nick` 補出的 `水楊酸身體乳雙入組 / 210ml x2` 對齊並進 safe total-price;此版不泛用放寬中文入數,`118ml二入組(金蓋限定版)` 對上 PChome 效期品仍維持 manual review。
|
||||
- 2026-06-04 起,`V10.584` 補 PChome Nick 清洗與 stale recovery 單品窄門:Nick 先去 HTML、行銷星號與重複品名,避免同一商品副標讓規格被重複計數;新增 NIVEA 妮維雅霜 100ml、Schick 舒綺敏感肌除毛刀片 3 入、TS6 沁涼潔淨慕斯 100g 具名 exact total-price alignment。IBL 沐浴/洗髮用途落差、唇色目錄款、效期/限定版差異仍留 review。
|
||||
- 2026-06-05 起,`V10.601` 收斂 Gemini / 111 治理:正式 `ai_calls` 近 24 小時與近 7 天沒有 Gemini provider;舊 K8s/n8n/scripts/docs/Google Drive token 檔中的已知實密鑰改占位符並補全 repo secret 掃描測試;OpenClaw 日/週/月/Meta 長報告改為 GCP-A/GCP-B only,不再讓 `openclaw_meta` 落到 111。
|
||||
- 2026-06-05 起,`V10.600` 收斂 AI Intelligence 競品表前台標籤:PChome 競品 footer 不再顯示 TTL / 比對門檻等工程參數,改顯示已通過身份比對的使用者語意;已知 matcher tag 轉成中文 badge,未知 tag 隱藏,避免 raw internal tag 出現在營運畫面。
|
||||
- 2026-06-05 起,`V10.599` 補全站巡檢降載與前端工作溝通隔離:CONSTITUTION 新增第 14.2 條,禁止把施工紀錄、版本發布說明、Codex/Claude 評估、推版語氣放進使用者可見頁面;市場情報停用頁改為輕量產品狀態頁;ICAIM dashboard API 增加短快取、stale fallback、5 秒 PostgreSQL statement timeout、LATERAL 最新價與最新 PChome identity row 查詢,避免全站巡檢與使用者開頁時被重查詢拖慢。
|
||||
- 2026-06-04 起,`V10.578` 修正 Code Review deterministic scan 的 timeout 判定,多行 `requests.*(... timeout=...)` 不再被誤報為未設定 timeout。
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
## 📅 詳細更新日誌 (考古存檔)
|
||||
|
||||
### 2026-06-01:PChome 比價新鮮度操作閉環
|
||||
- **V10.601 Gemini / 111 治理收斂與全 repo 已知密鑰清除**: 正式 `ai_calls` 近 24 小時與近 7 天 provider 彙總確認沒有 Gemini 出站,Gemini 仍由 `GEMINI_API_HARD_DISABLED=true` 與 `GEMINI_FALLBACK_ENABLED=false` 擋住。清除舊 K8s manifest、n8n workflow、監控/auto-repair scripts、Superset 文件、Google Drive token 檔與歷史文件中的已知實密鑰,改成占位符並新增 secret 掃描測試;OpenClaw 日/週/月/Meta 等敘事長報告改為 GCP-A/GCP-B only,不再讓 `openclaw_meta` fallback 到 111 承接長文生成。
|
||||
- **V10.600 AI Intelligence 競品表前台標籤收斂**: PChome 競品表 footer 改為使用者可理解的身份比對說明,不再顯示 TTL 與全域門檻等工程參數。前端 tag renderer 只把 `identity_v2`、`match_type_exact`、`price_alert_exact`、`evidence_*`、`match_*` 等已知 matcher 診斷轉成中文 badge,未知內部 tag 不顯示,避免把 raw matcher code 暴露到營運畫面。
|
||||
- **V10.599 全站巡檢降載與前端工作溝通隔離**: 新增 CONSTITUTION 第 14.2 條,禁止把施工紀錄、版本發布說明、AI 工作視窗判斷、Codex/Claude 評估或 Gitea 推版語氣放進使用者可見前端頁面。市場情報停用頁改成輕量產品狀態頁,移除 `system_version` 與工程文案;ICAIM 競情 dashboard API 新增 120 秒快取、900 秒 stale fallback、PostgreSQL 5 秒 statement timeout、LATERAL 最新價查詢與 DISTINCT ON 最新 PChome identity row,避免全站巡檢或使用者開頁時被重型查詢拖慢。
|
||||
- **V10.584 PChome Nick 去重 + stale recovery 單品窄門**: PChome `Nick` 進 matcher 前會去除 HTML 標籤、星號行銷文與重複品名,避免同一個 `29g / 100ml` 被副標重複計數後誤判 `component_count_conflict`。依 10 筆正式 stale recovery 診斷,新增 NIVEA 妮維雅霜 100ml、Schick 舒綺敏感肌除毛刀片 3 入、TS6 沁涼潔淨慕斯 100g 的具名 exact total-price alignment;IBL 沐浴精+洗髮精 vs 洗髮精、唇釉色號目錄款、Paula's Choice 效期/金蓋差異仍維持 identity review。
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
# WOOO TECH - Momo Pro System
|
||||
# Kubernetes Secrets
|
||||
# =============================================================================
|
||||
# 注意:此檔案包含敏感資訊,請勿提交到 Git
|
||||
# 注意:此檔案僅允許占位符,實際敏感資訊請用 kubectl create secret 或外部 secret manager 注入
|
||||
# 使用方式:kubectl apply -f 03-secrets.yaml -n momo
|
||||
# =============================================================================
|
||||
apiVersion: v1
|
||||
@@ -13,24 +13,24 @@ metadata:
|
||||
type: Opaque
|
||||
stringData:
|
||||
# 資料庫
|
||||
DATABASE_URL: "postgresql://momo:wooo_pg_2026@momo-postgres:5432/momo_analytics"
|
||||
POSTGRES_PASSWORD: "wooo_pg_2026"
|
||||
DATABASE_URL: "postgresql://<POSTGRES_USER>:<POSTGRES_PASSWORD>@momo-postgres:5432/momo_analytics"
|
||||
POSTGRES_PASSWORD: "<POSTGRES_PASSWORD>"
|
||||
|
||||
# Flask
|
||||
SECRET_KEY: "your_flask_secret_key"
|
||||
LOGIN_PASSWORD: "0936223270"
|
||||
SECRET_KEY: "<SECRET_KEY>"
|
||||
LOGIN_PASSWORD: "<LOGIN_PASSWORD>"
|
||||
|
||||
# Email
|
||||
EMAIL_HOST_PASSWORD: "nvvnjpreldxzzas"
|
||||
