From bdb6285fb3688f62a81e348eebcaed2a5c418a49 Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Tue, 22 Oct 2024 11:51:06 -0600 Subject: [PATCH 1/8] Log rate limit --- .../workflows/pipelines-drift-detection.yml | 23 +++--- .github/workflows/pipelines-root.yml | 70 +++++++++++++++---- .github/workflows/pipelines-unlock.yml | 24 +++---- .github/workflows/pipelines.yml | 19 +++-- 4 files changed, 87 insertions(+), 49 deletions(-) diff --git a/.github/workflows/pipelines-drift-detection.yml b/.github/workflows/pipelines-drift-detection.yml index fac11612..05cf87d5 100644 --- a/.github/workflows/pipelines-drift-detection.yml +++ b/.github/workflows/pipelines-drift-detection.yml @@ -31,10 +31,10 @@ on: type: string default: "https://api.prod.app.gruntwork.io/api/v1" secrets: - PIPELINES_READ_TOKEN: - required: false - PR_CREATE_TOKEN: - required: false + PIPELINES_READ_TOKEN: + required: false + PR_CREATE_TOKEN: + required: false env: PIPELINES_CLI_VERSION: v0.29.1 PIPELINES_ACTIONS_VERSION: v3.0.3 @@ -50,16 +50,15 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} api_base_url: ${{ inputs.api_base_url }} - - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -101,7 +100,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -109,7 +108,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -148,7 +147,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -156,7 +155,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -164,7 +163,7 @@ jobs: - name: Fetch Create PR Token id: pipelines-propose-infra-change-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: propose-infra-change/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PR_CREATE_TOKEN }} diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 76b3c737..23dd5a66 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -21,7 +21,7 @@ on: runner: type: string default: '"ubuntu-latest"' - api_base_url: + api_base_url: type: string default: "https://api.prod.app.gruntwork.io/api/v1" @@ -55,7 +55,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -63,7 +63,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -71,7 +71,7 @@ jobs: - name: Fetch Infra Root Write Token id: pipelines-infra-root-write-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: infra-root-write/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }} @@ -79,7 +79,7 @@ jobs: - name: Fetch Org Repo Admin Token id: pipelines-org-repo-admin-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: org-repo-admin/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }} @@ -122,7 +122,7 @@ jobs: IS_ROOT: "true" PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} INFRA_ROOT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }} - ORG_REPO_ADMIN_TOKEN: ${{ steps.pipelines-org-repo-admin-token.outputs.PIPELINES_TOKEN }} + ORG_REPO_ADMIN_TOKEN: ${{ steps.pipelines-org-repo-admin-token.outputs.PIPELINES_TOKEN }} PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }} PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }} @@ -137,6 +137,8 @@ jobs: outputs: pipelines_jobs: ${{ steps.orchestrate.outputs.jobs }} + pipelines_read_token: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }} + pipelines_customer_org_read_token: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} pipelines_execute: env: @@ -153,7 +155,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -161,7 +163,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -169,7 +171,7 @@ jobs: - name: Fetch Infra Root Write Token id: pipelines-infra-root-write-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: infra-root-write/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }} @@ -344,7 +346,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -352,7 +354,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -360,7 +362,7 @@ jobs: - name: Fetch Create PR Token id: pipelines-propose-infra-change-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: propose-infra-change/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }} @@ -467,7 +469,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -475,7 +477,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -483,7 +485,7 @@ jobs: - name: Fetch Org Repo Admin Token id: pipelines-org-repo-admin-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: org-repo-admin/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }} @@ -563,3 +565,41 @@ jobs: pr_body: ${{ steps.provision_delegated_repo.outputs.pr_body }} requesting_pr_number: ${{ steps.provision_delegated_repo.outputs.requesting_pr_number }} step_summary_content: ${{ steps.provision_delegated_repo.outputs.step_summary_content }} + + pipelines_rate_limit: + name: Rate Limit + runs-on: ${{ fromJSON(inputs.runner) }} + needs: + [ + pipelines_orchestrate, + pipelines_execute, + pipelines_apply_baselines, + pipelines_setup_delegated_repo, + ] + env: + PIPELINES_GRUNTWORK_READ_TOKEN: ${{ needs.pipelines_orchestrate.outputs.pipelines_read_token }} + PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ needs.pipelines_orchestrate.outputs.pipelines_customer_org_read_token }} + + steps: + - name: Log Rate Limit + run: | + async function logRateLimitInfo(token, name) { + return fetch("https://api.github.com/rate_limit", { + method: "GET", + headers: { + Authorization: `token ${token}` + } + }) + .then(async response => { + const rateLimitRemaining = response.headers.get("x-ratelimit-remaining"); + console.log( + `Rate limit remaining: ${rateLimitRemaining}, ${name}` + ); + const coreRateLimitInfo = (await response.json()).resources.core; + + console.log("Core rate limit info: %o", coreRateLimitInfo); + }) + .catch(e => console.log("Error fetching rate limit info: %o", e)); + + await logRateLimitInfo(process.env.PIPELINES_GRUNTWORK_READ_TOKEN, "Gruntwork Read Token"); + await logRateLimitInfo(process.env.PIPELINES_CUSTOMER_ORG_READ_TOKEN, "Customer Org Read Token"); diff --git a/.github/workflows/pipelines-unlock.yml b/.github/workflows/pipelines-unlock.yml index 2a2a4546..a83e815c 100644 --- a/.github/workflows/pipelines-unlock.yml +++ b/.github/workflows/pipelines-unlock.yml @@ -15,7 +15,7 @@ on: description: "Forcibly reset all locks by deleting the dynamodb table" required: false type: boolean - api_base_url: + api_base_url: type: string default: "https://api.prod.app.gruntwork.io/api/v1" @@ -38,8 +38,8 @@ on: type: string default: '"ubuntu-latest"' secrets: - PIPELINES_READ_TOKEN: - required: true + PIPELINES_READ_TOKEN: + required: true env: PIPELINES_CLI_VERSION: v0.29.1 PIPELINES_ACTIONS_VERSION: v3.0.3 @@ -52,7 +52,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -60,7 +60,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -89,7 +89,7 @@ jobs: PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} working_directory: ${{ inputs.working_directory }} terragrunt_command: "force-unlock -force ${{ inputs.lock_id }}" - branch: 'main' + branch: "main" - name: "Run terragrunt force-unlock in ${{ inputs.working_directory }}" id: terragrunt @@ -115,7 +115,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -123,7 +123,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -152,7 +152,7 @@ jobs: PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} working_directory: ${{ inputs.working_directory }} terragrunt_command: "init" - branch: 'main' + branch: "main" - name: Setup Mise Toml id: mise-toml @@ -264,7 +264,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -272,7 +272,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -301,7 +301,7 @@ jobs: PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} working_directory: ${{ matrix.working_directory }} terragrunt_command: "init" - branch: 'main' + branch: "main" - name: "Run Terragrunt Init" id: terragrunt diff --git a/.github/workflows/pipelines.yml b/.github/workflows/pipelines.yml index 91bb1bb0..94275be3 100644 --- a/.github/workflows/pipelines.yml +++ b/.github/workflows/pipelines.yml @@ -21,7 +21,7 @@ on: runner: type: string default: '"ubuntu-latest"' - api_base_url: + api_base_url: type: string default: "https://api.prod.app.gruntwork.io/api/v1" @@ -29,7 +29,7 @@ on: PIPELINES_READ_TOKEN: required: true PR_CREATE_TOKEN: - required: false + required: false env: PIPELINES_CLI_VERSION: v0.29.1 @@ -46,7 +46,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -54,7 +54,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -62,7 +62,7 @@ jobs: - name: Fetch Create PR Token id: pipelines-propose-infra-change-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: propose-infra-change/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PR_CREATE_TOKEN }} @@ -92,7 +92,6 @@ jobs: pull_number=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") gh pr comment $pull_number -b "$msg" -R $GITHUB_ORG || true # || true incase this fails on a non-PR run - - name: Check out repo code uses: actions/checkout@v4 with: @@ -121,7 +120,7 @@ jobs: pipelines_execute: env: - JOB_NAME: ${{ contains(matrix.jobs.Action.Command, 'plan') && 'Plan' || 'Apply' }} - ${{ matrix.jobs.ChangeType }} - ${{ matrix.jobs.WorkingDirectory }} + JOB_NAME: ${{ contains(matrix.jobs.Action.Command, 'plan') && 'Plan' || 'Apply' }} - ${{ matrix.jobs.ChangeType }} - ${{ matrix.jobs.WorkingDirectory }} name: ${{ contains(matrix.jobs.Action.Command, 'plan') && 'Plan' || 'Apply' }} - ${{ matrix.jobs.ChangeType }} - ${{ matrix.jobs.WorkingDirectory }} needs: [pipelines_orchestrate] runs-on: ${{ fromJSON(inputs.runner) }} @@ -134,7 +133,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -142,7 +141,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -150,7 +149,7 @@ jobs: - name: Fetch Create PR Token id: pipelines-propose-infra-change-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: propose-infra-change/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PR_CREATE_TOKEN }} From 0aa9ebea2c3cde886ec53548001972d1ed54d134 Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Tue, 22 Oct 2024 12:06:43 -0600 Subject: [PATCH 2/8] Fix missing brace --- .github/workflows/pipelines-root.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 23dd5a66..a6d55238 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -600,6 +600,7 @@ jobs: console.log("Core rate limit info: %o", coreRateLimitInfo); }) .catch(e => console.log("Error fetching rate limit info: %o", e)); + } await logRateLimitInfo(process.env.PIPELINES_GRUNTWORK_READ_TOKEN, "Gruntwork Read Token"); await logRateLimitInfo(process.env.PIPELINES_CUSTOMER_ORG_READ_TOKEN, "Customer Org Read Token"); From bf2880964d08638344f30385df279d1af2d5eb82 Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Tue, 22 Oct 2024 12:14:19 -0600 Subject: [PATCH 3/8] Run rate limit job always --- .github/workflows/pipelines-root.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index a6d55238..c501a4b0 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -576,6 +576,7 @@ jobs: pipelines_apply_baselines, pipelines_setup_delegated_repo, ] + if: always() env: PIPELINES_GRUNTWORK_READ_TOKEN: ${{ needs.pipelines_orchestrate.outputs.pipelines_read_token }} PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ needs.pipelines_orchestrate.outputs.pipelines_customer_org_read_token }} From 5c092aa44961879a2e65d05a85393871b72ded43 Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Tue, 22 Oct 2024 12:20:36 -0600 Subject: [PATCH 4/8] Fix job --- .github/workflows/pipelines-root.yml | 44 +++++++++++++++------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index c501a4b0..81cd35d4 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -567,7 +567,7 @@ jobs: step_summary_content: ${{ steps.provision_delegated_repo.outputs.step_summary_content }} pipelines_rate_limit: - name: Rate Limit + name: Get Rate Limit after all jobs runs-on: ${{ fromJSON(inputs.runner) }} needs: [ @@ -583,25 +583,27 @@ jobs: steps: - name: Log Rate Limit - run: | - async function logRateLimitInfo(token, name) { - return fetch("https://api.github.com/rate_limit", { - method: "GET", - headers: { - Authorization: `token ${token}` - } - }) - .then(async response => { - const rateLimitRemaining = response.headers.get("x-ratelimit-remaining"); - console.log( - `Rate limit remaining: ${rateLimitRemaining}, ${name}` - ); - const coreRateLimitInfo = (await response.json()).resources.core; - - console.log("Core rate limit info: %o", coreRateLimitInfo); + uses: actions/github-script@v7 + with: + script: | + async function logRateLimitInfo(token, name) { + return