feat: centralize monitoring in one node.

Author: xdanielsb

.github/workflows/cd-keycloak.yml

@@ -21,7 +21,7 @@ jobs:
           host: ${{ secrets.HOST }}
           username: deploy
           key: ${{ secrets.SSH_PRIVATE_KEY }}
-          source: "infra/compose/docker-compose.keycloak.yml,infra/keycloak/,infra/scripts/,Makefile"
+          source: "infra/keycloak/,infra/scripts/,Makefile,makefiles/keycloak.mk"
           target: "/home/deploy/survey-app"
           strip_components: 0
           rm: false
@@ -34,7 +34,7 @@ jobs:
           username: deploy
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           script: |
-            cat << 'EOF' > /home/deploy/survey-app/infra/compose/.env
+            cat << 'EOF' > /home/deploy/survey-app/infra/keycloak/.env
               ${{ secrets.ENV_FILE }}
             EOF
 
@@ -56,7 +56,7 @@ jobs:
           username: deploy
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           script: |
-            cat << 'EOF' > /home/deploy/survey-app/infra/compose/CaddyfileKeycloak
+            cat << 'EOF' > /home/deploy/survey-app/infra/keycloak/Caddyfile
               ${{ secrets.CADDYFILE_KEYCLOAK }}
             EOF
 
@@ -68,5 +68,5 @@ jobs:
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           script: |
             cd /home/deploy/survey-app
-            docker compose -f infra/compose/docker-compose.keycloak.yml down
-            docker compose -f infra/compose/docker-compose.keycloak.yml --env-file infra/compose/.env up -d --build
+            docker compose -f infra/keycloak/docker-compose.yml down --remove-orphans
+            docker compose -f infra/keycloak/docker-compose.yml --env-file infra/keycloak/.env up -d --build

.github/workflows/cd-monitoring.yml

@@ -0,0 +1,75 @@
+name: Deploy to monitoring
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: monitoring
+    concurrency:
+      group: deploy-monitoring-${{ github.ref }}
+      cancel-in-progress: true
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Copy project files to production server
+        uses: appleboy/scp-action@v1
+        with:
+          host: ${{ secrets.HOST }}
+          username: deploy
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          source: "infra/monitoring/,infra/scripts/,Makefile,makefiles/monitoring.mk"
+          target: "/home/deploy/survey-app"
+          strip_components: 0
+          rm: false
+          overwrite: true
+
+      - name: Upload .env file
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.HOST }}
+          username: deploy
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          script: |
+            cat << 'EOF' > /home/deploy/survey-app/infra/monitoring/.env
+              ${{ secrets.ENV_FILE }}
+            EOF
+
+      - name: Upload Caddyfile
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.HOST }}
+          username: deploy
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          script: |
+            cat << 'EOF' > /home/deploy/survey-app/infra/monitoring/Caddyfile
+              ${{ secrets.CADDY_FILE }}
+            EOF
+
+      - name: Upload Prometheus config
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.HOST }}
+          username: deploy
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          script: |
+            cat << 'EOF' > /home/deploy/survey-app/infra/monitoring/prometheus.yml
+              ${{ secrets.PROMETHEUS_FILE }}
+            EOF
+
+      - name: Deploy with Docker Compose
+        uses: appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.HOST }}
+          username: deploy
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          script: |
+            cd /home/deploy/survey-app
+            docker compose -f infra/monitoring/docker-compose.yml down --remove-orphans
+            docker compose -f infra/monitoring/docker-compose.yml --env-file infra/monitoring/.env up -d --build

.github/workflows/cd-prod.yml

@@ -68,5 +68,5 @@ jobs:
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           script: |
             cd /home/deploy/survey-app
-            docker compose -f infra/compose/docker-compose.yml down
+            docker compose -f infra/compose/docker-compose.yml down --remove-orphans
             docker compose -f infra/compose/docker-compose.yml --env-file infra/compose/.env up -d --build

.github/workflows/cd-staging.yml

@@ -5,6 +5,7 @@ on:
   push:
     branches:
       - master
+  workflow_dispatch:
 
 jobs:
   deploy:
@@ -87,5 +88,5 @@ jobs:
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           script: |
             cd /home/deploy/survey-app
-            docker compose -f infra/compose/docker-compose.yml down
+            docker compose -f infra/compose/docker-compose.yml down --remove-orphans
             docker compose -f infra/compose/docker-compose.yml --env-file infra/compose/.env up -d --build

Makefile

@@ -1,72 +1,10 @@
-.PHONY: prod-restore-db prod-list-backups prod-backup dev-up dev-down dev-logs prod-up prod-down prod-logs caddy-reload container-exec prod-ps prod-restart prod-log-service dev-ps keycloak-up keycloak-down keycloak-logs keycloak-log-service keycloak-ps keycloak-restart ollama-pull
+.PHONY: help
 