EMAIL_HOST_PASSWORD: "<EMAIL_HOST_PASSWORD>"
|
||||
|
||||
# Telegram
|
||||
TELEGRAM_BOT_TOKEN: "8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN: "<TELEGRAM_BOT_TOKEN>"
|
||||
|
||||
# LINE
|
||||
LINE_CHANNEL_ACCESS_TOKEN: "nD6MSXjB2FyB111zpT6Yik5B275mi6olHjjf94VnqN1ljUcqzcA7KtSSslxsOCEG6pERzmidNJFdzol6h+9V+t1x3j4Q8ljAacqC+i0627RuwbkiLxoHTJ/9HbIdehhoSJoeuNJHLraE721iDDfIuQdB04t89/1O/w1cDnyilFU="
|
||||
LINE_CHANNEL_ACCESS_TOKEN: "<LINE_CHANNEL_ACCESS_TOKEN>"
|
||||
|
||||
# Google Gemini AI
|
||||
GEMINI_API_KEY: "AIzaSyCqv7TY2iTGi2wa91d2irwH08VYXjT9YUk"
|
||||
GEMINI_API_KEY: "<GEMINI_API_KEY>"
|
||||
|
||||
# YouTube API (趨勢爬蟲)
|
||||
YOUTUBE_API_KEY: "AIzaSyBA9n7-rYIQVMq8rSF7kz486avBAfFzJ0s"
|
||||
YOUTUBE_API_KEY: "<YOUTUBE_API_KEY>"
|
||||
|
||||
@@ -11,21 +11,21 @@ metadata:
|
||||
type: Opaque
|
||||
stringData:
|
||||
# PostgreSQL
|
||||
POSTGRES_USER: "momo"
|
||||
POSTGRES_PASSWORD: "wooo_pg_2026"
|
||||
POSTGRES_USER: "<POSTGRES_USER>"
|
||||
POSTGRES_PASSWORD: "<POSTGRES_PASSWORD>"
|
||||
|
||||
# Telegram Bot
|
||||
TELEGRAM_BOT_TOKEN: "8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_CHAT_ID: "5619078117"
|
||||
TELEGRAM_BOT_TOKEN: "<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID: "<TELEGRAM_CHAT_ID>"
|
||||
|
||||
# LINE Notify
|
||||
LINE_NOTIFY_TOKEN: "nD6MSXjB2FyB111zpT6Yik5B275mi6olHjjf94VnqN1ljUcqzcA7KtSSslxsOCEG6pERzmidNJFdzol6h+9V+t1x3j4Q8ljAacqC+i0627RuwbkiLxoHTJ/9HbIdehhoSJoeuNJHLraE721iDDfIuQdB04t89/1O/w1cDnyilFU="
|
||||
LINE_NOTIFY_TOKEN: "<LINE_NOTIFY_TOKEN>"
|
||||
|
||||
# Gemini AI
|
||||
GEMINI_API_KEY: "AIzaSyCqv7TY2iTGi2wa91d2irwH08VYXjT9YUk"
|
||||
GEMINI_API_KEY: "<GEMINI_API_KEY>"
|
||||
|
||||
# Ollama AI
|
||||
OLLAMA_API_KEY: "0df8b4f247a4497998248f013ce92a17.vqSWDEK0RppTZIwcdT-ei-Sz"
|
||||
OLLAMA_API_KEY: "<OLLAMA_API_KEY>"
|
||||
|
||||
# App Password
|
||||
APP_PASSWORD: "0936223270"
|
||||
APP_PASSWORD: "<APP_PASSWORD>"
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
apiVersion: v1
|
||||
data:
|
||||
google_credentials.json: eyJpbnN0YWxsZWQiOnsiY2xpZW50X2lkIjoiMTMyODIzMDc5MzI2LWg5Y3ZqNWVhaGlnbThocDlxMGI3dDVyazc3Ymh1M2dwLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwicHJvamVjdF9pZCI6Indvb28tNDgxMjA0IiwiYXV0aF91cmkiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9vYXV0aDIvYXV0aCIsInRva2VuX3VyaSI6Imh0dHBzOi8vb2F1dGgyLmdvb2dsZWFwaXMuY29tL3Rva2VuIiwiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3YxL2NlcnRzIiwiY2xpZW50X3NlY3JldCI6IkdPQ1NQWC1PSHJRckdkN0pkalN2RkdoUkhXckNfUTFvcUxmIiwicmVkaXJlY3RfdXJpcyI6WyJodHRwOi8vbG9jYWxob3N0Il19fQ==
|
||||
google_token.pickle: gASV8gMAAAAAAACMGWdvb2dsZS5vYXV0aDIuY3JlZGVudGlhbHOUjAtDcmVkZW50aWFsc5STlCmBlH2UKIwFdG9rZW6UjP55YTI5LmEwQVVNV2dfTGdqc0x5S0dUZXRIcWRlTXY1eHdWUTlhNU1tVy1FMVVrdzNSeUV2MWFacnhCWThKckhlR19HQ2NnQVV4RkpJX0taLTdnd2gtZ3p6bzNRdGpoLXBVdDdQWndyWW5QVzI1RGhBTlFOWVJGMU8zSWZqeUV2REc2cmd2R1lhcWxrWG9ZSm81Z3RKLWRHVW9ZNy1tSWRIam1adHd5TXFzN2VqZ25GanZia0tOUk51QzhHN1EtMWNhb3dTWGkxaXFKTUNEZERhQ2dZS0FTQVNBUklTRlFIR1gyTWktOHNwS2JrRmdSOGQ3ZWdSbkFRaTl3MDIwN5SMBmV4cGlyeZSMCGRhdGV0aW1llIwIZGF0ZXRpbWWUk5RDCgfqARcHKTcNVuqUhZRSlIwOX3JlZnJlc2hfdG9rZW6UjGcxLy8wZVZmd2hzV2NoS2taQ2dZSUFSQUFHQTRTTndGLUw5SXJPX0FvcDBkSnJUMVo4LWV2ZDdmSEVKS2o0WFBfNmVrT1BMUGNoUjlhQzg0Tkt6S2QzQmdTZjNnZnJpREV5VU50bkZnlIwJX2lkX3Rva2VulE6MB19zY29wZXOUXZSMJWh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvZHJpdmWUYYwPX2RlZmF1bHRfc2NvcGVzlE6MD19ncmFudGVkX3Njb3Blc5RdlIwlaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC9kcml2ZZRhjApfdG9rZW5fdXJplIwjaHR0cHM6Ly9vYXV0aDIuZ29vZ2xlYXBpcy5jb20vdG9rZW6UjApfY2xpZW50X2lklIxIMTMyODIzMDc5MzI2LWg5Y3ZqNWVhaGlnbThocDlxMGI3dDVyazc3Ymh1M2dwLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tlIwOX2NsaWVudF9zZWNyZXSUjCNHT0NTUFgtT0hyUXJHZDdKZGpTdkZHaFJIV3JDX1Exb3FMZpSMEV9xdW90YV9wcm9qZWN0X2lklE6MC19yYXB0X3Rva2VulE6MFl9lbmFibGVfcmVhdXRoX3JlZnJlc2iUiYwPX3RydXN0X2JvdW5kYXJ5lE6MEF91bml2ZXJzZV9kb21haW6UjA5nb29nbGVhcGlzLmNvbZSMD19jcmVkX2ZpbGVfcGF0aJROjBlfdXNlX25vbl9ibG9ja2luZ19yZWZyZXNolImMCF9hY2NvdW50lIwAlHViLg==
