-
Notifications
You must be signed in to change notification settings - Fork 35
107 lines (85 loc) · 3.91 KB
/
bootstrap-alarms.yml
File metadata and controls
107 lines (85 loc) · 3.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: bootstrap-alarms
permissions:
id-token: write
contents: read
on:
schedule:
- cron: '0 8 * * 1' # Every Monday at 08:00 UTC
workflow_dispatch:
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
ALARM_NAMESPACE: GitHubActions
jobs:
bootstrap:
runs-on: ubuntu-latest
env:
COMPOSITE_ALARM_NAME: GitHubActions-${{ github.repository_owner }}-${{ github.event.repository.name }}-integration-tests-aggregate
steps:
- name: Debug OIDC token
run: |
echo "GitHub ref: ${{ github.ref }}"
echo "GitHub event name: ${{ github.event_name }}"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Configure AWS credentials (OIDC)
uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Create individual metric alarms
run: |
set -euo pipefail
MATRIX_FILE=".github/test-matrix.json"
ALARM_NAMES=()
# Iterate over every arch × distro_config permutation from the shared matrix
for row in $(jq -c '
.arch[] as $a |
.distro_config[] as $d |
{ arch: $a.label, distro: $d.distro, distro_version: $d.distro_version, runtime_version: $d.runtime_version }
' "$MATRIX_FILE"); do
arch=$(echo "$row" | jq -r '.arch')
distro=$(echo "$row" | jq -r '.distro')
distro_version=$(echo "$row" | jq -r '.distro_version')
runtime_version=$(echo "$row" | jq -r '.runtime_version')
ALARM_NAME="GitHubActions-ruby-ric-${distro}-${distro_version}-ruby${runtime_version}-${arch}"
echo "Creating alarm: ${ALARM_NAME}"
# Alarms if no success metric is received within 3 days
# Uses 1-day periods with 3 evaluation periods for faster state transitions
aws cloudwatch put-metric-alarm \
--alarm-name "${ALARM_NAME}" \
--alarm-description "Integration test: ${distro} ${distro_version} / ruby ${runtime_version} (${arch})" \
--namespace "${ALARM_NAMESPACE}" \
--metric-name "TestResult" \
--dimensions "Name=Distro,Value=${distro}" "Name=DistroVersion,Value=${distro_version}" "Name=RuntimeVersion,Value=${runtime_version}" "Name=Arch,Value=${arch}" \
--statistic Sum \
--period 86400 \
--evaluation-periods 3 \
--datapoints-to-alarm 3 \
--threshold 1 \
--comparison-operator LessThanThreshold \
--treat-missing-data breaching
ALARM_NAMES+=("${ALARM_NAME}")
done
# Save alarm names for the composite alarm step
printf '%s\n' "${ALARM_NAMES[@]}" > /tmp/alarm_names.txt
- name: Create composite aggregate alarm
run: |
set -euo pipefail
mapfile -t ALARM_NAMES < /tmp/alarm_names.txt
# Build the composite alarm rule: triggers if ANY sub-alarm is in ALARM or INSUFFICIENT_DATA
RULE=""
for name in "${ALARM_NAMES[@]}"; do
if [ -n "$RULE" ]; then
RULE="${RULE} OR "
fi
RULE="${RULE}(ALARM(\"${name}\") OR INSUFFICIENT_DATA(\"${name}\"))"
done
echo "Composite alarm rule:"
echo "${RULE}"
aws cloudwatch put-composite-alarm \
--alarm-name "${COMPOSITE_ALARM_NAME}" \
--alarm-description "Aggregate alarm for all Ruby RIC integration test permutations" \
--alarm-rule "${RULE}" \
--actions-enabled \
--alarm-actions "${{ secrets.AWS_ALARM_TARGET_ARN }}" \
--insufficient-data-actions "${{ secrets.AWS_ALARM_TARGET_ARN }}"
echo "Composite alarm '${COMPOSITE_ALARM_NAME}' created successfully."