fix(cd): keep telegram coverage on controlled profile
All checks were successful
CD Pipeline / workflow-shape (push) Successful in 1s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 1m1s
CD Pipeline / build-and-deploy (push) Successful in 4m33s
CD Pipeline / post-deploy-checks (push) Successful in 1m45s

This commit is contained in:
Your Name
2026-07-02 22:34:59 +08:00
parent fb86e2d373
commit 6d1edf666c
3 changed files with 39 additions and 0 deletions

View File

@@ -474,6 +474,8 @@ jobs:
;;
apps/api/src/services/telegram_alert_ai_automation_matrix.py)
;;
apps/api/src/services/telegram_alert_monitoring_coverage_readback.py)
;;
apps/api/src/services/telegram_gateway.py)
;;
apps/api/tests/test_agent_replay_normalizer.py)
@@ -552,6 +554,8 @@ jobs:
;;
apps/api/tests/test_telegram_alert_ai_automation_matrix_api.py)
;;
apps/api/tests/test_telegram_alert_monitoring_coverage_readback_api.py)
;;
apps/api/tests/e2e_network_test.py)
;;
apps/api/tests/test_p0_cicd_baseline_source_readiness_api.py)
@@ -905,6 +909,7 @@ jobs:
src/services/product_awoooi_manifest_standard.py \
src/services/platform_operator_service.py \
src/services/telegram_alert_ai_automation_matrix.py \
src/services/telegram_alert_monitoring_coverage_readback.py \
src/services/telegram_gateway.py
python3.11 -m py_compile \
../../scripts/reboot-recovery/dr-escrow-evidence-checklist.py \
@@ -1005,6 +1010,7 @@ jobs:
tests/test_awoooi_priority_work_order_readback_api.py \
tests/test_alertmanager_webhook_metrics.py \
tests/test_telegram_alert_ai_automation_matrix_api.py \
tests/test_telegram_alert_monitoring_coverage_readback_api.py \
tests/e2e_network_test.py::TestHMACVerification::test_valid_hmac_signature \
tests/test_p0_cicd_baseline_source_readiness_api.py \
tests/test_product_awoooi_manifest_standard_api.py \

View File

@@ -53381,3 +53381,24 @@ production browser smoke:
**下一步**
- commit / push 到 Gitea main等 CD / deploy marker 後,正式讀 `/api/v1/agents/telegram-alert-monitoring-coverage-readback`,再依 active blockers 推 metadata-only live receipt ingestion、貼標、分群與 KM / RAG / MCP / PlayBook context writeback。
## 2026-07-02 — Telegram monitoring coverage CD profile 修正
**完成內容**
- Gitea CD `#4462` 讀回 `fb86e2d37` 被 changed-file classifier 誤送 `full` profile實際失敗點是 `BLOCKER b5_docker_socket_unavailable`,不是 Telegram monitoring coverage API / UI 測試失敗。
- `.gitea/workflows/cd.yaml` 已把 `telegram_alert_monitoring_coverage_readback.py``test_telegram_alert_monitoring_coverage_readback_api.py` 納入 controlled-runtime source allowlist、`py_compile` 與 focused pytest 清單,避免 narrow Telegram coverage patch 再落入 B5 Docker/socket DB lane。
- `ops/runner/test_cd_controlled_runtime_profile.py` 新增回歸測試,固定 Telegram monitoring coverage 來源必須留在 controlled-runtime profile。
**本地驗證結果**
- `python3.11 -m pytest ops/runner/test_cd_controlled_runtime_profile.py -q -p no:cacheprovider``48 passed`
- `python3.11 -c "import yaml; yaml.safe_load(open('.gitea/workflows/cd.yaml', encoding='utf-8')); print('cd yaml ok')"`:通過。
- `python3 ops/runner/guard-gitea-runner-pressure.py --root .``GITEA_RUNNER_PRESSURE_GUARD_OK workflow_files=12 scheduled_workflows=4 auto_branch_events_on_110=0 generic_runner_labels=0`
- `git diff --check`:通過。
**仍維持**
- 沒有讀 secret / runner token / `.runner` 內容 / `.env` / raw sessions / SQLite / auth。
- 沒有使用 GitHub / gh / GitHub API / GitHub Actions。
- 沒有重啟主機,沒有 Docker / Nginx / K3s / DB / firewall restart沒有 workflow_dispatch沒有 DROP / TRUNCATE / restore / prune。
**下一步**
- commit / push 到 Gitea main讀回新 CDdeploy marker 出現後驗證 `/api/v1/agents/telegram-alert-monitoring-coverage-readback` 與 AwoooP Runs / Work Items / Alerts shared panel。

View File

@@ -254,6 +254,18 @@ def test_telegram_alert_ai_automation_matrix_stays_on_controlled_runtime_profile
assert source in text
def test_telegram_alert_monitoring_coverage_stays_on_controlled_runtime_profile() -> None:
text = _workflow_text()
expected_sources = [
"apps/api/src/services/telegram_alert_monitoring_coverage_readback.py)",
"apps/api/tests/test_telegram_alert_monitoring_coverage_readback_api.py)",
"src/services/telegram_alert_monitoring_coverage_readback.py",
"tests/test_telegram_alert_monitoring_coverage_readback_api.py",
]
for source in expected_sources:
assert source in text
def test_alertmanager_webhook_metrics_stays_on_controlled_runtime_profile() -> None:
text = _workflow_text()
expected_sources = [