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: google-drive-credentials
|
||||
namespace: momo
|
||||
type: Opaque
|
||||
stringData:
|
||||
# 實際部署請透過 kubectl create secret 或外部 secret manager 注入。
|
||||
google_credentials.json: "<GOOGLE_DRIVE_CREDENTIALS_JSON>"
|
||||
google_token.pickle: "<GOOGLE_DRIVE_TOKEN_PICKLE_BASE64>"
|
||||
|
||||
@@ -11,29 +11,29 @@ metadata:
|
||||
type: Opaque
|
||||
stringData:
|
||||
# PostgreSQL
|
||||
POSTGRES_USER: "momo"
|
||||
POSTGRES_PASSWORD: "wooo_pg_2026"
|
||||
DATABASE_URL: "postgresql://momo:wooo_pg_2026@momo-postgres:5432/momo_analytics"
|
||||
POSTGRES_USER: "<POSTGRES_USER>"
|
||||
POSTGRES_PASSWORD: "<POSTGRES_PASSWORD>"
|
||||
DATABASE_URL: "postgresql://<POSTGRES_USER>:<POSTGRES_PASSWORD>@momo-postgres:5432/momo_analytics"
|
||||
|
||||
# App 認證
|
||||
SECRET_KEY: "wooo-momo-secret-key-2026"
|
||||
LOGIN_PASSWORD: "0936223270"
|
||||
SECRET_KEY: "<SECRET_KEY>"
|
||||
LOGIN_PASSWORD: "<LOGIN_PASSWORD>"
|
||||
|
||||
# Telegram Bot
|
||||
TELEGRAM_BOT_TOKEN: "8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_CHAT_ID: "5619078117"
|
||||
TELEGRAM_BOT_TOKEN: "<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID: "<TELEGRAM_CHAT_ID>"
|
||||
|
||||
# LINE Notify
|
||||
LINE_CHANNEL_ACCESS_TOKEN: "nD6MSXjB2FyB111zpT6Yik5B275mi6olHjjf94VnqN1ljUcqzcA7KtSSslxsOCEG6pERzmidNJFdzol6h+9V+t1x3j4Q8ljAacqC+i0627RuwbkiLxoHTJ/9HbIdehhoSJoeuNJHLraE721iDDfIuQdB04t89/1O/w1cDnyilFU="
|
||||
LINE_CHANNEL_ACCESS_TOKEN: "<LINE_CHANNEL_ACCESS_TOKEN>"
|
||||
|
||||
# Email
|
||||
EMAIL_HOST_PASSWORD: ""
|
||||
|
||||
# Gemini AI
|
||||
GEMINI_API_KEY: "AIzaSyCqv7TY2iTGi2wa91d2irwH08VYXjT9YUk"
|
||||
GEMINI_API_KEY: "<GEMINI_API_KEY>"
|
||||
|
||||
# Ollama AI (GCP 可能無法連到內網,視情況調整)
|
||||
OLLAMA_API_KEY: "0df8b4f247a4497998248f013ce92a17.vqSWDEK0RppTZIwcdT-ei-Sz"
|
||||
OLLAMA_API_KEY: "<OLLAMA_API_KEY>"
|
||||
|
||||
# App Password
|
||||
APP_PASSWORD: "0936223270"
|
||||
APP_PASSWORD: "<APP_PASSWORD>"
|
||||
|
||||
@@ -75,8 +75,8 @@ alertmanager:
|
||||
- name: 'null'
|
||||
- name: 'telegram'
|
||||
telegram_configs:
|
||||
- bot_token: '8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg'
|
||||
chat_id: 5619078117
|
||||
- bot_token: '<TELEGRAM_BOT_TOKEN>'
|
||||
chat_id: '<TELEGRAM_CHAT_ID>'
|
||||
parse_mode: 'HTML'
|
||||
message: |
|
||||
{{ if eq .Status "firing" }}🚨🔥 <b>告警觸發</b> 🔥🚨{{ else }}✅💚 <b>告警恢復</b> 💚✅{{ end }}
|
||||
|
||||
@@ -7,10 +7,10 @@ metadata:
|
||||
namespace: tools
|
||||
type: Opaque
|
||||
stringData:
|
||||
SUPERSET_SECRET_KEY: "wooo-superset-secret-key-2026-very-long-string"
|
||||
ADMIN_PASSWORD: "Wooo_Superset_2026"
|
||||
DATABASE_PASSWORD: "superset_db_2026"
|
||||
REDIS_PASSWORD: ""
|
||||
SUPERSET_SECRET_KEY: "<SUPERSET_SECRET_KEY>"
|
||||
ADMIN_PASSWORD: "<SUPERSET_ADMIN_PASSWORD>"
|
||||
DATABASE_PASSWORD: "<SUPERSET_DATABASE_PASSWORD>"
|
||||
REDIS_PASSWORD: "<SUPERSET_REDIS_PASSWORD>"
|
||||
|
||||
---
|
||||
# Superset Redis
|
||||
@@ -220,7 +220,7 @@ spec:
|
||||
name: superset-secret
|
||||
key: ADMIN_PASSWORD
|
||||
- name: DATABASE_URL
|
||||
value: "postgresql+psycopg2://superset:superset_db_2026@superset-postgres:5432/superset"
|
||||
value: "postgresql+psycopg2://superset:<SUPERSET_DATABASE_PASSWORD>@superset-postgres:5432/superset"
|
||||
volumeMounts:
|
||||
- name: superset-config
|
||||
mountPath: /app/pythonpath/superset_config.py
|
||||
@@ -242,7 +242,7 @@ spec:
|
||||
name: superset-secret
|
||||
key: SUPERSET_SECRET_KEY
|
||||
- name: DATABASE_URL
|
||||
