- Fixed a crash when parsing
vector()calls with non-number arguments.
- Improved the accuracy of alerts/template check.
- Improved message formatting in the alerts/template check.
-
Added
--checkstyleflag topint lint&pint cifor writing XML report file incheckstyleformat - #1129. -
Added
--jsonflag to bothpint lintandpint cicommands, this enables writing a JSON file with the report of all problems #606. -
promql/fragile will now warn when alerting rules are using one of the aggregation operation that can return different series on every evaluation, which can cause alert floppiness - #820.
-
promql/regexp check now supports extra configuration options to disable reports on smelly selector - #1096.
-
Checks can be enabled or disabled specifically for some Prometheus rules via
rule {}config blocks. Addingenableordisableoption with a list of checks names allows to selectively enable or disable checks only for Prometheus rules that match givenrule {}definition. Enabling checks only for matching rules will only work if these checks are disabled globally viacheck { disabled = [] }config block. For example to disablepromql/ratecheck for all rules except alerting rules in therules/criticalfolder:checks { // This will disable promql/rate by default. disabled = [ "promql/rate" ] } rule { match { path = "rules/critical/.*" kind = "alerting" } // This will enable promql/rate only for Prometheus rules matching all our match conditions above. enable = [ "promql/rate" ] }
- alerts/template check was refactored and will now produce more accurate results. Messages produced by this check might include details of the PromQL query fragment causing the problem if the query is complex enough.
- Don't try to create GitLab comments on unmodified lines - #1147.
- Fixed message formatting in the promql/series check.
- Added
fallbackTimeoutoption to the promql/series check that controls how much time pint can spend checking other Prometheus servers for missing metrics.
- Reverted
Fixed colored output on some environments - #1106change as it was breaking GitHub report comments. - Fixed panics in rule/duplicate check.
- Fixed GitHub actions permissions.
- Improved accuracy of the rule/duplicate check.
- Fixed GitHub reporter trying to create pull request comments to unmodified lines - #1120.
- Fixed colored output on some environments - #1106.
- Show correct line number when reporting YAML syntax errors.
- Fixed a bug in
matchblockstatehandling that caused all rules to always match any state.
- promql/regexp check will now look for smelly regexp selectors. See check docs for details.
- promql/range_query now allows to configure a custom maximum duration for range queries - #1064.
- Added
--enabledflag to the pint command. Passing this flag will only run selected check(s). - Added
stateoption to the rulematchblock. See configuration docs for details.
- Don't try to report problem on unmodified files when using GitHub reporter.
- If there is a pint config file present then pint will now always add it to the
parserblockexcludelist. This is to avoid trying to parse it as a rule file if it's included in the same folder as rules.
- Validate
ignoreLabelsValueoption values in the pint config.
- Added
ignoreLabelsValueto promql/series check settings. - Added
include&excludeoptions were moved from thecito theparserconfiguration block. They now apply to all pint commands, not justpint ci- #631.
- Added alerts/absent check.
- Added rule/name check - #1020.
- promql/vector_matching will now report more details, including which Prometheus server reports problems and which part of the query is the issue.
- GitHub report code was refactored, it should behave as before.
- When running
pint cipint will now run all checks on unmodified rules when afile/disablecomment was removed.
- Fixed false positive warnings from alerts/comparison when using
absent_over_time(). - GitHub reporter will now wait before making more requests if it's rate limited - #699.
- When using BitBucket reporter
pint cimight create a comment longer than the limit allowed by BitBucket. To avoid this pint will now truncate long comments.
- Fixed false positive warnings from rule/dependency check.
- promql/series check will now generate warnings if there are
# pint disableor# pint rule/setcomments that are not matching any valid query selector or Prometheus server.
- promql/series will now parse
rule/setcomments that target specific time series selectors in PromQL the same way as# pint disablecomments do.
- Fixed false positive reports about removed rules when running
pint cion a branch that contains YAML syntax errors.
- Fixed release workflow on GitHub.
- Don't suggest using
humanizewhen alert template is already using printf on format the$value. - Fixed git history parsing when running
pint cion a branch that include merge commits.
- Refactored YAML syntax checks to avoid using rulefmt.Parse and effectively parsing rules twice. Some error messages will have different formatting.
- alerts/annotations and rule/label will now report when a label or annotation is required but set to an empty value.
- Fixed handling of
# pint ignore/linecomments on line including multiple#characters. - When reporting problems all messages will now use
publicURIfrom eachprometheusdefinition.
