Refactor Telegram workflow for custom message broadcast

[TheFeloniousMonk]

Moved API key to secrets, and added error checking.

Summary

< One line summary>

You can use the following as input for an LLM of your choice to autogenerate a summary (ignoring any additional files needed):

git --no-pager diff main  -- ':!*.pb.go' ':!*.json' ':!*.yaml' ':!*.yml' ':!*.gif' ':!*.lock' | diff2html -s side --format json -i stdin -o stdout | pbcopy

Primary Changes:

• < Change 1 >
• < Change 2 >

Secondary Changes:

• < Change 1 >
• < Change 2 >

Issue

• Issue_or_PR: #{ISSUE_OR_PR_NUMBER}

Type of change

Select one or more from the following:

• New feature, functionality or library
• Bug fix
• Code health or cleanup
• Documentation
• Other (specify)

Sanity Checklist

• I have updated the GitHub Issue Metadata: assignees, reviewers, labels, project, iteration and milestone
• For docs: make docusaurus_start
• For small changes: make go_develop_and_test and make test_e2e
• For major changes: devnet-test-e2e label to run E2E tests in CI
• For migration changes: make test_e2e_oneshot
• 'TODO's, configurations and other docs

[Copilot]

Pull request overview

Refactors the GitHub Actions Telegram workflow to broadcast a manually-entered message, moving the bot token/chat IDs to GitHub Secrets and adding basic API-response error checking.

Changes:

• Switched the Telegram workflow trigger to workflow_dispatch with a single message input.
• Replaced hardcoded bot token and chat IDs with TELEGRAM_BOT_TOKEN / TELEGRAM_CHAT_IDS secrets (comma-separated list).
• Added basic response checking and fails the job if any send fails.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The error detection treats any response that does not contain '"ok":false' as success. If curl returns a non-JSON body (proxy error/HTML), an empty response, or a JSON error formatted differently, this can be reported as success. Consider checking the HTTP status/curl exit code and positively validating success (e.g., parse JSON and require ok == true).

Suggested change

	# Check if the Telegram API returned an error
	if echo "$RESPONSE" | grep -q '"ok":false'; then
	echo "Error sending to $chat_id: $RESPONSE"
	return 1
	else
	echo "Success: Message sent to $chat_id"
	CURL_EXIT_CODE=$?
	# First, check if curl itself failed
	if [ "$CURL_EXIT_CODE" -ne 0 ]; then
	echo "Error sending to $chat_id: curl exited with code $CURL_EXIT_CODE"
	return 1
	fi
	# Then, positively validate that the Telegram API returned ok == true
	if echo "$RESPONSE" | jq -e '.ok == true' > /dev/null 2>&1; then
	echo "Success: Message sent to $chat_id"
	else
	echo "Error sending to $chat_id: $RESPONSE"
	return 1

[Copilot]

id=$(echo $id | xargs) should quote $id to avoid word-splitting/globbing surprises. Using a quoted expansion here makes the trimming robust even if the secret contains unexpected whitespace or characters.

Suggested change

	id=$(echo $id | xargs)
	id=$(echo "$id" | xargs)

[Copilot]

On failure this logs the full Telegram API response ($RESPONSE). Telegram responses can include the message text and chat details, which may be sensitive in GitHub Actions logs. Consider logging only the error description/code (or a redacted subset) instead of the entire response body.

Suggested change

	echo "Error sending to $chat_id: $RESPONSE"
	error_code=$(echo "$RESPONSE" | sed -n 's/.*"error_code":\([0-9]*\).*/\1/p')
	description=$(echo "$RESPONSE" | sed -n 's/.*"description":"\([^"]*\)".*/\1/p')
	echo "Error sending to $chat_id: code=${error_code:-unknown}, description=${description:-unavailable}"

[Copilot]

This workflow now has the same name: as .github/workflows/telegram-broadcast.yml (“Telegram Broadcast Custom Message”). In the GitHub Actions UI this makes it hard to distinguish which workflow ran. Consider giving each workflow a distinct name (e.g., one for the dispatcher UI entrypoint vs the reusable sender).

Suggested change

	name: Telegram Broadcast Custom Message
	name: Telegram Send Custom Message

[Copilot]

There’s no guard for missing/empty TELEGRAM_BOT_TOKEN or TELEGRAM_CHAT_IDS. If either secret is unset/empty, the script may attempt requests with an invalid token or an empty chat id, making failures harder to diagnose. Consider adding an explicit early check that both are set and non-empty, and fail with a clear message if not.

[Copilot]

This workflow was converted from a reusable workflow_call to workflow_dispatch and its inputs (parse_mode, test_mode) were removed. However, .github/workflows/telegram-broadcast.yml still calls this file via uses: ./.github/workflows/telegram-send-message.yml and passes parse_mode/test_mode, which requires this workflow to expose on: workflow_call with matching inputs. As-is, that caller workflow will fail to load/run. Consider restoring workflow_call (and inputs), or updating/removing the caller workflow accordingly.

[Copilot]

MESSAGE is sourced from ${{ github.event.inputs.message }}, which works for workflow_dispatch but will not work if this workflow is invoked as a reusable workflow (workflow_call). Using ${{ inputs.message }} is compatible with both patterns and avoids tying the implementation to the event payload shape.