diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml index 64c42946..829d393a 100644 --- a/.gitea/workflows/cd.yaml +++ b/.gitea/workflows/cd.yaml @@ -17,7 +17,8 @@ on: - 'apps/**' - 'k8s/**' - '.gitea/workflows/**' - # docs/、memory/、ADR、ops/ 等不觸發 + - 'ops/monitoring/alerts-unified.yml' # 2026-04-05 Claude Code: 告警規則變更自動部署 + # docs/、memory/、ADR 等不觸發 workflow_dispatch: # 手動觸發永遠可用(用於補跑、緊急部署) @@ -338,3 +339,44 @@ jobs: -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \ -d "parse_mode=HTML" \ --data-urlencode "text@-" + + # ============================================================================= + # Deploy Prometheus Alert Rules (獨立 job,不依賴 build-and-deploy) + # 2026-04-05 Claude Code: Sprint 1 — 告警規則 CD 自動部署 + # 觸發條件: ops/monitoring/alerts-unified.yml 有變更 或 workflow_dispatch + # ============================================================================= + deploy-alerts: + name: "Deploy Prometheus Alert Rules" + runs-on: ubuntu-latest + timeout-minutes: 5 + if: | + github.event_name == 'workflow_dispatch' || + contains(toJSON(github.event.commits), 'ops/monitoring/alerts-unified.yml') + steps: + - uses: actions/checkout@v4 + + - name: Validate alerts YAML + run: python3 -c "import yaml; yaml.safe_load(open('ops/monitoring/alerts-unified.yml')); print('YAML OK')" + + - name: Setup SSH key + run: | + mkdir -p ~/.ssh + echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + ssh-keyscan 192.168.0.110 >> ~/.ssh/known_hosts + + - name: Deploy alerts to Prometheus + run: bash scripts/ops/deploy-alerts.sh + + - name: Notify deploy result + if: always() + run: | + STATUS="${{ job.status }}" + EMOJI="✅" + [ "$STATUS" != "success" ] && EMOJI="❌" + SHORT_SHA="${{ github.sha }}" + SHORT_SHA="${SHORT_SHA:0:7}" + MSG="${EMOJI} Prometheus 告警規則部署 ${STATUS} (${SHORT_SHA})" + curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \ + -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \ + --data-urlencode "text=${MSG}" || true