-# Usage: make restore FILE=backups/your_backup.dump
-prod-restore-db:
-	@echo "📦 Restoring from: $(FILE)"
-	@./infra/compose/scripts/restore_db.sh --file $(FILE)
+-include makefiles/compose.mk
+-include makefiles/dev.mk
+-include makefiles/keycloak.mk
+-include makefiles/monitoring.mk
 
-prod-list-backups:
-	docker compose -f infra/compose/docker-compose.yml run --rm --entrypoint patronx patronx-worker list
-
-prod-backup:
-	docker compose -f infra/compose/docker-compose.yml run --rm --entrypoint patronx patronx-worker backup
-
-prod-up:
-	docker compose -f infra/compose/docker-compose.yml --env-file infra/compose/.env up -d
-
-prod-down:
-	docker compose -f infra/compose/docker-compose.yml down
-
-prod-logs:
-	docker compose -f infra/compose/docker-compose.yml logs -f
-
-prod-log-service:
-	docker compose -f infra/compose/docker-compose.yml logs -f $(SERVICE)
-
-prod-ps:
-	docker compose -f infra/compose/docker-compose.yml ps
-
-prod-restart:
-	docker compose -f infra/compose/docker-compose.yml restart $(SERVICE)
-
-caddy-reload: ## Usage: make caddy-reload CONTAINER=<container-name>
-	docker exec $(CONTAINER) caddy reload --config /etc/caddy/Caddyfile --adapter caddyfile
-
-container-logs:
-	docker logs -f $(CONTAINER)
-
-container-exec:
-	docker exec -it $(CONTAINER) $(CMD)
-
-dev-up:
-	docker compose -f infra/compose/docker-compose.dev.yml --env-file infra/compose/.env up --build --force-recreate -d
-
-dev-down:
-	docker compose -f infra/compose/docker-compose.dev.yml down
-
-dev-logs:
-	docker compose -f infra/compose/docker-compose.dev.yml logs -f
-
-dev-ps:
-	docker compose -f infra/compose/docker-compose.dev.yml ps
-
-keycloak-up:
-	docker compose -f infra/compose/docker-compose.keycloak.yml --env-file infra/compose/.env up -d
-
-keycloak-down:
-	docker compose -f infra/compose/docker-compose.keycloak.yml down
-
-keycloak-logs:
-	docker compose -f infra/compose/docker-compose.keycloak.yml logs -f
-
-keycloak-log-service:
-	docker compose -f infra/compose/docker-compose.keycloak.yml logs -f $(SERVICE)
-
-keycloak-ps:
-	docker compose -f infra/compose/docker-compose.keycloak.yml ps
-
-keycloak-restart:
-	docker compose -f infra/compose/docker-compose.keycloak.yml restart $(SERVICE)
-
-ollama-pull:
-	docker exec -it ollama ollama pull tinyllama
+help: ## Show this help message
+	@grep -h -E '^[a-zA-Z_-]+:.*?##' Makefile makefiles/*.mk | \
+	  awk -F':|##' '{printf "  %-20s %s\n", $$1, $$3}' | sort

README.md

@@ -39,8 +39,9 @@ _Cloud‑native survey engine with end‑to‑end observability._
 
 ## Docs
 -  **See** [Database Recovery Guide](docs/data-recovery.md) for how to restore the database in case of an incident
--  **See** [Secure Docker Deploy Guide](docs/secure-docker-deploy.md) for deploying in a safe way with docker compsoe with a dedicated non root user
+-  **See** [Secure Docker Deploy Guide](docs/secure-deploy.md) for deploying in a safe way with docker compsoe with a dedicated non root user
 -  **See** [Deploy Keycloak](docs/deploy-keycloak.md) for deploying keycloak
+-  **See** [Monitoring Configuration](docs/monitoring-config.md) for customizing Prometheus targets
 ## Project Structure
 
 ```
@@ -50,14 +51,18 @@ services/
   backoffice/  (angular v20)
   analytics/   (fastapi python3.12)
 infra/
-  monitoring/
-  elk/
   scripts/
   keycloak/
+    docker-compose.yml
+    Caddyfile
+  monitoring/
+    elk/
+    grafana/
+    docker-compose.yml
+    Caddyfile
   compose/
     docker-compose.yml
     docker-compose.dev.yml
-    docker-compose.keycloak.yml
     Caddyfile
 docs/
   data-recovery.md

docs/deploy-prod.md docs/deploy-keycloak.mddocs/deploy-prod.md renamed to docs/deploy-keycloak.md

@@ -0,0 +1,6 @@
+# Monitoring Configuration
+
+For deployments, the Prometheus configuration file is generated by the monitoring workflow using a GitHub secret. This keeps domain names out of the repository.
+
+1. Create a secret named `PROMETHEUS_FILE` containing the full contents of `infra/monitoring/prometheus.yml`.
+2. The monitoring workflow writes this file on the server before running Docker Compose.

docs/monitoring-config.md

@@ -44,3 +44,7 @@ AWS_DEFAULT_REGION=
 COMPANY_NAME=
 COMPANY_WEBSITE=
 COMPANY_LOGO_URL=
+LOGSTASH_HOST=
+LOGSTASH_PORT=
+
+