From 724be69c76d0304b94911008254bd8299a804e64 Mon Sep 17 00:00:00 2001
From: kurihada <kurihada@qq.com>
Date: Tue, 3 Mar 2026 12:12:17 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20Jenkinsfile=20=E4=B8=AD?=
 =?UTF-8?q?=E6=95=8F=E6=84=9F=E4=BF=A1=E6=81=AF=E7=A1=AC=E7=BC=96=E7=A0=81?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Jenkinsfile                 | 4 ++--
 PROJECT_AUDIT_2026-03-03.md | 7 ++++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index a28a884..4ed2f00 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -3,12 +3,12 @@ pipeline {
 
     environment {
         APP_NAME      = 'no-whatever'
-        AMAP_KEY      = '7f6be40a6de3f7fbb7bc3f825b67573b'
+        AMAP_KEY      = credentials('amap-api-key')
         DEEPSEEK_KEY  = credentials('deepseek-api-key')
     }
 
     triggers {
-        GenericTrigger(token: 'no-whatever-deploy')
+        GenericTrigger(tokenCredentialId: 'no-whatever-deploy-token')
     }
 
     stages {
diff --git a/PROJECT_AUDIT_2026-03-03.md b/PROJECT_AUDIT_2026-03-03.md
index 3fff449..b3a253e 100644
--- a/PROJECT_AUDIT_2026-03-03.md
+++ b/PROJECT_AUDIT_2026-03-03.md
@@ -83,7 +83,12 @@
   - 客户端统一返回泛化错误文案；
   - 详细错误仅记录在服务端日志（可加 requestId 关联）。
 
-### P1-3 CI 配置中存在敏感信息硬编码
+### P1-3 CI 配置中存在敏感信息硬编码【已完成】
+- 修复状态：✅ 已完成（2026-03-03）
+- 修复内容：
+  - `Jenkinsfile` 中地图 key 改为 `credentials('amap-api-key')`；
+  - Webhook 触发 token 改为 `tokenCredentialId` 方式读取凭据；
+  - 消除源码内硬编码敏感值。
 - 证据：
   - `Jenkinsfile:6`（地图 key 常量）
   - `Jenkinsfile:11`（固定触发 token）