- Added GitLab support when running
pint ci.
- Reduced severity of problems reported by promql/counter due to high number of false positives. It will now report warnings instead of errors.
- Fixed false positive reports from rule/duplicate when a rule file is being deleted and the rules are moved to a different file.
- Correctly handle default Prometheus retention value in promql/range_query check - #958.
- Fixed false positives from rule/duplicate check
when running
pint cion files that are both edited and renamed in the same PR. - rule/dependency will no longer report removed symlinks.
- Fixed compatibility with older git releases.
- Fixed
maxCommentsdefaulting to zero when using GitHub reporter. - Fixed
maxCommentscomment creation on GitHub - #935.
- Fixed release workflow on GitHub actions.
- GitHub and BitBucket reporters now supports
maxCommentsoption to limit the number of comments pint can create on a single pull request. Default value ofmaxCommentsis50.
- query/cost will now only create reports if a query is more expensive than any of the configured limits.
- Fixed duplicated reports when using BitBucket reporter.
- promql/counter check will now consider a metric
to be a counter only if all metadata entries for it use
TYPE counter. Previously it would check for at least one metadata entry withTYPE counter.
-
Added promql/counter check - #655.
-
Check using custom rules now accept an optional
commentoption for adding a text comment to all reported problems. Checks supportingcommentoption:- alerts/annotation
- alerts/count
- promql/aggregate
- query/cost
- rule/for
- rule/label
- rule/link
- rule/reject Example:
for { comment = "All alert rules must have `for: 5m` (or more) to avoid flaky alerts." severity = "bug" min = "5m" }
- labels/conflict check will now warn if alerting rule is setting labels that are already configured as external labels.
-
pint watchcommand now has two sub-commands:pint watch globandpint watch rule_files. See watch mode docs for details. -
promql/series check will now ignore missing metrics if the query uses a fallback with
or vector(1). This will reduce the number of reported missing metrics for queries where the intention is to accept and ignore missing metrics. Example of a rule that will no longer report problems:- alert: Foo expr: sum(my_metric or vector(0)) > 1
- Fixed false positive reports from rule/duplicate when using symlinks.
- Fixed support for multi-document YAML files when using relaxed parsed mode - #746.
-
rule/dependency check will now warn if an alerting rule that's being removed in a pull request is being used inside
ALERTS{alertname="..."}orALERTS_FOR_STATE{alertname="..."}queries. -
pint will now perform extra validation of YAML files to ensure that all values are mappings and strings. This will error on rules where, for example, label value is unquoted number:
Bad rule:
- alert: DeadMansSwitch expr: vector(1) labels: priority: 5
Good rule:
- alert: DeadMansSwitch expr: vector(1) labels: priority: "5"
- A large part of rule parsing code was refactored and more problems will now be deduplicated.
- Improved validation of labels and annotations.
- pint will now report any comment that looks like a pint control comment but cannot be parsed correctly.
- Fixed a crash when running
pint ciand usingignore/filecomments.
- Both alerts/annotation and rule/label
now support more advance validation of label and annotation values with extra
tokenoption. In addition to thevalueregexp matching you can also validate values against a static list of allowed values using newvaluesoption. See both checks documentation for detail.
- More reports will now be merged into a single comments when using BitBucket.
- Fixed YAML anchor parsing.
- Fixed regexp matching for label names in rule/label.
- Fixed a few bugs in control comment parsing code.
- BitBucket tasks were not marked as resolved correctly.
- Added rule/dependency check.
- When running
pint cipint will now first try to parse all files in current working directory, before checking for files modified on current branch. This is to have a full list of all rules, which is needed for checks like newly added rule/dependency. This can slowpintruns if there's a lot of files in your repository. If there are non-rule files these may fail to parse and result in check errors. To avoid any errors or slowdowns from scanning unrelated files you might need to addcisection to.pint.hclwithincludeand/orexcludeoptions set. See examples/ci.hcl for an example config. BugandFatalseverity problems are now reported as tasks when using BitBucket.- promql/regexp will now check for more problems with vector selectors.
pintwill no longer run dynamic Prometheus discovery when--offlineflag is passed.
- Fixed alert preview link on
alerts/countreports.
pint cinow uses a new logic for deciding which rules have changed when validating pull requests. Changes that would previously be invisible to pint, like modifying comments or moving the entire rules file, will now trigger checks for affected rules.- pint will now try to create fewer BitBucket comments by merging multiple problem reports into a single comment.
