diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml index b667ea41..21f60526 100644 --- a/.gitea/workflows/cd.yaml +++ b/.gitea/workflows/cd.yaml @@ -230,6 +230,8 @@ jobs: SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} # ADR-059 2026-04-05: Gitea Webhook Secret (GITEA_ 前綴為保留字,改用 AWOOOI_ 前綴) GITEA_WEBHOOK_SECRET: ${{ secrets.AWOOOI_GITEA_WEBHOOK_SECRET }} + # MCP Phase 3: ArgoCD API Token (2026-04-11 Claude Sonnet 4.6) + ARGOCD_API_TOKEN: ${{ secrets.ARGOCD_API_TOKEN }} run: | # S1/S2: 統一命名 deploy_key,改用 ssh-keyscan(比 StrictHostKeyChecking=no 更安全) mkdir -p ~/.ssh @@ -301,6 +303,15 @@ jobs: echo "⚠️ GITEA_WEBHOOK_SECRET 未設定,Gitea Webhook 簽章驗證將在 prod 失效" fi + # MCP Phase 3: ArgoCD API Token (2026-04-11 Claude Sonnet 4.6) + if [ -n "${ARGOCD_API_TOKEN}" ]; then + sudo kubectl patch secret awoooi-secrets -n awoooi-prod --type='json' -p='[ + {"op":"add","path":"/data/ARGOCD_API_TOKEN","value":"'$(echo -n "${ARGOCD_API_TOKEN}" | base64 -w 0)'"} + ]' && echo "✅ ARGOCD_API_TOKEN 已注入" || echo "⚠️ ARGOCD_API_TOKEN patch 失敗" + else + echo "⚠️ ARGOCD_API_TOKEN 未設定,ArgoCD MCP 將使用空 token" + fi + # 2026-04-06 Claude Code: Sprint 3 T2 — known_hosts Secret (Security Fix A1) # 替換 StrictHostKeyChecking=no,讓 SSH 修復路徑使用已知主機指紋 ssh-keyscan -H 192.168.0.110 > /tmp/known_hosts_repair 2>/dev/null diff --git a/apps/api/src/core/config.py b/apps/api/src/core/config.py index 43d37971..a3058458 100644 --- a/apps/api/src/core/config.py +++ b/apps/api/src/core/config.py @@ -542,22 +542,22 @@ class Settings(BaseSettings): # MCP Phase 3: ArgoCD MCP Server (2026-04-11 Claude Sonnet 4.6) # ========================================================================== ARGOCD_URL: str = Field( - default="http://192.168.0.125:32080", - description="ArgoCD API Server URL(K3s NodePort)", + default="https://192.168.0.125:30443", + description="ArgoCD API Server URL(K3s NodePort HTTPS)", ) ARGOCD_API_TOKEN: str = Field( default="", description="ArgoCD API Token(從 K8s Secret 取得)", ) ARGOCD_MCP_ENABLED: bool = Field( - default=False, + default=True, description="啟用 ArgoCD MCP Provider(需 ARGOCD_API_TOKEN)", ) # MCP Phase 3: Sentry MCP Server (2026-04-11 Claude Sonnet 4.6) # ========================================================================== SENTRY_MCP_ENABLED: bool = Field( - default=False, + default=True, description="啟用 Sentry MCP Provider(需 SENTRY_AUTH_TOKEN)", )