awoooi/.gitea/workflows/deploy-alerts.yaml at 7d2128b53cd41ee1a3823438a0285b94f3384146

wooo/awoooi

Fork 0

Files

Your Name 9f2974f4c5

Code Review / ai-code-review (push) Failing after 10s

Details

fix(ci): guard gitea workflow secret surfaces

2026-05-18 09:39:13 +08:00

73 lines

2.7 KiB

YAML

Raw Blame History

 # =============================================================================
 # Deploy Prometheus Alert Rules (獨立 workflow)
 # 2026-04-05 Claude Code (ADR-039 I3): 從 cd.yaml 分離
 # 觸發條件: ops/monitoring/alerts-unified.yml / slo-rules.yml 有變更 或 workflow_dispatch
 # 說明: 告警規則部署不依賴應用構建，獨立觸發以加快響應速度
 # =============================================================================
 name: Deploy Alert Rules
 on:
   push:
     branches: [main]
     paths:
       - 'ops/monitoring/alerts-unified.yml'
       - 'ops/monitoring/slo-rules.yml'
       - 'scripts/ops/deploy-alerts.sh'
   workflow_dispatch:
 env:
   TELEGRAM_ALERT_CHAT_ID: "-1003711974679"
 jobs:
   deploy-alerts:
     name: "Deploy Prometheus Alert Rules"
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v4
       - name: Validate alerts YAML
         # 2026-04-08 Claude Sonnet 4.6: pip install pyyaml 確保 runner 有此依賴
         run: |
           pip3 install -q pyyaml 2>/dev/null || pip install -q pyyaml
           python3 -c "import yaml; yaml.safe_load(open('ops/monitoring/alerts-unified.yml')); print('YAML OK')"
           python3 -c "import yaml; yaml.safe_load(open('ops/monitoring/slo-rules.yml')); print('SLO YAML OK')"
       - name: Setup SSH key
         run: |
           mkdir -p ~/.ssh
           umask 077
           cat > ~/.ssh/id_ed25519 <<'AWOOOI_DEPLOY_KEY'
           ${{ secrets.DEPLOY_SSH_KEY }}
           AWOOOI_DEPLOY_KEY
           chmod 600 ~/.ssh/id_ed25519
           ssh-keyscan 192.168.0.110 >> ~/.ssh/known_hosts
       - name: Deploy alerts to Prometheus
         run: bash scripts/ops/deploy-alerts.sh
       - name: Notify deploy result
         if: always()
         run: |
           STATUS="${{ job.status }}"
           EMOJI="✅"
           [ "$STATUS" != "success" ] && EMOJI="❌"
           SHORT_SHA="${{ github.sha }}"
           SHORT_SHA="${SHORT_SHA:0:7}"
           MSG="${EMOJI} Prometheus 告警規則部署 ${STATUS} (${SHORT_SHA})"
           CICD_STATUS="success"
           [ "$STATUS" != "success" ] && CICD_STATUS="failed"
           if AWOOI_CICD_STATUS="${CICD_STATUS}" \
             AWOOI_CICD_STAGE=deploy-alerts \
             AWOOI_CICD_JOB_NAME="Prometheus 告警規則部署" \
             AWOOI_CICD_COMMIT_SHA="${{ github.sha }}" \
             AWOOI_CICD_SUMMARY="${MSG}" \
             scripts/ci/notify-awoooi-cicd.sh; then
             echo "Alert rule deploy notification mirrored through AWOOI API"
           else
             curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
               -d "chat_id=${{ env.TELEGRAM_ALERT_CHAT_ID }}" \
               --data-urlencode "text=${MSG}" || true
           fi

73 lines 2.7 KiB YAML Raw Blame History

73 lines

2.7 KiB

YAML

Raw Blame History