- Control comment handling code was refactored, there are some additional rules
that comment must follow. See
Control commentssection in pint docs.
- Fixed false positive reports from
promql/regexp- #782. Informationlevel reports using BitBucket were using wrong comment icon.
alerts/countcheck wasn't usinguptimefield fromprometheusconfig blocks for metric gap detection.
- Added alerts/external_labels check.
- Added support for reporting problems to TeamCity using Service Messages.
To enable run it run
pint --teamcity lintorpint --teamcity ci. - Problems reported to BitBucket and GitHub will now include more details.
- Added
publicURIfield toprometheusconfiguration blocks.
- When promql/series finds that a time series used by a rule is missing it will now also check other defined Prometheus servers and add that information to the report. This allows pint to flag rules that are most likely deployed to the wrong servers, using missing scrape jobs.
- Reporting problems to BitBucket will now use comments instead of annotations. This is only if there is an open pull request for tested branch, if there is no open pull request problems will be reported using code insight annotations.
- Fixed
pint watchto correctly work withdiscovery.
- Prometheus
templateunderdiscoveryblock can now templateincludeandexcludefields.
- Prometheus servers can now be dynamically configured using one of supported discovery mechanism: file paths or Prometheus metrics query.
-
alerts/templatecheck can now report problems with alerting rules when trying to use templates on a query that doesn't produce any labels at all. For example when usingvector(...)function:{% raw %}
- alert: DeadMansSwitch expr: vector(1) annotations: summary: Deadman's switch on {{ $labels.instance }} is firing
{% endraw %}
-
alerts/comparisoncheck can now warn if alerting rules use a query withfoo > 0 OR vector(1), which would always fire. -
alerts/templatecheck will now look checkon(...)clause on binary expressions. Whenon(...)is set only labels listed there will appear on result metrics. For exampleapp_typehere cannot appear on query results, even if it's present onfootime series.- alert: ... expr: foo / on (instance, app_name) bar annotations: summary: ... {{ $labels.app_type }} ...
- Added support for
keep_firing_forin alerting rules - #713. - Added
rule/keep_firing_forcheck - #713. - Added
alerts/countcheck will now estimate alerts usingkeep_firing_forfield if set - #713. - Configuration rule
matchblock supports a new filterkeep_firing_for.
- The
query/costcheck can now use Prometheus query stats to verify query evaluation time and the number of samples used by a query. See query/cost docs for details.
- Fixed a crash in
promql/seriescheck when Prometheus instance becomes unavailable - #682. - Fixed false positive reports in
alerts/templatecheck - #681.
- Rule names were not checked for correctly, allowing for rules with empty names to pass checks.
- Fixed GitHub annotations being added to unmodified lines - #645.
- Added
excludeoption tociconfig block - #609. - Added
minCount&severitytoalerts/countcheck - #612. This allows to only show estimated alerts count only if there would be high enough (>= minCount) number of alerts. Settingseverityas well allows to block rules that would create too many alerts. - GitHub reporter will now included folded list of all problems in the summary comment - #608.
- Fixed
alerts/annotationcheck regexp matching - #613. - When running
pint ciusing GitHub integration annotation comments are now reported only on modified lines - #640.
- Fixed
--base-branchflag handling when branch name contains/.
- Added
--fail-onflag topint lintcommand - #570. - Added
tlssection toprometheusconfiguration block - #540.
- If a query run by pint fails because it was too expensive too run it will now be reported as a warning instead of an error.
- When validating queries using
{__name__=~"...", foo="bar"}selectors pint could end up running queries matching a single label, likecount({foo="bar"}), which could return too many results. This version ensures that queries always include name matcher to avoid that.
alerts/templatecheck didn't correctly handlelabel_replace()calls in queries - #568.
- Fixed
--base-branchflag handling. Value of this flag wasn't being used correctly - #559.
- Fixed incorrect results in
promql/seriescheck for time series with only a single data point.
- Fixed parsing of alert
forfield values with long durations (for: 1d).
-
Added
--fail-onflag topint cicommand - #525. -
promql/rate will now look for queries that call
rate()on results ofsum(counter)via recording rules. Example:- record: my:sum expr: sum(http_requests_total) - alert: my alert expr: rate(my:sum[5m])
-
Added rule/for check.
