From 3ff1c93bb7731b0b9bebd18c32361ee823e5ca91 Mon Sep 17 00:00:00 2001
From: OG T <ogt@WOOOMacMiniM4.local>
Date: Sun, 5 Apr 2026 02:30:46 +0800
Subject: [PATCH] =?UTF-8?q?ci:=20=E5=8A=A0=E5=85=A5=20deploy-alerts=20CD?=
 =?UTF-8?q?=20job=20=E2=80=94=20=E5=91=8A=E8=AD=A6=E8=A6=8F=E5=89=87?=
 =?UTF-8?q?=E8=AE=8A=E6=9B=B4=E8=87=AA=E5=8B=95=E9=83=A8=E7=BD=B2=E5=88=B0?=
 =?UTF-8?q?=20Prometheus?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- paths trigger 加入 ops/monitoring/alerts-unified.yml
- 新增獨立 deploy-alerts job (不依賴 build-and-deploy)
- 含 SSH key setup + YAML 驗證 + Telegram 通知

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/cd.yaml | 44 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 43 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml
index 64c42946..829d393a 100644
--- a/.gitea/workflows/cd.yaml
+++ b/.gitea/workflows/cd.yaml
@@ -17,7 +17,8 @@ on:
       - 'apps/**'
       - 'k8s/**'
       - '.gitea/workflows/**'
-      # docs/、memory/、ADR、ops/ 等不觸發
+      - 'ops/monitoring/alerts-unified.yml'  # 2026-04-05 Claude Code: 告警規則變更自動部署
+      # docs/、memory/、ADR 等不觸發
   workflow_dispatch:
     # 手動觸發永遠可用（用於補跑、緊急部署）
 
@@ -338,3 +339,44 @@ jobs:
             -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
             -d "parse_mode=HTML" \
             --data-urlencode "text@-"
+
+  # =============================================================================
+  # Deploy Prometheus Alert Rules (獨立 job，不依賴 build-and-deploy)
+  # 2026-04-05 Claude Code: Sprint 1 — 告警規則 CD 自動部署
+  # 觸發條件: ops/monitoring/alerts-unified.yml 有變更 或 workflow_dispatch
+  # =============================================================================
+  deploy-alerts:
+    name: "Deploy Prometheus Alert Rules"
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    if: |
+      github.event_name == 'workflow_dispatch' ||
+      contains(toJSON(github.event.commits), 'ops/monitoring/alerts-unified.yml')
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Validate alerts YAML
+        run: python3 -c "import yaml; yaml.safe_load(open('ops/monitoring/alerts-unified.yml')); print('YAML OK')"
+
+      - name: Setup SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan 192.168.0.110 >> ~/.ssh/known_hosts
+
+      - name: Deploy alerts to Prometheus
+        run: bash scripts/ops/deploy-alerts.sh
+
+      - name: Notify deploy result
+        if: always()
+        run: |
+          STATUS="${{ job.status }}"
+          EMOJI="✅"
+          [ "$STATUS" != "success" ] && EMOJI="❌"
+          SHORT_SHA="${{ github.sha }}"
+          SHORT_SHA="${SHORT_SHA:0:7}"
+          MSG="${EMOJI} Prometheus 告警規則部署 ${STATUS} (${SHORT_SHA})"
+          curl -fS -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
+            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
+            --data-urlencode "text=${MSG}" || true