fetch("https://api.github.com/rate_limit", { + method: "GET", + headers: { + Authorization: `token ${token}` + } }) - .catch(e => console.log("Error fetching rate limit info: %o", e)); - } + .then(async response => { + const rateLimitRemaining = response.headers.get("x-ratelimit-remaining"); + console.log( + `Rate limit remaining: ${rateLimitRemaining}, ${name}` + ); + const coreRateLimitInfo = (await response.json()).resources.core; + + console.log("Core rate limit info: %o", coreRateLimitInfo); + }) + .catch(e => console.log("Error fetching rate limit info: %o", e)); + } - await logRateLimitInfo(process.env.PIPELINES_GRUNTWORK_READ_TOKEN, "Gruntwork Read Token"); - await logRateLimitInfo(process.env.PIPELINES_CUSTOMER_ORG_READ_TOKEN, "Customer Org Read Token"); + await logRateLimitInfo(process.env.PIPELINES_GRUNTWORK_READ_TOKEN, "Gruntwork Read Token"); + await logRateLimitInfo(process.env.PIPELINES_CUSTOMER_ORG_READ_TOKEN, "Customer Org Read Token"); From e1739a64124037bb54a61d0aca817b83cce668be Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Tue, 22 Oct 2024 12:27:40 -0600 Subject: [PATCH 5/8] Update log --- .github/workflows/pipelines-root.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 81cd35d4..ad23ea60 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -598,7 +598,7 @@ jobs: console.log( `Rate limit remaining: ${rateLimitRemaining}, ${name}` ); - const coreRateLimitInfo = (await response.json()).resources.core; + const coreRateLimitInfo = (await response.json()); console.log("Core rate limit info: %o", coreRateLimitInfo); }) From 813a41e0a12bc5ed595bb339d5a533f3bff6a862 Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Tue, 22 Oct 2024 12:38:21 -0600 Subject: [PATCH 6/8] Fix env reference --- .github/workflows/pipelines-root.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index ad23ea60..64c278ce 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -584,6 +584,9 @@ jobs: steps: - name: Log Rate Limit uses: actions/github-script@v7 + env: + PIPELINES_GRUNTWORK_READ_TOKEN: ${{ needs.pipelines_orchestrate.outputs.pipelines_read_token }} + PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ needs.pipelines_orchestrate.outputs.pipelines_customer_org_read_token }} with: script: | async function logRateLimitInfo(token, name) { From 143d672b18401728fcee18198bc1f1c5407c8ca2 Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Tue, 22 Oct 2024 13:00:44 -0600 Subject: [PATCH 7/8] Log rate within each job --- .github/workflows/pipelines-root.yml | 105 +++++++++++++++------------ 1 file changed, 60 insertions(+), 45 deletions(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 64c278ce..e3dab684 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -135,6 +135,36 @@ jobs: PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }} + - name: Log Rate Limit after orchestrate + uses: actions/github-script@v7 + if: always() + env: + PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }} + PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} + with: + script: | + async function logRateLimitInfo(token, name) { + return fetch("https://api.github.com/rate_limit", { + method: "GET", + headers: { + Authorization: `token ${token}` + } + }) + .then(async response => { + const rateLimitRemaining = response.headers.get("x-ratelimit-remaining"); + console.log( + `Rate limit remaining: ${rateLimitRemaining}, ${name}` + ); + const coreRateLimitInfo = (await response.json()); + + console.log("Core rate limit info: %o", coreRateLimitInfo); + }) + .catch(e => console.log("Error fetching rate limit info: %o", e)); + } + + await logRateLimitInfo(process.env.PIPELINES_GRUNTWORK_READ_TOKEN, "Gruntwork Read Token"); + await logRateLimitInfo(process.env.PIPELINES_CUSTOMER_ORG_READ_TOKEN, "Customer Org Read Token"); + outputs: pipelines_jobs: ${{ steps.orchestrate.outputs.jobs }} pipelines_read_token: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }} @@ -320,6 +350,36 @@ jobs: step_logs_url: ${{ steps.get_logs_url.outputs.step_logs_url }} PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }} + - name: Log Rate Limit after