-
Added
ownersconfiguration block for setting the list of allowed rule owner values. See configuration for details.
pint lintoutput will now include severity level as a text label - #524.
- Fixed a bug in
pint cithat would cause a failure if a directory was renamed. - Fixed false positive reports from
promql/seriescheck when a time series disappears from Prometheus. - Fixed Prometheus flags parsing in
promql/range_querycheck.
- Allow snoozing checks for entire file using
# pint file/snooze ...comments. - Added
lookbackRangeandlookbackStepconfiguration option to the promql/series check - #493.
- Reverted GitHub integration to use Pull Request Review API - #490.
- GitHub integration now uses Check Runs API - #478.
# pint file/disablecomments didn't properly handle Prometheus tags, this is fixed now.
prometheusconfiguration blocks now acceptstagsfield with a list of tags. Tags can be used to disable or snooze specific checks on all Prometheus instances with that tag. See ignoring for details.
- Added
pint_rule_file_ownermetric.
- Added ability to expand environment variables in pint configuration file. See configuration for details.
-
Use uber-go/automaxprocs to automatically set GOMAXPROCS to match Linux container CPU quota.
-
Added labels/conflict check.
-
If you want to disable individual checks just for some time then you can now snooze them instead of disabling forever.
The difference between
# pint disable ...and# pint snooze ...comments is that the snooze comment must include a timestamp. Selected check will be disabled until that timestamp. Timestamp must either use RFC3339 syntax orYYYY-MM-DD(if you don't care about time and want to snooze until given date). Examples:# pint snooze 2023-01-12T10:00:00Z promql/series # pint snooze 2023-01-12 promql/rate - record: ... expr: ...
-
Removed
cacheoption fromprometheusconfig blocks. Query cache will now auto-size itself as needed.If you have a config entry with
cacheoption, example:prometheus "prod" { uri = "https://prometheus.example.com" cache = 20000 }
Then pint will fail to start. To fix this simply remove the
cacheoption:prometheus "prod" { uri = "https://prometheus.example.com" }
- Added rule/duplicate check.
- Fixed a regression causing poor query cache hit rate.
-
Added
uptimefield inprometheusconfiguration block. This field can be used to set a custom metric used for Prometheus uptime checks and by default usesupmetric. If you have a Prometheus with a large number of scrape targets there might be a huge number ofuptime series making those uptime checks slow to run. If your Prometheus is configured to scrape itself, then you most likely want to use one of metrics exported by Prometheus, likeprometheus_build_info:prometheus "prod" { uri = "https://prometheus.example.com" uptime = "prometheus_build_info" }
- Refactored some queries used by promql/series check to avoid sending queries that might be very slow and/or return a huge amount of data.
- Prometheus query cache now takes into account the size of cached response.
This makes memory usage needed for query cache more predictable.
As a result the
cacheoption forprometheusconfig block now meansthe number of time series cachedinstead ofthe number of responses cachedand the default for this option is now50000.
- promql/vector_matching was sending expensive queries resulting in high memory usage, this is now fixed.
- Added
pint_prometheus_cache_evictions_totalmetric tracking the number of times cache results were evicted from query cache. - Allow disabling individual checks for the entire file using
# pint file/disable ...comments.
- Refactored query cache to only store queries that are requested more than once. This will avoid storing big responses that are never requested from the cache.
- Config validation will now check for duplicated
prometheusblock names.
- Fixed performance regression slowing down
pint watchover time.
-
prometheusconfiguration block now accepts optionalheadersfield, for setting request headers that will be attached to any request made to given Prometheus server. Example:prometheus "protected" { uri = "https://prod.example.com" headers = { "X-Auth": "secret", "X-User": "bob" }
- Prometheus range query handling was rewritten to improve memory usage caused by queries returning huge number of results. As a result pint should use up to 5x less memory.
-
Fixed false positive reports in promql/vector_matching for rules using
on(...). Example:sum(foo) without(instance) * on(app_name) group_left() bar -
Don't log passwords when Prometheus URI is using basic authentication.
-
Fixed false positive reports in alerts/template suggesting to use
humanizeon queries that already useround(). -
Fixed false positive reports in alerts/comparison when
boolmodifier is used on a condition that is guarded by another condition. Example:alert: Foo expr: (foo > 1) > bool 1
-
Fixed false positive reports in alerts/template warning about labels removed in a query despite being re-added by a join.
- Fixed incorrect line number reporting on BitBucket annotations.
