ci: 加入 deploy-alerts CD job — 告警規則變更自動部署到 Prometheus

- paths trigger 加入 ops/monitoring/alerts-unified.yml - 新增獨立 deploy-alerts job (不依賴 build-and-deploy) - 含 SSH key setup + YAML 驗證 + Telegram 通知 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 02:30:46 +08:00
parent 7becdcbaf6
commit 3ff1c93bb7
1 changed files with 43 additions and 1 deletions
--- a/.gitea/workflows/cd.yaml
+++ b/.gitea/workflows/cd.yaml
@@ -17,7 +17,8 @@ on:
      - 'apps/**'
      - 'k8s/**'
      - '.gitea/workflows/**'
-      # docs/、memory/、ADR、ops/ 等不觸發
+      - 'ops/monitoring/alerts-unified.yml'  # 2026-04-05 Claude Code: 告警規則變更自動部署
+      # docs/、memory/、ADR 等不觸發
  workflow_dispatch:
    # 手動觸發永遠可用（用於補跑、緊急部署）

@@ -338,3 +339,44 @@ jobs:
            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
            -d "parse_mode=HTML" \
            --data-urlencode "text@-"
+
+  # =============================================================================
+  # Deploy Prometheus Alert Rules (獨立 job，不依賴 build-and-deploy)
+  # 2026-04-05 Claude Code: Sprint 1 — 告警規則 CD 自動部署
+  # 觸發條件: ops/monitoring/alerts-unified.yml 有變更 或 workflow_dispatch
+  # =============================================================================
+  deploy-alerts:
+    name: "Deploy Prometheus Alert Rules"
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    if: |
+      github.event_name == 'workflow_dispatch' ||
+      contains(toJSON(github.event.commits), 'ops/monitoring/alerts-unified.yml')
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Validate alerts YAML
+        run: python3 -c "import yaml; yaml.safe_load(open('ops/monitoring/alerts-unified.yml')); print('YAML OK')"
+
+      - name: Setup SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan 192.168.0.110 >> ~/.ssh/known_hosts
+
+      - name: Deploy alerts to Prometheus
+        run: bash scripts/ops/deploy-alerts.sh
+
+      - name: Notify deploy result
+        if: always()
+        run: |
+          STATUS="${{ job.status }}"
+          EMOJI="✅"
+          [ "$STATUS" != "success" ] && EMOJI="❌"
+          SHORT_SHA="${{ github.sha }}"
+          SHORT_SHA="${SHORT_SHA:0:7}"
+          MSG="${EMOJI} Prometheus 告警規則部署 ${STATUS} (${SHORT_SHA})"
+          curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
+            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
+            --data-urlencode "text=${MSG}" || true