fix(cd): keep telegram egress cleanup controlled
All checks were successful
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 51s
CD Pipeline / build-and-deploy (push) Successful in 4m25s
CD Pipeline / post-deploy-checks (push) Successful in 1m21s
All checks were successful
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 51s
CD Pipeline / build-and-deploy (push) Successful in 4m25s
CD Pipeline / post-deploy-checks (push) Successful in 1m21s
This commit is contained in:
@@ -261,12 +261,24 @@ jobs:
|
||||
;;
|
||||
docs/awooop/TELEGRAM-INCIDENT-NOTIFICATION-MODEL.md)
|
||||
;;
|
||||
docs/security/TELEGRAM-NOTIFICATION-EGRESS-INVENTORY.md)
|
||||
;;
|
||||
docs/security/TELEGRAM-NOTIFICATION-EGRESS-MIGRATION-PLAN-DRAFT.md)
|
||||
;;
|
||||
docs/security/TELEGRAM-NOTIFICATION-EGRESS-NO-NEW-BYPASS-GUARD.md)
|
||||
;;
|
||||
docs/security/TELEGRAM-NOTIFICATION-EGRESS-OWNER-REQUEST-DRAFT.md)
|
||||
;;
|
||||
docs/security/TELEGRAM-NOTIFICATION-EGRESS-OWNER-RESPONSE-ACCEPTANCE.md)
|
||||
;;
|
||||
docs/security/telegram-notification-egress-inventory.snapshot.json)
|
||||
;;
|
||||
docs/security/telegram-notification-egress-owner-request-draft.snapshot.json)
|
||||
;;
|
||||
docs/security/telegram-notification-egress-migration-plan-draft.snapshot.json)
|
||||
;;
|
||||
docs/security/telegram-notification-egress-no-new-bypass-guard.snapshot.json)
|
||||
;;
|
||||
docs/security/telegram-notification-egress-owner-response-acceptance.snapshot.json)
|
||||
;;
|
||||
docs/workplans/2026-06-04-reboot-cold-start-backup-recovery-workplan.md)
|
||||
@@ -593,10 +605,16 @@ jobs:
|
||||
;;
|
||||
scripts/ops/backup-alert-label-contract-check.py)
|
||||
;;
|
||||
scripts/ops/backup-from-110.sh)
|
||||
;;
|
||||
scripts/ops/backup-health-textfile-exporter.py)
|
||||
;;
|
||||
scripts/ops/docker-disk-pressure-retention-cleanup.py)
|
||||
;;
|
||||
scripts/ops/docker-health-monitor.sh)
|
||||
;;
|
||||
scripts/ops/dr-drill.sh)
|
||||
;;
|
||||
scripts/ops/gitea-queue-hook-backlog-playbook.py)
|
||||
;;
|
||||
scripts/ops/host-runaway-process-exporter.py)
|
||||
@@ -605,6 +623,10 @@ jobs:
|
||||
;;
|
||||
scripts/ops/host-sustained-load-evidence.py)
|
||||
;;
|
||||
scripts/ops/notify-awoooi-ops.sh)
|
||||
;;
|
||||
scripts/ops/pg-backup.sh)
|
||||
;;
|
||||
scripts/ops/tests/test_backup_health_textfile_exporter.py)
|
||||
;;
|
||||
scripts/ops/tests/test_docker_disk_pressure_retention_cleanup.py)
|
||||
@@ -709,6 +731,12 @@ jobs:
|
||||
;;
|
||||
scripts/security/gitea-authenticated-inventory-payload-validator.py)
|
||||
;;
|
||||
scripts/security/security-mirror-progress-guard.py)
|
||||
;;
|
||||
scripts/security/telegram-notification-egress-no-new-bypass-guard.py)
|
||||
;;
|
||||
scripts/security/telegram-notification-egress-owner-response-acceptance.py)
|
||||
;;
|
||||
scripts/security/tests/test_gitea_private_inventory_p0_scorecard.py)
|
||||
;;
|
||||
scripts/security/tests/test_gitea_authenticated_inventory_payload_validator.py)
|
||||
@@ -866,7 +894,10 @@ jobs:
|
||||
../../scripts/ops/host-sustained-load-controller.py \
|
||||
../../scripts/ops/host-sustained-load-evidence.py \
|
||||
../../scripts/security/gitea-private-inventory-p0-scorecard.py \
|
||||
../../scripts/security/gitea-authenticated-inventory-payload-validator.py
|
||||
../../scripts/security/gitea-authenticated-inventory-payload-validator.py \
|
||||
../../scripts/security/security-mirror-progress-guard.py \
|
||||
../../scripts/security/telegram-notification-egress-no-new-bypass-guard.py \
|
||||
../../scripts/security/telegram-notification-egress-owner-response-acceptance.py
|
||||
python3.11 -c "import yaml; yaml.safe_load(open('../../ops/monitoring/alerts-unified.yml')); print('alerts-unified YAML OK')"
|
||||
python3.11 -c "import yaml; yaml.safe_load(open('../../ops/monitoring/alerts.yml')); print('alerts YAML OK')"
|
||||