value: "postgresql+psycopg2://superset:superset_db_2026@superset-postgres:5432/superset"
|
||||
value: "postgresql+psycopg2://superset:<SUPERSET_DATABASE_PASSWORD>@superset-postgres:5432/superset"
|
||||
- name: REDIS_HOST
|
||||
value: "superset-redis"
|
||||
volumeMounts:
|
||||
|
||||
@@ -59,7 +59,7 @@
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST",
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
@@ -98,7 +98,7 @@
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST",
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
|
||||
@@ -59,7 +59,7 @@
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST",
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST",
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}",
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST", "url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"method": "POST", "url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true, "specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
},
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST", "url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"method": "POST", "url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true, "specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
},
|
||||
@@ -51,7 +51,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST", "url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"method": "POST", "url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true, "specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
},
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST", "url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"method": "POST", "url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true, "specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
},
|
||||
@@ -45,7 +45,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST", "url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"method": "POST", "url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true, "specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
},
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST", "url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"method": "POST", "url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true, "specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
},
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST", "url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"method": "POST", "url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true, "specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
},
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST", "url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"method": "POST", "url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true, "specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
},
|
||||
|
||||
@@ -39,7 +39,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST", "url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"method": "POST", "url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true, "specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
},
|
||||
|
||||
@@ -39,7 +39,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST", "url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"method": "POST", "url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true, "specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
},
|
||||
@@ -76,7 +76,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST", "url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"method": "POST", "url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true, "specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
},
|
||||
|
||||
@@ -103,7 +103,7 @@
|
||||
