cloudflare/pint
Publicmirrored from https://github.com/cloudflare/pintAvailable
docs/index.md
226lines · modecode
| 1 | --- |
| 2 | layout: default |
| 3 | title: Documentation |
| 4 | nav_order: 1 |
| 5 | has_children: true |
| 6 | --- |
| 7 | |
| 8 | # pint |
| 9 | |
| 10 | pint is a Prometheus rule linter. |
| 11 | |
| 12 | ## Usage |
| 13 | |
| 14 | There are three modes it works in: |
| 15 | |
| 16 | - CI PR linting |
| 17 | - Ad-hoc linting of a selected files or directories |
| 18 | - A daemon that continuously checks selected files or directories and expose metrics describing |
| 19 | all discovered problems. |
| 20 | |
| 21 | ### Pull Requests |
| 22 | |
| 23 | Run it with `pint ci`. |
| 24 | |
| 25 | It currently supports git for which it will find all commits on the current branch that are not |
| 26 | present in the parent branch and scan all modified files included in those changes. |
| 27 | |
| 28 | Results can optionally be reported using |
| 29 | [BitBucket API](https://docs.atlassian.com/bitbucket-server/rest/7.8.0/bitbucket-code-insights-rest.html) |
| 30 | or [GitHub API](https://docs.github.com/en/rest) to generate a report with any found issues. |
| 31 | If you are using BitBucket API then each issue will create an inline annotation in BitBucket with a description of |
| 32 | the issue. If you are using GitHub API then each issue will appear as a comment on your pull request. |
| 33 | |
| 34 | Exit code will be one (1) if any issues were detected with severity `Bug` or higher. This permits running |
| 35 | `pint` in your CI system whilst at the same you will get detailed reports on your source control system. |
| 36 | |
| 37 | If any commit on the PR contains `[skip ci]` or `[no ci]` somewhere in the commit message then pint will |
| 38 | skip running all checks. |
| 39 | |
| 40 | #### GitHub Actions |
| 41 | |
| 42 | The easiest way of using `pint` with GitHub Actions is by using |
| 43 | [prymitive/pint-action](https://github.com/prymitive/pint-action). |
| 44 | Here's an example workflow: |
| 45 | |
| 46 | {% raw %} |
| 47 | ```yaml |
| 48 | name: pint |
| 49 | |
| 50 | on: |
| 51 | push: |
| 52 | branches: |
| 53 | - main |
| 54 | pull_request: |
| 55 | branches: |
| 56 | - main |
| 57 | |
| 58 | jobs: |
| 59 | pint: |
| 60 | runs-on: ubuntu-latest |
| 61 | steps: |
| 62 | - uses: actions/checkout@v3 |
| 63 | with: |
| 64 | fetch-depth: 0 |
| 65 | |
| 66 | - name: Run pint |
| 67 | uses: prymitive/pint-action@v1 |
| 68 | with: |
| 69 | token: ${{ github.token }} |
| 70 | # directory containing Prometheus rules |
| 71 | workdir: 'rules' |
| 72 | ``` |
| 73 | {% endraw %} |
| 74 | |
| 75 | To customize pint checks create a `.pint.hcl` file in the root of your repository. |
| 76 | See [Configuration](configuration.md) for a description of all options. |
| 77 | |
| 78 | If your repository contains other files, not only Prometheus rules, then tell pint |
| 79 | to only check selected paths when running checks on a pull request: |
| 80 | |
| 81 | ```js |
| 82 | ci { |
| 83 | include = [ "rules/dev/.*.yml", "rules/prod/.*" ] |
| 84 | } |
| 85 | ``` |
| 86 | |
| 87 | When pint runs checks after a push to a branch (for example after a merge), then |
| 88 | it will pass `workdir` option to `pint lint`, which means that all files inside |
| 89 | `rules` directory will be checked. |
| 90 | |
| 91 | ### Ad-hoc |
| 92 | |
| 93 | Lint specified files and report any found issue. |
| 94 | |
| 95 | You can lint selected files: |
| 96 | |
| 97 | ```shell |
| 98 | pint lint rules.yml |
| 99 | ``` |
| 100 | |
| 101 | or directories: |
| 102 | |
| 103 | ```shell |
| 104 | pint lint path/to/dir |
| 105 | ``` |
| 106 | |
| 107 | or both: |
| 108 | |
| 109 | ```shell |
| 110 | pint lint path/to/dir file.yml path/file.yml path/dir |
| 111 | ``` |
| 112 | |
| 113 | ### Watch mode |
| 114 | |
| 115 | Run pint as a daemon in watch mode: |
| 116 | |
| 117 | ```shell |
| 118 | pint watch rules.yml |
