Phoenix Deploy API: alert webhook, .env.example, Site24x7 and E2E docs

- PHOENIX_ALERT_WEBHOOK_URL: POST on alerts when firing
- .env.example: PROXMOX_*, PROMETHEUS_*, webhooks, partner keys
- PHOENIX_SITE24X7_API_KEYS.md: how to issue API keys for Site24x7
- PHOENIX_E2E_PORTAL_API_RAILING.md: E2E test steps and references

Made-with: Cursor

phoenix-deploy-api/.env.example

@@ -1,17 +1,30 @@
-# =============================================================================
-# Phoenix Deploy API — Environment (example)
-# =============================================================================
-# Copy to .env and fill in. Do not commit .env.
-# See README.md for Gitea webhook and deploy endpoint usage.
-# =============================================================================
+# Phoenix Deploy API — copy to .env and set values
 
-# Listen port
 PORT=4001
-
-# Gitea instance (for commit status API)
 GITEA_URL=https://gitea.d-bis.org
-# Token with repo (or repo:status) scope — create at Gitea → Settings → Applications
-GITEA_TOKEN=your-gitea-token
+GITEA_TOKEN=
+PHOENIX_DEPLOY_SECRET=
 
-# Optional: shared secret for webhook signature and /api/deploy Bearer auth
-# PHOENIX_DEPLOY_SECRET=your-webhook-and-deploy-secret
+# Proxmox (for Infra/VE API; omit for stub responses)
+PROXMOX_HOST=
+PROXMOX_PORT=8006
+PROXMOX_USER=root@pam
+PROXMOX_TOKEN_NAME=
+PROXMOX_TOKEN_VALUE=
+PROXMOX_TLS_VERIFY=1
+
+# VM lifecycle (set to 1 to enable start/stop/reboot)
+PHOENIX_VE_LIFECYCLE_ENABLED=0
+
+# Prometheus (for Health API)
+PROMETHEUS_URL=http://localhost:9090
+PROMETHEUS_ALERTS_URL=
+
+# Outbound webhooks
+PHOENIX_WEBHOOK_URL=
+PHOENIX_WEBHOOK_SECRET=
+PHOENIX_ALERT_WEBHOOK_URL=
+PHOENIX_ALERT_WEBHOOK_SECRET=
+
+# Optional: comma-separated API keys for /api/v1/* (X-API-Key or Bearer)
+PHOENIX_PARTNER_KEYS=

phoenix-deploy-api/server.js

@@ -319,13 +319,27 @@ app.get('/api/v1/health/metrics', async (req, res) => {
 
 /**
  * GET /api/v1/health/alerts — Active alerts (stub or Alertmanager; optional PROMETHEUS_ALERTS_URL)
+ * Optional: POST to PHOENIX_ALERT_WEBHOOK_URL when alerts exist (partner notification).
  */
+const PHOENIX_ALERT_WEBHOOK_URL = process.env.PHOENIX_ALERT_WEBHOOK_URL || '';
+const PHOENIX_ALERT_WEBHOOK_SECRET = process.env.PHOENIX_ALERT_WEBHOOK_SECRET || '';
+
 app.get('/api/v1/health/alerts', async (req, res) => {
   const alertsUrl = process.env.PROMETHEUS_ALERTS_URL || `${PROMETHEUS_URL}/api/v1/alerts`;
   try {
     const data = await fetch(alertsUrl).then((r) => r.json()).catch(() => ({ data: { alerts: [] } }));
     const alerts = data.data?.alerts ?? data.alerts ?? [];
-    res.json({ alerts: Array.isArray(alerts) ? alerts : [], stub: !process.env.PROMETHEUS_URL });
+    const payload = { alerts: Array.isArray(alerts) ? alerts : [], stub: !process.env.PROMETHEUS_URL };
+    res.json(payload);
+    if (PHOENIX_ALERT_WEBHOOK_URL && payload.alerts.length > 0) {
+      const body = JSON.stringify({ event: 'alerts.fired', alerts: payload.alerts, at: new Date().toISOString() });
+      const sig = PHOENIX_ALERT_WEBHOOK_SECRET ? crypto.createHmac('sha256', PHOENIX_ALERT_WEBHOOK_SECRET).update(body).digest('hex') : '';
+      fetch(PHOENIX_ALERT_WEBHOOK_URL, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', ...(sig && { 'X-Phoenix-Signature': `sha256=${sig}` }) },
+        body,
+      }).catch((e) => console.error('[alert-webhook]', e.message));
+    }
   } catch (err) {
     res.json({ alerts: [], stub: true, message: err.message });
   }