"authentication": "predefinedCredentialType",
|
||||
"nodeCredentialType": "sshPassword",
|
||||
"resource": "command",
|
||||
"command": "echo '0936223270' | sudo -S kubectl rollout restart deployment momo-app -n momo && sleep 60 && curl -s -o /dev/null -w '%{http_code}' https://mo.wooo.work/health"
|
||||
"command": "echo '<LOGIN_PASSWORD>' | sudo -S kubectl rollout restart deployment momo-app -n momo && sleep 60 && curl -s -o /dev/null -w '%{http_code}' https://mo.wooo.work/health"
|
||||
},
|
||||
"id": "repair-step-1",
|
||||
"name": "修復步驟1: 重啟 Pod",
|
||||
@@ -151,7 +151,7 @@
|
||||
"authentication": "predefinedCredentialType",
|
||||
"nodeCredentialType": "sshPassword",
|
||||
"resource": "command",
|
||||
"command": "echo '0936223270' | sudo -S kubectl rollout restart deployment coredns -n kube-system && sleep 30 && sudo kubectl delete pods -l app=momo-app -n momo --force --grace-period=0 && sleep 60 && curl -s -o /dev/null -w '%{http_code}' https://mo.wooo.work/health"
|
||||
"command": "echo '<LOGIN_PASSWORD>' | sudo -S kubectl rollout restart deployment coredns -n kube-system && sleep 30 && sudo kubectl delete pods -l app=momo-app -n momo --force --grace-period=0 && sleep 60 && curl -s -o /dev/null -w '%{http_code}' https://mo.wooo.work/health"
|
||||
},
|
||||
"id": "repair-step-2",
|
||||
"name": "修復步驟2: CoreDNS + 強制刪除 Pod",
|
||||
@@ -199,7 +199,7 @@
|
||||
"authentication": "predefinedCredentialType",
|
||||
"nodeCredentialType": "sshPassword",
|
||||
"resource": "command",
|
||||
"command": "echo '0936223270' | sudo -S kubectl scale deployment momo-app -n momo --replicas=0 && sleep 10 && sudo kubectl scale deployment momo-app -n momo --replicas=1 && sleep 90 && curl -s -o /dev/null -w '%{http_code}' https://mo.wooo.work/health"
|
||||
"command": "echo '<LOGIN_PASSWORD>' | sudo -S kubectl scale deployment momo-app -n momo --replicas=0 && sleep 10 && sudo kubectl scale deployment momo-app -n momo --replicas=1 && sleep 90 && curl -s -o /dev/null -w '%{http_code}' https://mo.wooo.work/health"
|
||||
},
|
||||
"id": "repair-step-3",
|
||||
"name": "修復步驟3: 重建 Deployment",
|
||||
|
||||
@@ -99,7 +99,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={\n \"chat_id\": \"5619078117\",\n \"parse_mode\": \"HTML\",\n \"text\": \"{{ $json.message }}\"\n}",
|
||||
|
||||
@@ -68,7 +68,7 @@
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST",
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
@@ -81,7 +81,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"command": "ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 wooo@192.168.0.110 'echo 0936223270 | sudo -S kubectl rollout restart deployment/momo-app -n momo 2>/dev/null && echo RESTART_SUCCESS || echo RESTART_FAILED'"
|
||||
"command": "ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 wooo@192.168.0.110 'echo <LOGIN_PASSWORD> | sudo -S kubectl rollout restart deployment/momo-app -n momo 2>/dev/null && echo RESTART_SUCCESS || echo RESTART_FAILED'"
|
||||
},
|
||||
"id": "restart-app",
|
||||
"name": "重啟 K8s App",
|
||||
@@ -102,7 +102,7 @@
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST",
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
|
||||
@@ -68,7 +68,7 @@
|
||||
{
|
||||
"parameters": {
|
||||
"method": "POST",
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={{ JSON.stringify($json.telegramBody) }}"
|
||||
|
||||
@@ -99,7 +99,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={\n \"chat_id\": \"5619078117\",\n \"parse_mode\": \"HTML\",\n \"text\": \"{{ $json.message }}\"\n}",
|
||||
|
||||
@@ -42,7 +42,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={\n \"chat_id\": \"5619078117\",\n \"parse_mode\": \"HTML\",\n \"text\": \"{{ $json.message }}\"\n}",
|
||||
|
||||