| 119 | ``` |
| 120 | |
| 121 | By default it will start a HTTP server on port `8080` and run all checks every |
| 122 | 10 minutes. This can be customized by passing extra flags to the `watch` command. |
| 123 | Run `pint watch -h` to see all available flags. |
| 124 | |
| 125 | Query `/metrics` to see all expose metrics, example with default flags: |
| 126 | |
| 127 | ```shell |
| 128 | curl -s http://localhost:8080/metrics |
| 129 | ``` |
| 130 | |
| 131 | Or setup Prometheus scrape job: |
| 132 | |
| 133 | ```yaml |
| 134 | scrape_configs: |
| 135 | - job_name: pint |
| 136 | static_configs: |
| 137 | - targets: ['localhost:8080'] |
| 138 | ``` |
| 139 | |
| 140 | Available metrics: |
| 141 | |
| 142 | - `pint_problem` - exported for every problem detected by pint. |
| 143 | To avoid exposing too many metrics at once pass `--max-problems` flag to watch command. |
| 144 | When this flag is set pint will expose only up to `--max-problems` value number of |
| 145 | `pint_problem` metrics. |
| 146 | - `pint_problems` - this metric is the total number of all problems detected by pint, |
| 147 | including those not exported due to the `--max-problems` flag. |
| 148 | |
| 149 | `pint problem` metric can include `owner` label for each rule. This is useful |
| 150 | to route alerts based on metrics to the right team. |
| 151 | To set a rule owner add a `# pint file/owner $owner` comment in a file, to set |
| 152 | an owner for all rules in that file. You can also set an owner per rule, by adding |
| 153 | `# pint rule/owner $owner` comment around given rule. |
| 154 | |
| 155 | Example: |
| 156 | |
| 157 | ```yaml |
| 158 | # pint file/owner bob |
| 159 | |
| 160 | - alert: ... |
| 161 | expr: ... |
| 162 | |
| 163 | # pint rule/owner alice |
| 164 | - alert: ... |
| 165 | expr: ... |
| 166 | ``` |
| 167 | |
| 168 | Here's an example alert you can use for problems detected by pint: |
| 169 | |
| 170 | {% raw %} |
| 171 | ```yaml |
| 172 | - alert: Pint Problem Detected |
| 173 | # pint_problem is only present if pint detects any problems |
| 174 | # pint disable promql/series(pint_problem) |
| 175 | expr: | |
| 176 | sum without(instance, problem) (pint_problem) > 0 |
| 177 | for: 1h |
| 178 | annotations: |
| 179 | summary: | |
| 180 | {{ with printf "pint_problem{filename='%s', name='%s', reporter='%s'}" .Labels.filename .Labels.name .Labels.reporter | query }} |
| 181 | {{ . | first | label "problem" }} |
| 182 | {{ end }} |
| 183 | docs: "https://cloudflare.github.io/pint/checks/{{ $labels.reporter }}.html" |
| 184 | ``` |
| 185 | {% endraw %} |
| 186 | |
| 187 | ## Release Notes |
| 188 | |
| 189 | See [changelog](changelog.md) for history of changes. |
| 190 | |
| 191 | ## Quick start |
| 192 | |
| 193 | Requirements: |
| 194 | |
| 195 | - [Git](https://git-scm.com/) |
| 196 | - [Go](https://golang.org/) - current stable release |
| 197 | |
| 198 | Steps: |
| 199 | |
| 200 | 1. Download a binary from [Releases](https://github.com/cloudflare/pint/releases) page |
| 201 | or build from source: |
| 202 | |
| 203 | ```shell |
| 204 | git clone https://github.com/cloudflare/pint.git |
| 205 | cd pint |
| 206 | make |
| 207 | ``` |
| 208 | |
| 209 | 2. Run a simple syntax check on Prometheus |
| 210 | [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) |
| 211 | or [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) |
| 212 | rules file(s). |
| 213 | |
| 214 | ```shell |
| 215 | ./pint lint /etc/prometheus/*.rules.yml |
| 216 | ``` |
| 217 | |
| 218 | 3. Configuration file is optional, but without it pint will only run very basic |
| 219 | syntax checks. See [configuration](configuration.md) for details on |
| 220 | config syntax. |
| 221 | By default pint will try to load configuration from `.pint.hcl`, you can |
| 222 | specify a different path using `--config` flag: |
| 223 | |
| 224 | ```shell |
| 225 | ./pint --config /etc/pint.hcl lint /etc/prometheus/rules/*.yml |
| 226 | ``` |
| 227 | |