Merge pull request #14 from HO-CTO/main

update-repo-with-fork-changes

.github/release-drafter.yml

@@ -1,5 +1,5 @@
-name-template: 'v$RESOLVED_VERSION 🌈'
-tag-template: 'v$RESOLVED_VERSION'
+name-template: '$RESOLVED_VERSION 🌈'
+tag-template: '$RESOLVED_VERSION'
 categories:
   - title: '🚀 Features'
     labels:
@@ -19,6 +19,7 @@ categories:
       - 'refactor'
       - 'style'
       - 'docs'
+      - 'dependencies'
 change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
 change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.
 version-resolver:

.github/workflows/docker-build-branch.yml

@@ -50,8 +50,9 @@ jobs:
             PACKAGE_TOKEN=${{secrets.GITHUB_TOKEN}}
             MAC_VERSION='#${{ github.event.number }}'
 
-      - name: Run Snyk to check Docker image for vulnerabilities
-        id: snyk
+      # Snyk security scan of Docker file only
+      - name: Run Snyk to check Docker file for vulnerabilities
+        id: snyk-dockerfile
         continue-on-error: true
         uses: snyk/actions/[email protected]
         env:
@@ -69,7 +70,24 @@ jobs:
           sarif_file: snyk.sarif
 
       - name: Check on failures
-        if: steps.snyk.outcome != 'success'
+        if: steps.snyk-dockerfile.outcome != 'success'
+        run: exit 1
+
+      # Snyk security scan of Built Docker Image and unmanaged dependencies
+      - name: Run Snyk to check Docker image for vulnerabilities
+        id: snyk-image
+        continue-on-error: true
+        uses: snyk/actions/[email protected]
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ${{ steps.meta.outputs.tags }}
+          args: |
+            --app-vulns
+            --severity-threshold=medium
+
+      - name: Check on failures
+        if: steps.snyk-image.outcome != 'success'
         run: exit 1
 
       - name: Push image to GitHub Container Registry

.github/workflows/docker-build-tag.yml

@@ -34,22 +34,21 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Calculate SemVer increment
-        id: increment
-        uses: UKHomeOffice/semver-tag-action@v3
+      - name: Calculate SemVer value
+        id: calculate
+        uses: UKHomeOffice/semver-calculate-action@v1
         with:
           increment: ${{ steps.label.outputs.matchedLabels }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          default_use_head_tag: ${{ github.base_ref == 'main' }}
-          dry_run: true
+          default_to_highest: ${{ github.base_ref == 'main' }}      
 
       - name: Calculate metadata
         id: meta
         uses: docker/metadata-action@v4
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=raw,value=${{steps.increment.outputs.version}}
+            type=raw,value=${{steps.calculate.outputs.version}}
             type=raw,value=latest,enable=${{ github.base_ref == 'main' }}
 
       - name: Build container
@@ -62,12 +61,12 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             PACKAGE_TOKEN=${{secrets.GITHUB_TOKEN}}
-            MAC_VERSION=${{steps.increment.outputs.version}}
+            MAC_VERSION=${{steps.calculate.outputs.version}}
 
       - name: Tag repository with SemVer
         uses: UKHomeOffice/semver-tag-action@v3
         with:
-          tag: ${{steps.increment.outputs.version}}
+          tag: ${{steps.calculate.outputs.version}}
           github_token: ${{ secrets.GITHUB_TOKEN }}
           default_use_head_tag: ${{ github.base_ref == 'main' }}
 

monitoring-as-code/Dockerfile

@@ -25,4 +25,4 @@ COPY mixin-defs /mixin-defs
 COPY run-mixin.sh /
 RUN chmod a+x /usr/local/bin/jb /usr/local/bin/jsonnet /run-mixin.sh
 
-ENTRYPOINT ["/run-mixin.sh"]
+ENTRYPOINT ["/run-mixin.sh"]

monitoring-as-code/README.md

@@ -19,7 +19,15 @@ Monitoring Mixins bundle up SLI configuration, Alerting, Grafana dashboards, and
 - [docker](https://docs.docker.com)
 - [git](https://git-scm.com)
 
-**Now in a directory of your choosing run the following setup commands.**
+## Docker installation
+
+See GitHub Releases page for most recent tagged version and pull the Docker image: -
+
+`docker pull ghcr.io/ho-cto/sre-monitoring-as-code:{tag}`
+
+## GitHub clone installation
+
+**In a directory of your choosing run the following setup commands.**
 
 ```
 # Clone the repository to your local machine
@@ -34,17 +42,45 @@ docker build -t sre-monitoring-as-code:latest .
 
 ## Useage
 
-```
-# Add mixin file <service>-mixin.jsonnet to /montoring-config
-touch grapi-mixin.jsonnet
+### Default mixin config 
 
-# Add Global and SLI configuration as per sre-monitoring-as-code docs (see Resources)
+**To run the default monitoring and summary mixins bundles into the built container run the following command**
 
+```
 # Execute makefile script
 sh deploy.sh
+```
+
+### Custom mixin
+
+**To run a custom mixin file**
 
-# Add artefacts (dashboard, alerts rules and recording rules) to Grafana and Prometheus package management tooling (Prometheus Operator)
 ```
+# Add mixin file <service>-mixin.jsonnet to a directory
+touch grapi-mixin.jsonnet
+
+# Execute docker run command based on mounted directory where the mixin file has been added.
+docker run --mount type=bind,source="$PWD"/{user input directory},target=/input --mount type=bind,source="$PWD"/{user output directory},target=/output -it sre-monitoring-as-code:{tag} -m {service} -rd -i input -o output
+```
+
+### Configuration Arguments
+
+**Arguments to be passed to container at runtime**
+
+| Argument | Description                                                                                                            |
+|----------|------------------------------------------------------------------------------------------------------------------------|
+| -m       | The name of the mixin to target, must be included                                                                      |
+| -o       | The path to the directory where you want the output to be copied to, must be included                                  |
+| -i       | The path to the directory containing the mixin file, if not included defaults to mixin-defs directory inside container |
+| -a       | The type of account (np, pr or localhost), if not included defaults to localhost                                       |
+| -r       | Include if you only want to generate Prometheus rules, both generated if neither included                              |
+| -d       | Include if you only want to generate Grafana dashboards, both generated if neither included                            |
+
+## Distribution 
+
+### Add artefacts (dashboard, alerts rules and recording rules) to Grafana and Prometheus package management tooling (Prometheus Operator)
+
+TBC
 