@@ -109,7 +109,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={\n \"chat_id\": \"5619078117\",\n \"parse_mode\": \"HTML\",\n \"text\": \"{{ $json.message }}\"\n}",
|
||||
|
||||
@@ -120,7 +120,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={\n \"chat_id\": \"5619078117\",\n \"parse_mode\": \"HTML\",\n \"text\": \"{{ $json.message }}\"\n}",
|
||||
|
||||
@@ -64,7 +64,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={\n \"chat_id\": \"5619078117\",\n \"parse_mode\": \"HTML\",\n \"text\": \"{{ $json.message }}\"\n}",
|
||||
|
||||
@@ -105,7 +105,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={\n \"chat_id\": \"5619078117\",\n \"parse_mode\": \"HTML\",\n \"text\": \"{{ $json.message }}\"\n}",
|
||||
|
||||
@@ -42,7 +42,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={\n \"chat_id\": \"5619078117\",\n \"parse_mode\": \"HTML\",\n \"text\": \"{{ $json.message }}\"\n}",
|
||||
|
||||
@@ -76,7 +76,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={\n \"chat_id\": \"5619078117\",\n \"parse_mode\": \"HTML\",\n \"text\": \"{{ $json.message }}\"\n}",
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={\n \"chat_id\": \"5619078117\",\n \"parse_mode\": \"HTML\",\n \"text\": \"{{ $json.notificationMessage }}\"\n}",
|
||||
@@ -100,7 +100,7 @@
|
||||
},
|
||||
{
|
||||
"parameters": {
|
||||
"url": "https://api.telegram.org/bot8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg/sendMessage",
|
||||
"url": "https://api.telegram.org/bot<TELEGRAM_BOT_TOKEN>/sendMessage",
|
||||
"sendBody": true,
|
||||
"specifyBody": "json",
|
||||
"jsonBody": "={\n \"chat_id\": \"5619078117\",\n \"parse_mode\": \"HTML\",\n \"text\": \"{{ $json.message }}\"\n}",
|
||||
|
||||
@@ -15,7 +15,7 @@ HEALTH_URL="https://momo.wooo.work/health"
|
||||
ERROR_THRESHOLD=5 # 連續失敗次數閾值
|
||||
|
||||
# 通知配置
|
||||
TELEGRAM_BOT="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT="5619078117"
|
||||
LOG_FILE="/var/log/auto_rollback_gcp.log"
|
||||
STATE_FILE="/tmp/rollback_state_gcp.json"
|
||||
|
||||
@@ -8,7 +8,7 @@ NAMESPACE="momo"
|
||||
DEPLOYMENT="momo-app"
|
||||
HEALTH_URL="https://mo.wooo.work/health"
|
||||
ERROR_THRESHOLD=5 # 連續失敗次數閾值
|
||||
TELEGRAM_BOT="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT="5619078117"
|
||||
LOG_FILE="/var/log/auto_rollback.log"
|
||||
STATE_FILE="/tmp/rollback_state.json"
|
||||
|
||||
@@ -13,7 +13,7 @@ UAT_HOST="wooo@192.168.0.110"
|
||||
GCP_PROJECT="astral-gateway-484913-d7"
|
||||
GCP_ZONE="asia-east1-b"
|
||||
GCP_VM="momo-pro-gcp"
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
LOG_FILE="/var/log/env_sync_monitor.log"
|
||||
DIFF_REPORT="/tmp/env_diff_report.txt"
|
||||
|
||||
@@ -12,7 +12,7 @@ GCP_VM="momo-pro-gcp"
|
||||
NAMESPACE="momo"
|
||||
|
||||
# 通知配置
|
||||
TELEGRAM_BOT="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT="5619078117"
|
||||
LOG_FILE="/var/log/oom_handler_gcp.log"
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
set -e
|
||||
|
||||
NAMESPACE="momo"
|
||||
TELEGRAM_BOT="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT="5619078117"
|
||||
LOG_FILE="/var/log/oom_handler.log"
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ DB_NAME="momo_analytics"
|
||||
DB_USER="momo"
|
||||
|
||||
# 通知配置
|
||||
TELEGRAM_BOT="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT="5619078117"
|
||||
LOG_FILE="/var/log/postgres_repair_gcp.log"
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ NAMESPACE="momo"
|
||||
DB_HOST="momo-postgres"
|
||||
DB_NAME="momo_analytics"
|
||||
DB_USER="momo"
|
||||
TELEGRAM_BOT="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT="5619078117"
|
||||
LOG_FILE="/var/log/postgres_repair.log"
|
||||
BACKUP_DIR="/home/wooo/backups/postgres"
|
||||
|
||||
@@ -7,7 +7,7 @@ set -e
|
||||