- Fixed handling of symlinks when running
pint lintandpint watchcommands.
-
BitBucket only allows for annotations on modified lines, so when a high severity problem is reported on unmodified line pint will move that annotation to the first modified line, so it's still visible in BitBucket. Now pint will also add a note to that annotation to make it clear that the problem is really on a different line.
-
alerts/template will now run extra checks to validate syntax of queries executed from within alerting rule templates.
Example template using
sum(xxxquery that's missing closing):{% raw %}
- alert: ... expr: ... annotations: summary: | {{ with query "sum(xxx" }} {{ . | first | value | humanize }} {{ end }}
{% endraw %}
-
If a file is ignored pint will now note that using
Informationlevel annotation. This will make it more obvious that a CI check passed because pint didn't run any checks due to file being excluded.
-
Prometheus rule files can be symlinked between directories. If the symlink source and target files are in a different directory they can end up querying different Prometheus server when running ping checks. This means that when modifying symlink target file checks must be executed against both symlink source and target. Until now pint was ignoring symlinks but starting with this release it will try to follow them. This means that if you modify a file that has symlinks pointing to them pint will try run checks against those symlinks too.
NOTE: pint can only detect and check symlinks if they are located in the current working directory (as seen by running pint process) or its sub-directories.
- Fixed a regression in promql/vector_matching that would cause a panic when parsing function calls with optional arguments.
- promql/vector_matching was incorrectly handling queries containing function calls with multiple arguments.
- Revert 'Use smaller buffers when decoding Prometheus API responses' change.
- Use smaller buffers when decoding Prometheus API responses.
- Fixed wrong request formatting for Prometheus metric metadata queries.
- Switched from using prometheus/client_golang API client to streaming JSON library prymitive/current
- Avoid reporting same issue multiple times in
promql/rateandpromql/regexpchecks.
- Updated Prometheus modules to v2.38.0.
This adds support for
toTimetemplate function.
- Fixed symlink handling when running
pint lint.
- Remove noisy debug logs.
- Added
pint_prometheus_cache_miss_totalmetric.
- Reduce log level for
File parsedmessages.
- Purge expired cache entries faster to reduce memory usage.
- Fix
absent()handling in alerts/comparison #330.
- Added
--min-severityflag to thepint lintcommand. Default value is set towarning.
- Fix a regression in promql/vector_matching introduced in previous release.
- Fix promql/series disable comments not working when there are multiple comments on a rule.
- promql/series no longer emits an information message
metric is generated by alerts ....
- Don't use
topkin promql/vector_matching check to avoid false positives.
- promql/rate check will now also validate
derivfunction usage. - alerts/annotation check will now recommend using one of
humanize functions if alert query is returning results based on
rate()and the value is used in annotations.
-
promql/series check now supports more flexible
# pint disable promql/series(...)comments. Adding a comment# pint disable promql/series({cluster="dev"})will disable this check for any metric selector withcluster="dev"matcher. -
query/cost check will now calculate how much Prometheus memory will be needed for storing results of given query.
bytesPerSampleoption that was previously used to calculate this was removed. -
prometheus {}config block now allows to pass a list of paths to explicitly ignore by settingexcludeoption. Existingpathsoption was renamed toincludefor consistency. Example migration:prometheus "foo" { [...] paths = [ "rules/.*" ] }
becomes
prometheus "foo" { [...] include = [ "rules/.*" ] }
pint_last_run_checksandpint_last_run_checks_donewere not updated properly.
- Deduplicate reports where possible to avoid showing same issue twice.
- rule/link check for validating URIs found in alerting rule annotations.
- Add more details to BitBucket CI reports.
- More compact console output when running
pint lint.
- promql/range_query check.
- Strict parsing mode shouldn't fail on template errors, those will be later
reported by
alerts/templatecheck.
- All timeout options are now optional. This includes following config blocks:
prometheus { timeout = ... }repository { bitbucket { timeout = ... } }repository { github { timeout = ... } }
pintwill now try to discover all repository settings from environment variables when run as part of GitHub Actions workflow and so it doesn't need anyrepository { github { ... } }configuration block for that anymore. SettingGITHUB_AUTH_TOKENis the only requirement for GitHub Actions now.
- Fixed line reporting on some strict parser errors.
- Added
--base-branchflag topint cicommand.
