diff --git a/.github/workflows/pipelines-drift-detection.yml b/.github/workflows/pipelines-drift-detection.yml index fac11612..05cf87d5 100644 --- a/.github/workflows/pipelines-drift-detection.yml +++ b/.github/workflows/pipelines-drift-detection.yml @@ -31,10 +31,10 @@ on: type: string default: "https://api.prod.app.gruntwork.io/api/v1" secrets: - PIPELINES_READ_TOKEN: - required: false - PR_CREATE_TOKEN: - required: false + PIPELINES_READ_TOKEN: + required: false + PR_CREATE_TOKEN: + required: false env: PIPELINES_CLI_VERSION: v0.29.1 PIPELINES_ACTIONS_VERSION: v3.0.3 @@ -50,16 +50,15 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} api_base_url: ${{ inputs.api_base_url }} - - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -101,7 +100,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -109,7 +108,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -148,7 +147,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -156,7 +155,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -164,7 +163,7 @@ jobs: - name: Fetch Create PR Token id: pipelines-propose-infra-change-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: propose-infra-change/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PR_CREATE_TOKEN }} diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 76b3c737..658df32e 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -21,7 +21,7 @@ on: runner: type: string default: '"ubuntu-latest"' - api_base_url: + api_base_url: type: string default: "https://api.prod.app.gruntwork.io/api/v1" @@ -55,7 +55,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -63,7 +63,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -71,7 +71,7 @@ jobs: - name: Fetch Infra Root Write Token id: pipelines-infra-root-write-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: infra-root-write/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }} @@ -79,7 +79,7 @@ jobs: - name: Fetch Org Repo Admin Token id: pipelines-org-repo-admin-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: org-repo-admin/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }} @@ -122,7 +122,7 @@ jobs: IS_ROOT: "true" PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} INFRA_ROOT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }} - ORG_REPO_ADMIN_TOKEN: ${{ steps.pipelines-org-repo-admin-token.outputs.PIPELINES_TOKEN }} + ORG_REPO_ADMIN_TOKEN: ${{ steps.pipelines-org-repo-admin-token.outputs.PIPELINES_TOKEN }} PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }} PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }} @@ -135,8 +135,40 @@ jobs: PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }} + - name: Log Rate Limit after orchestrate + uses: actions/github-script@v7 + if: always() + env: + PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }} + PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} + with: + script: | + async function logRateLimitInfo(token, name) { + return fetch("https://api.github.com/rate_limit", { + method: "GET", + headers: { + Authorization: `token ${token}` + } + }) + .then(async response => { + const rateLimitRemaining = response.headers.get("x-ratelimit-remaining"); + console.log( + `Rate limit remaining via headers: ${rateLimitRemaining}, ${name}` + ); + const coreRateLimitInfo = (await response.json()).resources.core; + + console.log("Core rate limit info: %o", coreRateLimitInfo); + }) + .catch(e => console.log("Error fetching rate limit info: %o", e)); + } + + await logRateLimitInfo(process.env.PIPELINES_GRUNTWORK_READ_TOKEN, "Gruntwork Read Token"); + await logRateLimitInfo(process.env.PIPELINES_CUSTOMER_ORG_READ_TOKEN, "Customer Org Read Token"); + outputs: pipelines_jobs: ${{ steps.orchestrate.outputs.jobs }} + pipelines_read_token: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }} + pipelines_customer_org_read_token: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} pipelines_execute: env: @@ -153,7 +185,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -161,7 +193,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -169,7 +201,7 @@ jobs: - name: Fetch Infra Root Write Token id: pipelines-infra-root-write-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: infra-root-write/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }} @@ -318,6 +350,36 @@ jobs: step_logs_url: ${{ steps.get_logs_url.outputs.step_logs_url }} PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }} + - name: Log Rate Limit after execute + uses: actions/github-script@v7 + if: always() + env: + PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }} + PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} + with: + script: | + async function logRateLimitInfo(token, name) { + return fetch("https://api.github.com/rate_limit", { + method: "GET", + headers: { + Authorization: `token ${token}` + } + }) + .then(async response => { + const rateLimitRemaining = response.headers.get("x-ratelimit-remaining"); + console.log( + `Rate limit remaining via headers: ${rateLimitRemaining}, ${name}` + ); + const coreRateLimitInfo = (await response.json()).resources.core; + + console.log("Core rate limit info: %o", coreRateLimitInfo); + }) + .catch(e => console.log("Error fetching rate limit