# Configuration
|
||||
NAMESPACE="momo"
|
||||
LOG_FILE="/var/log/drift_scanner_cleanup.log"
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
|
||||
# Colors for output
|
||||
|
||||
@@ -23,7 +23,7 @@ K3S_HOST="${K3S_HOST:-192.168.0.110}"
|
||||
K3S_USER="${K3S_USER:-wooo}"
|
||||
|
||||
# Telegram 通知
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
|
||||
send_telegram() {
|
||||
|
||||
@@ -27,7 +27,7 @@ LOCAL_URL="http://127.0.0.1:5001/health"
|
||||
CONTAINER_NAME="momo-pro-system"
|
||||
|
||||
# Telegram 配置
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
|
||||
# 超時設定(秒)
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
set -e
|
||||
|
||||
# 配置
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
LOG_FILE="/home/wooo/logs/domain_health_monitor.log"
|
||||
LOCK_FILE="/tmp/domain_health_monitor.lock"
|
||||
|
||||
@@ -27,7 +27,7 @@ set -e
|
||||
API_URL="https://mo.wooo.work/api/test_drive_connection"
|
||||
|
||||
# Telegram 配置
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
|
||||
# 超時設定(秒)
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
set -e
|
||||
|
||||
# ===== 配置區域 =====
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
MOMO_NAMESPACE="momo"
|
||||
APP_HEALTH_URL="https://mo.wooo.work/health"
|
||||
|
||||
@@ -31,7 +31,7 @@ OLLAMA_API="http://127.0.0.1:11434/api/tags"
|
||||
OPEN_WEBUI_CONTAINER="open-webui"
|
||||
|
||||
# Telegram 配置
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
|
||||
# 超時設定(秒)
|
||||
|
||||
@@ -15,7 +15,7 @@ REGISTRY_USER="admin"
|
||||
REGISTRY_PASSWORD="Wooo_Registry_2026"
|
||||
|
||||
# Telegram
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
|
||||
# 日誌
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
set -e
|
||||
|
||||
LOG_FILE="/var/log/momo_startup.log"
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
|
||||
log() {
|
||||
|
||||
@@ -21,7 +21,7 @@ DB_NAME="momo_analytics"
|
||||
DB_USER="momo"
|
||||
|
||||
# Telegram 通知
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
|
||||
# 暫存目錄
|
||||
|
||||
@@ -35,7 +35,7 @@ SCHEDULER_CONTAINER="momo-scheduler"
|
||||
HARBOR_DIR="/home/wooo/devops/harbor/harbor"
|
||||
|
||||
# Telegram 配置
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
|
||||
# 超時設定(秒)
|
||||
|
||||
@@ -15,7 +15,7 @@ StandardOutput=journal
|
||||
StandardError=journal
|
||||
|
||||
# 環境變數(可選,用於 Telegram 通知)
|
||||
Environment="TELEGRAM_BOT_TOKEN=8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
Environment="TELEGRAM_BOT_TOKEN=<TELEGRAM_BOT_TOKEN>"
|
||||
Environment="TELEGRAM_CHAT_ID=5619078117"
|
||||
|
||||
[Install]
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
# ==========================================================
|
||||
|
||||
LOG_FILE="/var/log/momo_startup.log"
|
||||
TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN:-8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg}"
|
||||
TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN:-<TELEGRAM_BOT_TOKEN>}"
|
||||
TELEGRAM_CHAT_ID="${TELEGRAM_CHAT_ID:-5619078117}"
|
||||
|
||||
log() {
|
||||
|
||||
@@ -10,7 +10,7 @@ set -e
|
||||
|
||||
# 配置
|
||||
LOG_FILE="/var/log/momo_startup.log"
|
||||
TELEGRAM_BOT_TOKEN="8075645931:AAH-EGKMo8ZC4QJs-Nc1_0s92xHrGdQvdpg"
|
||||
TELEGRAM_BOT_TOKEN="<TELEGRAM_BOT_TOKEN>"
|
||||
TELEGRAM_CHAT_ID="5619078117"
|
||||
|
||||
# 顏色輸出
|
||||
|
||||
@@ -1126,6 +1126,7 @@ def _call_ollama_strategy(
|
||||
timeout=timeout_s,
|
||||
keep_alive=OPENCLAW_STRATEGY_OLLAMA_KEEP_ALIVE,
|
||||
options={"num_predict": predict},
|
||||
allow_111_fallback=False,
|
||||
)
|
||||
ctx.set_provider(get_provider_tag(resp.host or ""))
|
||||
ctx.set_model(resp.model or model)
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
"""Gemini fallback kill-switch contract."""