 ## Resources
 

monitoring-as-code/mixin-defs/monitoring-mixin.jsonnet

@@ -24,45 +24,48 @@ local sliSpecList = {
       sliDescription: 'Grafana landing page requests',
       period: '7d',
       metricType: 'grafana_http_request_duration_seconds',
-      metricTarget: 0.1,
       evalInterval: '1m',
       selectors: {
         product: 'grafana',
         resource: '/api/dashboards/home',
         errorStatus: '4..|5..',
       },
       sloTarget: 90,
-      sliType: 'availability',
+      sliTypes: {
+        availability: 0.1,
+      },
     },
     SLI02: {
       title: 'requests to the Grafana login are successful',
       sliDescription: 'Grafana login page requests',
       period: '7d',
       metricType: 'grafana_http_request_duration_seconds',
-      metricTarget: 0.1,
       evalInterval: '1m',
       selectors: {
         product: 'grafana',
         resource: '/login',
         errorStatus: '4..|5..',
       },
       sloTarget: 90,
-      sliType: 'availability',
+      sliTypes: {
+        availability: 0.1,
+      },
     },
     SLI03: {
       title: 'requests to the Grafana datasources are successful',
       sliDescription: 'Grafana  datasource API requests',
       period: '7d',
       metricType: 'grafana_http_request_duration_seconds',
-      metricTarget: 0.5,
       evalInterval: '1m',
       selectors: {
         product: 'grafana',
         resource: '/api/datasources/proxy/:id/.*',
         errorStatus: '4..|5..',
       },
       sloTarget: 90,
-      sliType: 'availability',
+      sliTypes: {
+        availability: 0.5,
+      },
     },
   },
   prometheus: {
@@ -71,25 +74,27 @@ local sliSpecList = {
       sliDescription: 'Average of prometheus scrape target status',
       period: '7d',
       metricType: 'up',
-      metricTarget: 1,
       comparison: '==',
       evalInterval: '1m',
       selectors: {},
       sloTarget: 90,
-      sliType: 'availability',
+      sliTypes: {
+        availability: 1,
+      },
     },
     SLI02: {
       title: 'prometheus scraping of Yace is fast enough',
       sliDescription: 'Average duration of Prometheus scrape of Yace',
       period: '7d',
       metricType: 'scrape_duration_seconds',
-      metricTarget: 15,
       evalInterval: '1m',
       selectors: {
         product: 'yace'
       },
       sloTarget: 90,
-      sliType: 'availability',
+      sliTypes: {
+        availability: 15,
+      },
     },
   },
   thanos: {
@@ -98,73 +103,78 @@ local sliSpecList = {
       sliDescription: 'Instant query requests to thanos-query',
       period: '7d',
       metricType: 'http_requests_total',
-      metricTarget: 0.1,
       evalInterval: '1m',
       selectors: {
         product: 'thanos-query',
         resource: 'query',
         errorStatus: '4..|5..',
       },
       sloTarget: 90,
-      sliType: 'availability',
+      sliTypes: {
+        availability: 0.1,
+      },
     },
     SLI02: {
       title: 'instant query requests to Thanos are fast enough',
       sliDescription: 'Instant query requests to thanos-query',
       period: '7d',
       metricType: 'http_request_duration_seconds',
-      metricTarget: 15,
       latencyPercentile: 0.8,
       evalInterval: '1m',
       selectors: {
         product: 'thanos-query',
         resource: 'query',
       },
-      sliType: 'latency',
+      sliTypes: {
+        latency: 15,
+      },
       sloTarget: 90,
     },
     SLI03: {
       title: 'range query requests to Thanos',
       sliDescription: 'Range query requests to thanos-query',
       period: '7d',
       metricType: 'http_requests_total',
-      metricTarget: 0.1,
       evalInterval: '1m',
       selectors: {
         product: 'thanos-query',
         resource: 'query_range',
         errorStatus: '4..|5..',
       },
       sloTarget: 90,
-      sliType: 'availability',
+      sliTypes: {
+        availability: 0.1,
+      },
     },
     SLI04: {
       title: 'range query requests to Thanos are fast enough',
       sliDescription: 'Range query requests to thanos-query',
       period: '7d',
       metricType: 'http_request_duration_seconds',
-      metricTarget: 10,
       latencyPercentile: 0.8,
       evalInterval: '1m',
       selectors: {
         product: 'thanos-query',
         resource: 'query_range',
       },
-      sliType: 'latency',
+      sliTypes: {
+        latency: 10,
+      },
       sloTarget: 90,
     },
     SLI05: {
       title: 'compactions by thanos-compact',
       sliDescription: 'Thanos-compact operations and failures',
       period: '7d',
       metricType: 'thanos_compact_group_compactions',
-      metricTarget: 0.01,
       evalInterval: '1m',
       selectors: {
         product: 'monitoring-thanos-compact.*'
       },
       sloTarget: 99,
-      sliType: 'availability',
+      sliTypes: {
+        availability: 0.01,
+      },
     },
   },
 };