generated from sigstore/sigstore-project-template
-
Notifications
You must be signed in to change notification settings - Fork 13
89 lines (86 loc) · 3.49 KB
/
rate-limiting.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
name: Rate Limiting Prober
on:
workflow_dispatch:
inputs:
triggerPagerDutyTest:
description: 'Trigger PagerDuty test message'
required: false
type: boolean
schedule:
# run once a day
- cron: '0 0 * * *'
jobs:
rate-limiting:
timeout-minutes: 10
name: Nginx Rate Limiting Test
runs-on: ubuntu-latest
outputs:
rekor_staging: ${{ steps.rekor_staging.outputs.rekor_staging }}
fulcio_staging: ${{ steps.fulcio_staging.outputs.fulcio_staging }}
rekor_prod: ${{ steps.rekor_prod.outputs.rekor_prod }}
fulcio_prod: ${{ steps.fulcio_prod.outputs.fulcio_prod }}
summary: ${{ steps.msg.outputs.summary}}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: 'go.work'
check-latest: true
- name: Rate Limit Rekor Staging
id: rekor_staging
continue-on-error: true
run: |
echo "rekor_staging=success" >> $GITHUB_OUTPUT
go run ./prober/rate-limiting.go --url https://rekor.sigstage.dev/api/v1/log || echo "rekor_staging=failed" >> $GITHUB_OUTPUT
- name: Rate Limit Fulcio Staging
id: fulcio_staging
continue-on-error: true
run: |
echo "fulcio_staging=success" >> $GITHUB_OUTPUT
go run ./prober/rate-limiting.go --url https://fulcio.sigstage.dev/api/v1/rootCert || echo "fulcio_staging=failed" >> $GITHUB_OUTPUT
- name: Rate Limit Rekor Prod
id: rekor_prod
continue-on-error: true
run: |
echo "rekor_prod=success" >> $GITHUB_OUTPUT
go run ./prober/rate-limiting.go --url https://rekor.sigstore.dev/api/v1/log || echo "rekor_prod=failed" >> $GITHUB_OUTPUT
- name: Rate Limit Fulcio Prod
id: fulcio_prod
continue-on-error: true
run: |
echo "fulcio_prod=success" >> $GITHUB_OUTPUT
go run ./prober/rate-limiting.go --url https://fulcio.sigstore.dev/api/v1/rootCert || echo "fulcio_prod=failed" >> $GITHUB_OUTPUT
- name: Set messages
id: msg
run: |
if [ "${{ inputs.triggerPagerDutyTest }}" == "true" ]; then
echo "summary=Test Notification" >> $GITHUB_OUTPUT;
else
echo "summary=Rate Limiting Prober Failed" >> $GITHUB_OUTPUT;
fi
pagerduty-notification:
if: github.event.inputs.triggerPagerDutyTest=='true' || failure()
needs: [rate-limiting]
uses: ./.github/workflows/reusable-pager.yml
secrets:
PAGERDUTY_INTEGRATION_KEY: ${{ secrets.PAGERDUTY_INTEGRATION_KEY }}
with:
summary: ${{ needs.rate-limiting.outputs.summary }}
component: "rate-limiting prober"
group: "production and staging"
details: >
{
"Failure URL": "https://github.com/sigstore/public-good-instance/actions/runs/${{ github.run_id }}",
"Commit": "${{ github.sha }}",
"Rekor Staging": "${{ needs.rate-limiting.outputs.rekor_staging }}",
"Rekor Prod": "${{ needs.rate-limiting.outputs.rekor_prod }}",
"Fulcio Staging": "${{ needs.rate-limiting.outputs.fulcio_staging }}",
"Fulcio Prod": "${{ needs.rate-limiting.outputs.fulcio_prod }}"
}
links: >
[
{
"href": "https://github.com/sigstore/public-good-instance/blob/main/playbooks/rate-limiting.md",
"text": "Rate Limiting Failure Playbook"
}
]