python3.11 -c "import yaml; yaml.safe_load(open('../../ops/reboot-recovery/full-stack-cold-start-baseline.yml')); print('full-stack-cold-start-baseline YAML OK')"
|
||||
@@ -899,7 +930,12 @@ jobs:
|
||||
../../scripts/reboot-recovery/apply-credential-escrow-closeout-receipt-to-110.sh \
|
||||
../../scripts/backup/backup-awoooi-frequent.sh \
|
||||
../../scripts/backup/backup-status.sh \
|
||||
../../scripts/backup/gitea-repo-bundle-backup.sh
|
||||
../../scripts/backup/gitea-repo-bundle-backup.sh \
|
||||
../../scripts/ops/backup-from-110.sh \
|
||||
../../scripts/ops/docker-health-monitor.sh \
|
||||
../../scripts/ops/dr-drill.sh \
|
||||
../../scripts/ops/notify-awoooi-ops.sh \
|
||||
../../scripts/ops/pg-backup.sh
|
||||
bash -n ../../scripts/reboot-recovery/apply-credential-escrow-closeout-receipt-to-110.sh
|
||||
DATABASE_URL="${DATABASE_URL:-postgresql+asyncpg://ci:ci@localhost/ci}" \
|
||||
PYTHONFAULTHANDLER=1 python3.11 -m pytest \
|
||||
|
||||
@@ -189,9 +189,15 @@ def test_telegram_alert_ai_automation_matrix_stays_on_controlled_runtime_profile
|
||||
text = _workflow_text()
|
||||
expected_sources = [
|
||||
"docs/awooop/TELEGRAM-INCIDENT-NOTIFICATION-MODEL.md)",
|
||||
"docs/security/TELEGRAM-NOTIFICATION-EGRESS-INVENTORY.md)",
|
||||
"docs/security/TELEGRAM-NOTIFICATION-EGRESS-MIGRATION-PLAN-DRAFT.md)",
|
||||
"docs/security/TELEGRAM-NOTIFICATION-EGRESS-NO-NEW-BYPASS-GUARD.md)",
|
||||
"docs/security/TELEGRAM-NOTIFICATION-EGRESS-OWNER-REQUEST-DRAFT.md)",
|
||||
"docs/security/TELEGRAM-NOTIFICATION-EGRESS-OWNER-RESPONSE-ACCEPTANCE.md)",
|
||||
"docs/security/telegram-notification-egress-inventory.snapshot.json)",
|
||||
"docs/security/telegram-notification-egress-owner-request-draft.snapshot.json)",
|
||||
"docs/security/telegram-notification-egress-migration-plan-draft.snapshot.json)",
|
||||
"docs/security/telegram-notification-egress-no-new-bypass-guard.snapshot.json)",
|
||||
"docs/security/telegram-notification-egress-owner-response-acceptance.snapshot.json)",
|
||||
"apps/api/src/services/channel_hub.py)",
|
||||
"apps/api/src/services/telegram_alert_ai_automation_matrix.py)",
|
||||
@@ -199,12 +205,28 @@ def test_telegram_alert_ai_automation_matrix_stays_on_controlled_runtime_profile
|
||||
"apps/api/tests/test_ai_agent_report_truth_actionability_review.py)",
|
||||
"apps/api/tests/test_ai_agent_report_truth_actionability_review_api.py)",
|
||||
"apps/api/tests/test_telegram_alert_ai_automation_matrix_api.py)",
|
||||
"scripts/ops/backup-from-110.sh)",
|
||||
"scripts/ops/docker-health-monitor.sh)",
|
||||
"scripts/ops/dr-drill.sh)",
|
||||
"scripts/ops/notify-awoooi-ops.sh)",
|
||||
"scripts/ops/pg-backup.sh)",
|
||||
"scripts/security/security-mirror-progress-guard.py)",
|
||||
"scripts/security/telegram-notification-egress-no-new-bypass-guard.py)",
|
||||
"scripts/security/telegram-notification-egress-owner-response-acceptance.py)",
|
||||
"src/services/channel_hub.py",
|
||||
"src/services/telegram_alert_ai_automation_matrix.py",
|
||||
"tests/test_channel_hub_grouped_alert_events.py",
|
||||
"tests/test_ai_agent_report_truth_actionability_review.py",
|
||||
"tests/test_ai_agent_report_truth_actionability_review_api.py",
|
||||
"tests/test_telegram_alert_ai_automation_matrix_api.py",
|
||||
"../../scripts/security/security-mirror-progress-guard.py",
|
||||
"../../scripts/security/telegram-notification-egress-no-new-bypass-guard.py",
|
||||
"../../scripts/security/telegram-notification-egress-owner-response-acceptance.py",
|
||||
"../../scripts/ops/backup-from-110.sh",
|
||||
"../../scripts/ops/docker-health-monitor.sh",
|
||||
"../../scripts/ops/dr-drill.sh",
|
||||
"../../scripts/ops/notify-awoooi-ops.sh",
|
||||
"../../scripts/ops/pg-backup.sh",
|
||||
]
|
||||
for source in expected_sources:
|
||||
assert source in text
|
||||
|
||||
Reference in New Issue
Block a user