Skip to content

Rate Limiting Prober #707

Rate Limiting Prober

Rate Limiting Prober #707

Workflow file for this run

name: Rate Limiting Prober
on:
workflow_dispatch:
inputs:
triggerPagerDutyTest:
description: 'Trigger PagerDuty test message'
required: false
type: boolean
schedule:
# run once a day
- cron: '0 0 * * *'
jobs:
rate-limiting:
timeout-minutes: 10
name: Nginx Rate Limiting Test
runs-on: ubuntu-latest
outputs:
rekor_staging: ${{ steps.rekor_staging.outputs.rekor_staging }}
fulcio_staging: ${{ steps.fulcio_staging.outputs.fulcio_staging }}
rekor_prod: ${{ steps.rekor_prod.outputs.rekor_prod }}
fulcio_prod: ${{ steps.fulcio_prod.outputs.fulcio_prod }}
summary: ${{ steps.msg.outputs.summary}}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: 'go.work'
check-latest: true
- name: Rate Limit Rekor Staging
id: rekor_staging
continue-on-error: true
run: |
echo "rekor_staging=success" >> $GITHUB_OUTPUT
go run ./prober/rate-limiting.go --url https://rekor.sigstage.dev/api/v1/log || echo "rekor_staging=failed" >> $GITHUB_OUTPUT
- name: Rate Limit Fulcio Staging
id: fulcio_staging
continue-on-error: true
run: |
echo "fulcio_staging=success" >> $GITHUB_OUTPUT
go run ./prober/rate-limiting.go --url https://fulcio.sigstage.dev/api/v1/rootCert || echo "fulcio_staging=failed" >> $GITHUB_OUTPUT
- name: Rate Limit Rekor Prod
id: rekor_prod
continue-on-error: true
run: |
echo "rekor_prod=success" >> $GITHUB_OUTPUT
go run ./prober/rate-limiting.go --url https://rekor.sigstore.dev/api/v1/log || echo "rekor_prod=failed" >> $GITHUB_OUTPUT
- name: Rate Limit Fulcio Prod
id: fulcio_prod
continue-on-error: true
run: |
echo "fulcio_prod=success" >> $GITHUB_OUTPUT
go run ./prober/rate-limiting.go --url https://fulcio.sigstore.dev/api/v1/rootCert || echo "fulcio_prod=failed" >> $GITHUB_OUTPUT
- name: Set messages
id: msg
run: |
if [ "${{ inputs.triggerPagerDutyTest }}" == "true" ]; then
echo "summary=Test Notification" >> $GITHUB_OUTPUT;
else
echo "summary=Rate Limiting Prober Failed" >> $GITHUB_OUTPUT;
fi
pagerduty-notification:
if: github.event.inputs.triggerPagerDutyTest=='true' || failure()
needs: [rate-limiting]
uses: ./.github/workflows/reusable-pager.yml
secrets:
PAGERDUTY_INTEGRATION_KEY: ${{ secrets.PAGERDUTY_INTEGRATION_KEY }}
with:
summary: ${{ needs.rate-limiting.outputs.summary }}
component: "rate-limiting prober"
group: "production and staging"
details: >
{
"Failure URL": "https://github.com/sigstore/public-good-instance/actions/runs/${{ github.run_id }}",
"Commit": "${{ github.sha }}",
"Rekor Staging": "${{ needs.rate-limiting.outputs.rekor_staging }}",
"Rekor Prod": "${{ needs.rate-limiting.outputs.rekor_prod }}",
"Fulcio Staging": "${{ needs.rate-limiting.outputs.fulcio_staging }}",
"Fulcio Prod": "${{ needs.rate-limiting.outputs.fulcio_prod }}"
}
links: >
[
{
"href": "https://github.com/sigstore/public-good-instance/blob/main/playbooks/rate-limiting.md",
"text": "Rate Limiting Failure Playbook"
}
]