- Added rate limit for Prometheus API requests with a default value of 100
requests per second. To customise it set
rateLimitfield inside selectedprometheusserver definition. - Added
pint_last_run_checksandpint_last_run_checks_donemetrics to track progress when runningpint watch.
- Improved range query cache efficiency.
- Added extra global configuration for
promql/seriescheck. See check documentation for details. prometheusserver definition inpintconfig file can now accept optionalcachefield (defaults to 10000) to allow fine tuning of built-in Prometheus API query caching.- Added
pint_prometheus_cache_sizemetric that exposes the number of entries currently in the query cache.
- Improved error reporting when strict mode is enabled.
- Fixed high memory usage when running range queries against Prometheus servers.
-
The way
pintsends API requests to Prometheus was changed to improve performance.First change is that each
prometheusserver definition inpintconfig file can now accept optionalconcurrencyfield (defaults to 16) that sets a limit on how many concurrent requests can that server receive. There is a new metric that tracks how many queries are currently being run for each Prometheus server -pint_prometheus_queries_running.Second change is that range queries will now be split into smaller queries, so if
pintneeds to run a range query on one week of metrics, then it will break this down into multiple queries each for a two hour slot, and then merge all the results. Previously it would try to run a single query for a whole week and if that failed it would reduce time range until a query would succeed.
- Strict parsing mode didn't fully validate rule group files, this is now fixed and pint runs the same set of checks as Prometheus.
- Fixed
promql/serieshandling of rules with{__name__=~"foo|bar"}queries. - If Prometheus was stopped or restarted
promql/serieswould occasionally report metrics as "sometimes present". This check will now try to find time ranges with no metrics in Prometheus and ignore these when checking if metrics are present.
pint_prometheus_queries_totalandpint_prometheus_cache_hits_totalmetric wasn't always correctly updated.- Ignore
unknownmetric types inpromql/rate.
promql/ratecheck will now report ifrate()orirate()function is being passed a non-counter metric.
- pint will now correctly handle YAML anchors.
-
Parsing files in relaxed mode will now try to find rules inside multi-line strings #252. This allows direct linting of k8s manifests like the one below:
--- kind: ConfigMap apiVersion: v1 metadata: name: example-app-alerts labels: app: example-app data: alerts: | groups: - name: example-app-alerts rules: - alert: Example_Is_Down expr: kube_deployment_status_replicas_available{namespace="example-app"} < 1 for: 5m labels: priority: "2" environment: production annotations: summary: "No replicas for Example have been running for 5 minutes"
- Fixed incorrect line reported when pint fails to unmarshal YAML file.
- Allow fine tuning
promql/seriescheck with extra control comments# pint rule/set promql/series min-age ...and# pint rule/set promql/series ignore/label-value ...See promql/series for details. promql/regexpwill report redundant use of regex anchors.
promql/serieswill now report missing metrics only if they were last seen over 2 hours ago by default. This can be customised per rule with comments.
- Fix problem line reporting for
rule/ownercheck. - Add missing
rule/ownerdocumentation page.
- Fixed false positive reports from
promql/seriescheck when runningpint watch.
- Added
pint_last_run_duration_secondsmetric. - Added
--require-ownerflag support topint cicommand.
- Better handling of YAML unmarshal errors.
- Fixed false positive reports from
alerts/templatecheck whenabsent()is used inside a binary expression.
- File parse errors didn't report correct line numbers when running
pint ci.
- File parse errors were not reported correctly when running
pint ci.
- Handle
504 Gateway TimeoutHTTP responses from Prometheus same as query timeouts and retry with a shorter range query.
- When running
pint ciall checks will be skipped if any commit contains[skip ci]or[no ci]string in the commit message.
-
By default pint will now parse all files in strict mode, where all rule files must have the exact syntax Prometheus expects:
groups: - name: example rules: - record: ... expr: ...
Previous releases were only looking for individual rules so
groupsobject wasn't required. Now pint will fail to read any file that doesn't follow Prometheus syntax exactly. To enable old behaviour addparser { relaxed = ["(.+)", ...]}option in the config file. See Configuration for details. To enable old (relaxed) behaviour for all files add:parser { relaxed = ["(.*)"] }
- Improved
promql/vector_matchingchecks to detect more issues. - Fixed reporting of problems detected on unmodified lines when running
pint ci.
- Fixed false positive reports from
alerts/templatecheck whenabsent()function is receiving labels from a binary expression.