execute + uses: actions/github-script@v7 + if: always() + env: + PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }} + PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} + with: + script: | + async function logRateLimitInfo(token, name) { + return fetch("https://api.github.com/rate_limit", { + method: "GET", + headers: { + Authorization: `token ${token}` + } + }) + .then(async response => { + const rateLimitRemaining = response.headers.get("x-ratelimit-remaining"); + console.log( + `Rate limit remaining: ${rateLimitRemaining}, ${name}` + ); + const coreRateLimitInfo = (await response.json()); + + console.log("Core rate limit info: %o", coreRateLimitInfo); + }) + .catch(e => console.log("Error fetching rate limit info: %o", e)); + } + + await logRateLimitInfo(process.env.PIPELINES_GRUNTWORK_READ_TOKEN, "Gruntwork Read Token"); + await logRateLimitInfo(process.env.PIPELINES_CUSTOMER_ORG_READ_TOKEN, "Customer Org Read Token"); + outputs: account_id: ${{ matrix.jobs.AccountId }} branch: ${{ steps.gruntwork_context.outputs.branch }} @@ -565,48 +625,3 @@ jobs: pr_body: ${{ steps.provision_delegated_repo.outputs.pr_body }} requesting_pr_number: ${{ steps.provision_delegated_repo.outputs.requesting_pr_number }} step_summary_content: ${{ steps.provision_delegated_repo.outputs.step_summary_content }} - - pipelines_rate_limit: - name: Get Rate Limit after all jobs - runs-on: ${{ fromJSON(inputs.runner) }} - needs: - [ - pipelines_orchestrate, - pipelines_execute, - pipelines_apply_baselines, - pipelines_setup_delegated_repo, - ] - if: always() - env: - PIPELINES_GRUNTWORK_READ_TOKEN: ${{ needs.pipelines_orchestrate.outputs.pipelines_read_token }} - PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ needs.pipelines_orchestrate.outputs.pipelines_customer_org_read_token }} - - steps: - - name: Log Rate Limit - uses: actions/github-script@v7 - env: - PIPELINES_GRUNTWORK_READ_TOKEN: ${{ needs.pipelines_orchestrate.outputs.pipelines_read_token }} - PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ needs.pipelines_orchestrate.outputs.pipelines_customer_org_read_token }} - with: - script: | - async function logRateLimitInfo(token, name) { - return fetch("https://api.github.com/rate_limit", { - method: "GET", - headers: { - Authorization: `token ${token}` - } - }) - .then(async response => { - const rateLimitRemaining = response.headers.get("x-ratelimit-remaining"); - console.log( - `Rate limit remaining: ${rateLimitRemaining}, ${name}` - ); - const coreRateLimitInfo = (await response.json()); - - console.log("Core rate limit info: %o", coreRateLimitInfo); - }) - .catch(e => console.log("Error fetching rate limit info: %o", e)); - } - - await logRateLimitInfo(process.env.PIPELINES_GRUNTWORK_READ_TOKEN, "Gruntwork Read Token"); - await logRateLimitInfo(process.env.PIPELINES_CUSTOMER_ORG_READ_TOKEN, "Customer Org Read Token"); From 5fe2ed97e328d2ac82c3f61a1726a9bd056eb2b6 Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Tue, 22 Oct 2024 13:07:44 -0600 Subject: [PATCH 8/8] Only log core rate limit. --- .github/workflows/pipelines-root.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index e3dab684..658df32e 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -153,9 +153,9 @@ jobs: .then(async response => { const rateLimitRemaining = response.headers.get("x-ratelimit-remaining"); console.log( - `Rate limit remaining: ${rateLimitRemaining}, ${name}` + `Rate limit remaining via headers: ${rateLimitRemaining}, ${name}` ); - const coreRateLimitInfo = (await response.json()); + const coreRateLimitInfo = (await response.json()).resources.core; console.log("Core rate limit info: %o", coreRateLimitInfo); }) @@ -368,9 +368,9 @@ jobs: .then(async response => { const rateLimitRemaining = response.headers.get("x-ratelimit-remaining"); console.log( - `Rate limit remaining: ${rateLimitRemaining}, ${name}` + `Rate limit remaining via headers: ${rateLimitRemaining}, ${name}` ); - const coreRateLimitInfo = (await response.json()); + const coreRateLimitInfo = (await response.json()).resources.core; console.log("Core rate limit info: %o", coreRateLimitInfo); })