- Shell 97%
- Dockerfile 3%
|
|
||
|---|---|---|
| .github | ||
| docs | ||
| action.yml | ||
| Dockerfile | ||
| entrypoint.sh | ||
| LICENSE | ||
| README.md | ||
pint action
This action will run pint
to validate Prometheus rules.
It will run pint ci for pull requests and pint lint for
merges.
Inputs
token
Github token to use when reporting problems on the pull request. Required, no default.
workdir
Directory to run check against on pushes (for example after a merge).
To set directories tested when running checks on a pull request please
create a config file for pint and set ci { include = [...] } option.
See pint docs for details.
Default is ".".
config
Config file to use. Default is "", meaning no --config flag will be passed
to pint and it will use defaults.
loglevel
Log level for pint. Default is "", meaning no --log-level flag will be passed
to pint and it will use defaults.
minSeverity
Minimum severity reported by the lint command. Default is "", meaning no --min-severity flag will be passed
to pint and it will use defaults.
Available options : info, warning (lint default), bug fatal.
requireOwner
If set to any non-empty string pint will be run with --require-owner flag.
Passing this flag will require all rule files or individual rules to have owner set via comment.
Requirements
Validating PRs require full git history and so actions/checkout must be used
with fetch-depth: 0 option.
Be sure to use a token with write access to the pull-requests scope.
Example usage
name: pint
on:
push:
branches:
- main
pull_request:
branches:
- main
permissions:
pull-requests: write
jobs:
pint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Run pint
uses: prymitive/pint-action@v1
with:
token: ${{ github.token }}
workdir: 'rules'
requireOwner: 'true'
Pull Requests from Forks
It is possible to use Pint with pull requests originating from forked repositories. There is some additional configuration. An example configuration could look like:
name: pint
on:
push:
branches:
- main
pull_request:
branches:
- main
permissions:
pull-requests: write
jobs:
pint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }} # REQUIRED FOR PRs FROM FORKS | https://github.com/actions/checkout/issues/124#issuecomment-586664611
- name: Run pint
uses: prymitive/pint-action@v1
with:
token: ${{ github.token }}
workdir: 'rules'
requireOwner: 'true'
pr_target_repo: ${{ github.event.pull_request.base.repo.full_name }} # REQUIRED FOR PRs FROM FORKS
pr_source_repo: ${{ github.event.pull_request.head.repo.full_name }} # REQUIRED FOR PRs FROM FORKS
Some caveats:
- The
pull_requestspermission will not be granted "write" access for pull request from public forks. This is a GitHub limitation. pr_target_repoandpr_source_repomust both be set to the variables indicatedactions/checkout@v3must be set withref: ${{ github.event.pull_request.head.sha }}
The only work around to get pull-requests: write permission on the default GITHUB_TOKEN is to make your repository private. For example, this can work well in a Github Enterprise environment. Github has chosen to set "Maximum access for pull requests from public forked repositories" to "read" on every single token scope.
Once your repository is private, you can set Send write tokens to workflows from fork pull requests or Send secrets and variables to workflows from fork pull requests under the Actions settings menu.