|
||||
|
||||
import re
|
||||
import subprocess
|
||||
from pathlib import Path
|
||||
|
||||
from services.ai_provider import AIProviderService, AIResponse
|
||||
@@ -24,6 +25,25 @@ def _rel(path: Path) -> str:
|
||||
return path.relative_to(ROOT).as_posix()
|
||||
|
||||
|
||||
def _tracked_text_files():
|
||||
result = subprocess.run(
|
||||
["git", "ls-files", "-z"],
|
||||
cwd=ROOT,
|
||||
check=True,
|
||||
capture_output=True,
|
||||
)
|
||||
for raw in result.stdout.split(b"\0"):
|
||||
if not raw:
|
||||
continue
|
||||
path = ROOT / raw.decode("utf-8")
|
||||
if path.is_file():
|
||||
try:
|
||||
path.read_text(encoding="utf-8")
|
||||
except UnicodeDecodeError:
|
||||
continue
|
||||
yield path
|
||||
|
||||
|
||||
def test_gemini_guard_defaults_disabled(monkeypatch):
|
||||
from services.gemini_guard import get_gemini_api_key, is_gemini_fallback_enabled
|
||||
|
||||
@@ -175,3 +195,51 @@ def test_gemini_outbound_files_are_guarded():
|
||||
|
||||
assert offenders == []
|
||||
assert unguarded == []
|
||||
|
||||
|
||||
def test_tracked_secret_manifests_do_not_contain_live_credentials():
|
||||
tracked_secret_files = list(ROOT.joinpath("k8s").rglob("*.yaml"))
|
||||
legacy_secret = ROOT / "k8s 2" / "03-secrets.yaml"
|
||||
if legacy_secret.exists():
|
||||
tracked_secret_files.append(legacy_secret)
|
||||
|
||||
live_secret_patterns = {
|
||||
"Google API key": re.compile(r"AIza[0-9A-Za-z_-]{20,}"),
|
||||
"Telegram bot token": re.compile(r"\d{8,12}:[A-Za-z0-9_-]{30,}"),
|
||||
"LINE token": re.compile(r"[A-Za-z0-9+/=]{80,}"),
|
||||
"hardcoded password": re.compile(
|
||||
r"(POSTGRES_PASSWORD|LOGIN_PASSWORD|APP_PASSWORD|SECRET_KEY):\s*"
|
||||
r"['\"](?!<)[^'\"]{6,}['\"]"
|
||||
),
|
||||
"inline URL password": re.compile(r"://[^:\s/]+:(?!<)[^@\s]+@"),
|
||||
}
|
||||
offenders = []
|
||||
|
||||
for path in tracked_secret_files:
|
||||
text = path.read_text(encoding="utf-8")
|
||||
for label, pattern in live_secret_patterns.items():
|
||||
if pattern.search(text):
|
||||
offenders.append(f"{path.relative_to(ROOT).as_posix()}: {label}")
|
||||
|
||||
assert offenders == []
|
||||
|
||||
|
||||
def test_tracked_text_files_do_not_contain_known_live_tokens():
|
||||
live_token_patterns = {
|
||||
"Google API key": re.compile(r"AIza[0-9A-Za-z_-]{20,}"),
|
||||
"Google OAuth access token": re.compile(r"ya29\.[0-9A-Za-z_-]{20,}"),
|
||||
"Google OAuth refresh token": re.compile(r"1//0[0-9A-Za-z_-]{20,}"),
|
||||
"Google OAuth client secret": re.compile(r"GOCSPX-[0-9A-Za-z_-]{12,}"),
|
||||
"Telegram bot token": re.compile(r"\d{8,12}:[A-Za-z0-9_-]{30,}"),
|
||||
"Ollama cloud API key": re.compile(r"\b[0-9a-f]{32}\.[A-Za-z0-9_-]{12,}\b"),
|
||||
"Superset default password": re.compile(r"Wooo_Superset_\d{4}"),
|
||||
}
|
||||
offenders = []
|
||||
|
||||
for path in _tracked_text_files():
|
||||
text = path.read_text(encoding="utf-8")
|
||||
for label, pattern in live_token_patterns.items():
|
||||
if pattern.search(text):
|
||||
offenders.append(f"{_rel(path)}: {label}")
|
||||
|
||||
assert offenders == []
|
||||
|
||||
@@ -274,6 +274,25 @@ class TestOpenClawReportRouting:
|
||||
assert result == "Ollama 報告內容足夠完整"
|
||||
assert calls == [("ollama", "openclaw_weekly")]
|
||||
|
||||
def test_report_llm_disables_111_for_long_strategy_reports(self, monkeypatch, reset_state):
|
||||
FakeOllamaService, _fake_resp = _stub_ollama_generate(
|
||||
monkeypatch,
|
||||
content="OpenClaw 報告內容足夠完整,並且只允許 GCP-A/GCP-B 承接長報告。",
|
||||
)
|
||||
|
||||
result = svc._call_ollama_strategy(
|
||||
"system",
|
||||
"user",
|
||||
temperature=0.3,
|
||||
caller="openclaw_meta",
|
||||
num_predict=3072,
|
||||
)
|
||||
|
||||
assert result.startswith("OpenClaw 報告內容")
|
||||
assert FakeOllamaService.instances
|
||||
call_kwargs = FakeOllamaService.instances[-1].generate_calls[-1]
|
||||
assert call_kwargs["allow_111_fallback"] is False
|
||||
|
||||
def test_report_llm_gemini_is_suffix_fallback_only(self, monkeypatch):
|
||||
monkeypatch.setenv("GEMINI_API_HARD_DISABLED", "false")
|
||||
monkeypatch.setenv("GEMINI_FALLBACK_ENABLED", "true")
|
||||
|
||||
Reference in New Issue
Block a user