gruntwork-io · oredavids · Oct 22, 2024 · Oct 22, 2024 · Oct 22, 2024 · Oct 22, 2024
diff --git a/.github/workflows/pipelines-drift-detection.yml b/.github/workflows/pipelines-drift-detection.yml
@@ -31,10 +31,10 @@ on:
         type: string
         default: "https://api.prod.app.gruntwork.io/api/v1"
     secrets:
-        PIPELINES_READ_TOKEN:
-          required: false
-        PR_CREATE_TOKEN:
-          required: false
+      PIPELINES_READ_TOKEN:
+        required: false
+      PR_CREATE_TOKEN:
+        required: false
 env:
   PIPELINES_CLI_VERSION: v0.29.1
   PIPELINES_ACTIONS_VERSION: v3.0.3
@@ -50,16 +50,15 @@ jobs:
     steps:
       - name: Fetch Gruntwork Read Token
         id: pipelines-gruntwork-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io"
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
-
       - name: Fetch Org Read Token
         id: pipelines-customer-org-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
@@ -101,15 +100,15 @@ jobs:
     steps:
       - name: Fetch Gruntwork Read Token
         id: pipelines-gruntwork-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io"
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Org Read Token
         id: pipelines-customer-org-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
@@ -148,23 +147,23 @@ jobs:
     steps:
       - name: Fetch Gruntwork Read Token
         id: pipelines-gruntwork-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io"
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Org Read Token
         id: pipelines-customer-org-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Create PR Token
         id: pipelines-propose-infra-change-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: propose-infra-change/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.PR_CREATE_TOKEN }}

diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml
@@ -21,7 +21,7 @@ on:
       runner:
         type: string
         default: '"ubuntu-latest"'
-      api_base_url: 
+      api_base_url:
         type: string
         default: "https://api.prod.app.gruntwork.io/api/v1"
 
@@ -55,31 +55,31 @@ jobs:
     steps:
       - name: Fetch Gruntwork Read Token
         id: pipelines-gruntwork-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io"
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Org Read Token
         id: pipelines-customer-org-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Infra Root Write Token
         id: pipelines-infra-root-write-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: infra-root-write/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Org Repo Admin Token
         id: pipelines-org-repo-admin-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: org-repo-admin/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }}
@@ -122,7 +122,7 @@ jobs:
           IS_ROOT: "true"
           PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           INFRA_ROOT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }}
-          ORG_REPO_ADMIN_TOKEN:  ${{ steps.pipelines-org-repo-admin-token.outputs.PIPELINES_TOKEN }}
+          ORG_REPO_ADMIN_TOKEN: ${{ steps.pipelines-org-repo-admin-token.outputs.PIPELINES_TOKEN }}
           PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }}
           PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }}
           PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }}
@@ -135,8 +135,40 @@ jobs:
           PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }}
           PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }}
 
+      - name: Log Rate Limit after orchestrate
+        uses: actions/github-script@v7
+        if: always()
+        env:
+          PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }}
+          PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }}
+        with:
+          script: |
+            async function logRateLimitInfo(token, name) {
+                return fetch("https://api.github.com/rate_limit", {
+                  method: "GET",
+                  headers: {
+                    Authorization: `token ${token}`
+                  }
+                })
+                  .then(async response => {
+                    const rateLimitRemaining = response.headers.get("x-ratelimit-remaining");
+                    console.log(
+                      `Rate limit remaining via headers: ${rateLimitRemaining}, ${name}`
+                    );
+                    const coreRateLimitInfo = (await response.json()).resources.core;
+
+                    console.log("Core rate limit info: %o", coreRateLimitInfo);
+                  })
+                  .catch(e => console.log("Error fetching rate limit info: %o", e));
+                }
+
+            await logRateLimitInfo(process.env.PIPELINES_GRUNTWORK_READ_TOKEN, "Gruntwork Read Token");
+            await logRateLimitInfo(process.env.PIPELINES_CUSTOMER_ORG_READ_TOKEN, "Customer Org Read Token");
+
     outputs:
       pipelines_jobs: ${{ steps.orchestrate.outputs.jobs }}
+      pipelines_read_token: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }}
+      pipelines_customer_org_read_token: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }}
 
   pipelines_execute:
     env:
@@ -153,23 +185,23 @@ jobs:
     steps:
       - name: Fetch Gruntwork Read Token
         id: pipelines-gruntwork-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io"
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Org Read Token
         id: pipelines-customer-org-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Infra Root Write Token
         id: pipelines-infra-root-write-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: infra-root-write/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }}
@@ -318,6 +350,36 @@ jobs:
           step_logs_url: ${{ steps.get_logs_url.outputs.step_logs_url }}
           PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-infra-root-write-token.outputs.PIPELINES_TOKEN }}
 
