feat(argocd-mcp): 啟用 ArgoCD MCP Provider + token 注入流程
Some checks failed
CD Pipeline / build-and-deploy (push) Has been cancelled
Some checks failed
CD Pipeline / build-and-deploy (push) Has been cancelled
- config.py: ARGOCD_URL → https://192.168.0.125:30443(實際 HTTPS NodePort) - config.py: ARGOCD_MCP_ENABLED=True + SENTRY_MCP_ENABLED=True(預設啟用) - cd.yaml: 新增 ARGOCD_API_TOKEN Gitea Secret → K8s Secret 注入步驟 - K8s: ARGOCD_API_TOKEN 已手動注入 awoooi-secrets + API pods 已 rollout restart - ArgoCD: 已開啟 admin account apiKey capability Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -230,6 +230,8 @@ jobs:
|
||||
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
|
||||
# ADR-059 2026-04-05: Gitea Webhook Secret (GITEA_ 前綴為保留字,改用 AWOOOI_ 前綴)
|
||||
GITEA_WEBHOOK_SECRET: ${{ secrets.AWOOOI_GITEA_WEBHOOK_SECRET }}
|
||||
# MCP Phase 3: ArgoCD API Token (2026-04-11 Claude Sonnet 4.6)
|
||||
ARGOCD_API_TOKEN: ${{ secrets.ARGOCD_API_TOKEN }}
|
||||
run: |
|
||||
# S1/S2: 統一命名 deploy_key,改用 ssh-keyscan(比 StrictHostKeyChecking=no 更安全)
|
||||
mkdir -p ~/.ssh
|
||||
@@ -301,6 +303,15 @@ jobs:
|
||||
echo "⚠️ GITEA_WEBHOOK_SECRET 未設定,Gitea Webhook 簽章驗證將在 prod 失效"
|
||||
fi
|
||||
|
||||
# MCP Phase 3: ArgoCD API Token (2026-04-11 Claude Sonnet 4.6)
|
||||
if [ -n "${ARGOCD_API_TOKEN}" ]; then
|
||||
sudo kubectl patch secret awoooi-secrets -n awoooi-prod --type='json' -p='[
|
||||
{"op":"add","path":"/data/ARGOCD_API_TOKEN","value":"'$(echo -n "${ARGOCD_API_TOKEN}" | base64 -w 0)'"}
|
||||
]' && echo "✅ ARGOCD_API_TOKEN 已注入" || echo "⚠️ ARGOCD_API_TOKEN patch 失敗"
|
||||
else
|
||||
echo "⚠️ ARGOCD_API_TOKEN 未設定,ArgoCD MCP 將使用空 token"
|
||||
fi
|
||||
|
||||
# 2026-04-06 Claude Code: Sprint 3 T2 — known_hosts Secret (Security Fix A1)
|
||||
# 替換 StrictHostKeyChecking=no,讓 SSH 修復路徑使用已知主機指紋
|
||||
ssh-keyscan -H 192.168.0.110 > /tmp/known_hosts_repair 2>/dev/null
|
||||
|
||||
@@ -542,22 +542,22 @@ class Settings(BaseSettings):
|
||||
# MCP Phase 3: ArgoCD MCP Server (2026-04-11 Claude Sonnet 4.6)
|
||||
# ==========================================================================
|
||||
ARGOCD_URL: str = Field(
|
||||
default="http://192.168.0.125:32080",
|
||||
description="ArgoCD API Server URL(K3s NodePort)",
|
||||
default="https://192.168.0.125:30443",
|
||||
description="ArgoCD API Server URL(K3s NodePort HTTPS)",
|
||||
)
|
||||
ARGOCD_API_TOKEN: str = Field(
|
||||
default="",
|
||||
description="ArgoCD API Token(從 K8s Secret 取得)",
|
||||
)
|
||||
ARGOCD_MCP_ENABLED: bool = Field(
|
||||
default=False,
|
||||
default=True,
|
||||
description="啟用 ArgoCD MCP Provider(需 ARGOCD_API_TOKEN)",
|
||||
)
|
||||
|
||||
# MCP Phase 3: Sentry MCP Server (2026-04-11 Claude Sonnet 4.6)
|
||||
# ==========================================================================
|
||||
SENTRY_MCP_ENABLED: bool = Field(
|
||||
default=False,
|
||||
default=True,
|
||||
description="啟用 Sentry MCP Provider(需 SENTRY_AUTH_TOKEN)",
|
||||
)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user