fix: resolve 4 P0 DevOps blockers — image tags, alertmanager, port conflicts

DEVOPS-C-01: Replace hardcoded :latest with IMAGE_TAG placeholder in all 8 production K8s manifests. Update deploy-production.yml to sed-replace IMAGE_TAG with commit SHA before kubectl apply (remove now-redundant kubectl set image step). DEVOPS-C-02: Configure Alertmanager — create alertmanager.yml with Slack + email receivers (critical/warning/infra routes, inhibition rules). Add alertmanager:v0.27.0 service to both docker-compose.observability.yml and deployments/local/docker-compose.yml. Enable prometheus.yml target (alertmanager:9093). DEVOPS-C-03: Remove :latest from docker-build.yml main branch push. Now only SHA tag is pushed for main; :staging+SHA for develop. DEVOPS-C-04: Add 4 mkt-* services to deployments/local/docker-compose.yml with unique host ports (facebook:5021, whatsapp:5022, x:5023, zalo:5024) to eliminate port 5000 conflicts. Add corresponding Traefik routers and load-balancer entries in infra/traefik/dynamic/routes.yml (/api/v1/mkt/{facebook,whatsapp,x,zalo}). Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-23 09:46:32 +07:00
parent cdc67d768f
commit 6d0ca5bee5
15 changed files with 438 additions and 20 deletions
--- a/.github/workflows/deploy-production.yml
+++ b/.github/workflows/deploy-production.yml
@@ -319,13 +319,10 @@ jobs:
          for svc in "${!DEPLOY_MAP[@]}"; do
            if echo "$SERVICES" | grep -q "\"${svc}\""; then
              echo "Deploying ${svc}..."
-              kubectl apply -f "deployments/production/kubernetes/${DEPLOY_MAP[$svc]}"
-
-              # EN: Update image to commit SHA (never :latest in production)
-              # VI: Cap nhat image bang commit SHA (khong bao gio dung :latest trong production)
-              kubectl set image "deployment/${svc}" \
-                "${svc}=${IMAGE_MAP[$svc]}:${{ github.sha }}" \
-                -n production
+              # EN: Replace IMAGE_TAG placeholder with commit SHA before applying (never :latest in production)
+              # VI: Thay the IMAGE_TAG bang commit SHA truoc khi apply (khong bao gio dung :latest trong production)
+              MANIFEST="deployments/production/kubernetes/${DEPLOY_MAP[$svc]}"
+              sed "s|IMAGE_TAG|${{ github.sha }}|g" "$MANIFEST" | kubectl apply -f -

              kubectl rollout restart "deployment/${svc}" -n production
            fi
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -96,8 +96,10 @@ jobs:
          SHA="${{ github.sha }}"
          BRANCH="${{ github.ref_name }}"

+          # EN: Never push :latest — use commit SHA only for main, :staging for develop
+          # VI: Khong bao gio push :latest — chi dung commit SHA cho main, :staging cho develop
          if [ "$BRANCH" = "main" ]; then
-            echo "tags=${IMAGE}:latest,${IMAGE}:${SHA}" >> $GITHUB_OUTPUT
+            echo "tags=${IMAGE}:${SHA}" >> $GITHUB_OUTPUT
          else
            echo "tags=${IMAGE}:staging,${IMAGE}:${SHA}" >> $GITHUB_OUTPUT
          fi