info: %o", e)); + } + + await logRateLimitInfo(process.env.PIPELINES_GRUNTWORK_READ_TOKEN, "Gruntwork Read Token"); + await logRateLimitInfo(process.env.PIPELINES_CUSTOMER_ORG_READ_TOKEN, "Customer Org Read Token"); + outputs: account_id: ${{ matrix.jobs.AccountId }} branch: ${{ steps.gruntwork_context.outputs.branch }} @@ -344,7 +406,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -352,7 +414,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -360,7 +422,7 @@ jobs: - name: Fetch Create PR Token id: pipelines-propose-infra-change-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: propose-infra-change/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }} @@ -467,7 +529,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -475,7 +537,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -483,7 +545,7 @@ jobs: - name: Fetch Org Repo Admin Token id: pipelines-org-repo-admin-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: org-repo-admin/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }} diff --git a/.github/workflows/pipelines-unlock.yml b/.github/workflows/pipelines-unlock.yml index 2a2a4546..a83e815c 100644 --- a/.github/workflows/pipelines-unlock.yml +++ b/.github/workflows/pipelines-unlock.yml @@ -15,7 +15,7 @@ on: description: "Forcibly reset all locks by deleting the dynamodb table" required: false type: boolean - api_base_url: + api_base_url: type: string default: "https://api.prod.app.gruntwork.io/api/v1" @@ -38,8 +38,8 @@ on: type: string default: '"ubuntu-latest"' secrets: - PIPELINES_READ_TOKEN: - required: true + PIPELINES_READ_TOKEN: + required: true env: PIPELINES_CLI_VERSION: v0.29.1 PIPELINES_ACTIONS_VERSION: v3.0.3 @@ -52,7 +52,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -60,7 +60,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -89,7 +89,7 @@ jobs: PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} working_directory: ${{ inputs.working_directory }} terragrunt_command: "force-unlock -force ${{ inputs.lock_id }}" - branch: 'main' + branch: "main" - name: "Run terragrunt force-unlock in ${{ inputs.working_directory }}" id: terragrunt @@ -115,7 +115,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -123,7 +123,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -152,7 +152,7 @@ jobs: PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} working_directory: ${{ inputs.working_directory }} terragrunt_command: "init" - branch: 'main' + branch: "main" - name: Setup Mise Toml id: mise-toml @@ -264,7 +264,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -272,7 +272,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -301,7 +301,7 @@ jobs: PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} working_directory: ${{ matrix.working_directory }} terragrunt_command: "init" - branch: 'main' + branch: "main" - name: "Run Terragrunt Init" id: terragrunt diff --git a/.github/workflows/pipelines.yml b/.github/workflows/pipelines.yml index 91bb1bb0..94275be3 100644 --- a/.github/workflows/pipelines.yml +++ b/.github/workflows/pipelines.yml @@ -21,7 +21,7 @@ on: runner: type: string default: '"ubuntu-latest"' - api_base_url: + api_base_url: type: string default: "https://api.prod.app.gruntwork.io/api/v1" @@ -29,7 +29,7 @@ on: PIPELINES_READ_TOKEN: required: true PR_CREATE_TOKEN: - required: false + required: false env: PIPELINES_CLI_VERSION: v0.29.1 @@ -46,7 +46,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -54,7 +54,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -62,7 +62,7 @@ jobs: - name: Fetch Create PR Token id: pipelines-propose-infra-change-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: propose-infra-change/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PR_CREATE_TOKEN }} @@ -92,7 +92,6 @@ jobs: pull_number=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") gh pr comment $pull_number -b "$msg" -R $GITHUB_ORG || true # || true incase this fails on a non-PR run - - name: Check out repo code uses: actions/checkout@v4 with: @@ -121,7 +120,7 @@ jobs: pipelines_execute: env: - JOB_NAME: ${{ contains(matrix.jobs.Action.Command, 'plan') && 'Plan' || 'Apply' }} - ${{ matrix.jobs.ChangeType }} - ${{ matrix.jobs.WorkingDirectory }} + JOB_NAME: ${{ contains(matrix.jobs.Action.Command, 'plan') && 'Plan' || 'Apply' }} - ${{ matrix.jobs.ChangeType }} - ${{ matrix.jobs.WorkingDirectory }} name: ${{ contains(matrix.jobs.Action.Command, 'plan') && 'Plan' || 'Apply' }} - ${{ matrix.jobs.ChangeType }} - ${{ matrix.jobs.WorkingDirectory }} needs: [pipelines_orchestrate] runs-on: ${{ fromJSON(inputs.runner) }} @@ -134,7 +133,7 @@ jobs: steps: - name: Fetch Gruntwork Read Token id: pipelines-gruntwork-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io" FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -142,7 +141,7 @@ jobs: - name: Fetch Org Read Token id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} @@ -150,7 +149,7 @@ jobs: - name: Fetch Create PR Token id: pipelines-propose-infra-change-token - uses: gruntwork-io/pipelines-credentials@v1 + uses: gruntwork-io/pipelines-credentials@test-rate-limit with: PIPELINES_TOKEN_PATH: propose-infra-change/${{ github.repository_owner }} FALLBACK_TOKEN: ${{ secrets.PR_CREATE_TOKEN }}