*: migrate to cloudflare/pint for prometheus rule checking

thaum-xyz · Mar 6, 2023 · ad05b13 · ad05b13
1 parent 43a1053
commit ad05b13
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 31 deletions.
diff --git a/.github/workflows/prometheusrule.yml b/.github/workflows/prometheusrule.yml
@@ -16,13 +16,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
       - uses: actions/setup-go@v3
         with:
           go-version: '${{ env.golang-version }}'
       - run: go install github.com/brancz/gojsontoyaml@latest
-      #- run: go get -u github.com/prometheus/prometheus/cmd/promtool
-      - name: Download latest release of promtool
-        run: |
-          VERSION=$(curl -s https://api.github.com/repos/prometheus/prometheus/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3)}' | sed 's/v//')
-          curl -s -L "https://github.com/prometheus/prometheus/releases/download/v${VERSION}/prometheus-${VERSION}.linux-amd64.tar.gz" | tar -zxf - -C "${GITHUB_WORKSPACE}/" --strip-components 1 "prometheus-${VERSION}.linux-amd64/promtool"
-      - run: PATH="${PATH}:${GITHUB_WORKSPACE}" ./hack/verify-prometheus-rules.sh
+      - run: PATH="${PATH}:${GITHUB_WORKSPACE}" ./hack/hack/unpack-prometheus-rules.sh
+      - name: Run pint
+        uses: prymitive/pint-action@v1
+        with:
+          token: ${{ github.token }}
+          # directory containing Prometheus rules
+          workdir: 'tmp/rules'
diff --git a/.pint.hcl b/.pint.hcl
@@ -0,0 +1,42 @@
+rule {
+  match {
+    kind = "alerting"
+  }
+/*
+  annotation "summary" {
+    severity = "warning"
+    required = true
+  }
+*/
+/*
+  annotation "description" {
+    severity = "warning"
+    required = true
+  }
+*/
+
+/*
+  annotation "runbook_url" {
+    severity = "warning"
+    required = true
+  }
+
+  annotation "dashboard_url" {
+    severity = "warning"
+    required = true
+  }
+*/
+
+  label "severity" {
+    severity = "bug"
+    value    = "warning|critical|info|none"
+    required = true
+  }
+}
+
+checks {
+  disabled = [
+    "alerts/template",
+    "promql/regexp"
+  ]
+}
diff --git a/Makefile b/Makefile
@@ -38,6 +38,11 @@ secrets:  ## Check if secrets are not leaked
 validate:  ## Validate kubernetes manifests
 	for d in $(DIRS); do $(MAKE) -C $$d validate || exit 1; done
 
+.PHONY: prometheusrules
+prometheusrules:  ## Validate prometheus rules
+	./hack/unpack-prometheus-rules.sh
+	pint lint tmp/rules
+
 .PHONY: bootstrap
 bootstrap:  ## Bootstrap development environment
 	ggshield install -m local
diff --git a/hack/unpack-prometheus-rules.sh b/hack/unpack-prometheus-rules.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -euo pipefail
+
+mkdir -p tmp/rules
+
+for f in $(grep -ir --include=*.yaml "PrometheusRule" . | grep kind | grep -v CustomResourceDefinition | sed 's/:.*//'); do
+	tmpfile="$(echo "$f" | sed 's/\//-/g' | sed 's/.-//')"
+	gojsontoyaml -yamltojson < "$f" | jq .spec | gojsontoyaml > "tmp/rules/$tmpfile";
+	echo "Unpacked $f to tmp/rules/$tmpfile"
+done
diff --git a/hack/verify-prometheus-rules.sh b/hack/verify-prometheus-rules.sh