+      - name: Log Rate Limit after execute
+        uses: actions/github-script@v7
+        if: always()
+        env:
+          PIPELINES_GRUNTWORK_READ_TOKEN: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }}
+          PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }}
+        with:
+          script: |
+            async function logRateLimitInfo(token, name) {
+                return fetch("https://api.github.com/rate_limit", {
+                  method: "GET",
+                  headers: {
+                    Authorization: `token ${token}`
+                  }
+                })
+                  .then(async response => {
+                    const rateLimitRemaining = response.headers.get("x-ratelimit-remaining");
+                    console.log(
+                      `Rate limit remaining via headers: ${rateLimitRemaining}, ${name}`
+                    );
+                    const coreRateLimitInfo = (await response.json()).resources.core;
+
+                    console.log("Core rate limit info: %o", coreRateLimitInfo);
+                  })
+                  .catch(e => console.log("Error fetching rate limit info: %o", e));
+                }
+
+            await logRateLimitInfo(process.env.PIPELINES_GRUNTWORK_READ_TOKEN, "Gruntwork Read Token");
+            await logRateLimitInfo(process.env.PIPELINES_CUSTOMER_ORG_READ_TOKEN, "Customer Org Read Token");
+
     outputs:
       account_id: ${{ matrix.jobs.AccountId }}
       branch: ${{ steps.gruntwork_context.outputs.branch }}
@@ -344,23 +406,23 @@ jobs:
     steps:
       - name: Fetch Gruntwork Read Token
         id: pipelines-gruntwork-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io"
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Org Read Token
         id: pipelines-customer-org-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Create PR Token
         id: pipelines-propose-infra-change-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: propose-infra-change/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.INFRA_ROOT_WRITE_TOKEN }}
@@ -467,23 +529,23 @@ jobs:
     steps:
       - name: Fetch Gruntwork Read Token
         id: pipelines-gruntwork-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io"
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Org Read Token
         id: pipelines-customer-org-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Org Repo Admin Token
         id: pipelines-org-repo-admin-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: org-repo-admin/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }}

diff --git a/.github/workflows/pipelines-unlock.yml b/.github/workflows/pipelines-unlock.yml
@@ -15,7 +15,7 @@ on:
         description: "Forcibly reset all locks by deleting the dynamodb table"
         required: false
         type: boolean
-      api_base_url: 
+      api_base_url:
         type: string
         default: "https://api.prod.app.gruntwork.io/api/v1"
 
@@ -38,8 +38,8 @@ on:
         type: string
         default: '"ubuntu-latest"'
     secrets:
-        PIPELINES_READ_TOKEN:
-          required: true
+      PIPELINES_READ_TOKEN:
+        required: true
 env:
   PIPELINES_CLI_VERSION: v0.29.1
   PIPELINES_ACTIONS_VERSION: v3.0.3
@@ -52,15 +52,15 @@ jobs:
     steps:
       - name: Fetch Gruntwork Read Token
         id: pipelines-gruntwork-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io"
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Org Read Token
         id: pipelines-customer-org-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
@@ -89,7 +89,7 @@ jobs:
           PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }}
           working_directory: ${{ inputs.working_directory }}
           terragrunt_command: "force-unlock -force ${{ inputs.lock_id }}"
-          branch: 'main'
+          branch: "main"
 
       - name: "Run terragrunt force-unlock in ${{ inputs.working_directory }}"
         id: terragrunt
@@ -115,15 +115,15 @@ jobs:
     steps:
       - name: Fetch Gruntwork Read Token
         id: pipelines-gruntwork-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io"
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Org Read Token
         id: pipelines-customer-org-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
@@ -152,7 +152,7 @@ jobs:
           PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }}
           working_directory: ${{ inputs.working_directory }}
           terragrunt_command: "init"
-          branch: 'main'
+          branch: "main"
 
       - name: Setup Mise Toml
         id: mise-toml
@@ -264,15 +264,15 @@ jobs:
     steps:
       - name: Fetch Gruntwork Read Token
         id: pipelines-gruntwork-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: "pipelines-read/gruntwork-io"
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
           api_base_url: ${{ inputs.api_base_url }}
 
       - name: Fetch Org Read Token
         id: pipelines-customer-org-read-token
-        uses: gruntwork-io/pipelines-credentials@v1
+        uses: gruntwork-io/pipelines-credentials@test-rate-limit
         with:
           PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }}
           FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
@@ -301,7 +301,7 @@ jobs:
           PIPELINES_CUSTOMER_ORG_READ_TOKEN: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }}
           working_directory: ${{ matrix.working_directory }}
           terragrunt_command: "init"
-          branch: 'main'
+          branch: "main"
 
       - name: "Run Terragrunt Init"
         id: terragrunt