- When running
pint watchexported metric can includeownerlabel for each rule. This is useful to route alerts based onpint_problemmetrics to the right team. To set a rule owner add a# pint file/owner $ownercomment in a file, to set an owner for all rules in that file. You can also set an owner per rule, by adding# pint rule/owner $ownercomment around given rule. To enforce ownership comments in all files pass--require-ownerflag topint lint.
promql/seriescheck no longer runs duplicated checks on source metrics when a query depends on a recording rule added in the same PR.
promql/seriescheck was reporting that a metric stopped being exported when check queries would require a few retries.
promql/seriescheck was reporting bothWarningandBugproblems for the same metric when it was using newly added recording rule.
- Fixed false positive reports from
promql/fragilewhenfoo OR baris used inside aggregation.
- Use more efficient queries for
promql/seriescheck. - Fixed YAML parsing panics detected by Go 1.18 fuzzing.
- Improved query cache hit rate and added
pint_prometheus_cache_hits_totalmetric to track the number of cache hits.
- When a range query returns
query processing would load too many samples into memoryerror and we retry it with smaller time range cache this information and start with that smaller time range for future calls to speed up runningpint watch.
- Always print the number of detected problems when running
pint lint. promql/seriescheck was refactored and will now detect a range of problems. See promql/series for details.promql/regexpseverity is nowBuginstead of aWarning.promql/ratecheck will no longer produce warnings, it will only report issues that cause queries to never return anything.
-
Allow matching alerting rules by
forfield - #148. Example:rule { match { for = ">= 10m" } }
-
Regexp matchers used in check rules can now reference rule fields. See Configuration for details.
- Added
filenamelabel topint_problemmetric - #170. - Include Prometheus server URI in reported problems.
- Fixed
pint cihandling when a file was added to git and then removed in the next commit.
yaml/parsewas using incorrect line numbers for errors caused by duplicated YAML keys.
- Don't use fail-over Prometheus servers in case of errors caused by the query
itself, like
many-to-many matching not allowed.
-
yaml/parseerror will be raised if a rule file contains duplicated keys, example:- record: foo expr: sum(my_metric) expr: sum(my_metric) without(instance)
prometheusconfig block now allows to specify fail-over URIs usingfailoverfield. If fail-over URIs are set and main URI fails to respond pint will attempt to use them in the order specified until one of them works.prometheusconfig block now allows to define how upstream errors are handled usingrequiredfield. Ifrequiredis set totrueany check that depends on remote Prometheus server will be reported asbugif it's unable to talk to it. Ifrequiredis set tofalsepint will only emitwarninglevel results. Default value forrequiredisfalse. Set it totrueif you want to hard fail in case of remote Prometheus issues. Note that setting it totruemight block PRs when runningpint ciuntil pint is able to talk to Prometheus again.- Renamed
pint/parsetoyaml/parseand added missing documentation for it.
- Added
pint_last_run_time_secondsandpint_rules_parsed_totalmetrics when runningpint watch.
promql/comparisononly applies to alerts, so it was renamed toalerts/comparison.- Online documentation hosted at cloudflare.github.io/pint was reworked.
alerts/countcheck will now retry range queries with shorter time window onfound duplicate series for the match group ...errors from Prometheus.
pint_prometheus_queries_totalandpint_prometheus_query_errors_totalmetrics were not incremented correctly.
- Added
promql/regexpcheck that will warn about unnecessary regexp matchers. - Added
pint_prometheus_queries_totalandpint_prometheus_query_errors_totalmetric when runningpint watch.
- Fixed a number of bug with
promql/vector_matchingcheck.
query/seriescheck was renamed topromql/series.
- Improved the logic of
promql/vector_matchingcheck.
- Removed
lineslabel frompint_problemmetric exported when runningpint watch. - Multiple
matchandignoreblocks can now be specified per eachrule.
- Export
pint_versionmetric when runningpint watch. - Added
--min-severityflag topint watchcommand.
- Added
--max-problemsflag topint watchcommand.
- Updated Prometheus modules to v2.33.0.
This adds support for
stripPorttemplate function.
- Added new
promql/fragilecheck. - BitBucket reports will now include a link to documentation.
--workersflag to control the number of worker threads for running checks.
- More aggressive range reduction for
query processing would load too many samples into memoryerrors when sending range queries to Prometheus servers.
- Added
commandfilter tomatch/ignoreblocks. This allows to include skip some checks when (for example) runningpint watchbut include them inpint lintrun.
- Cache each Prometheus server responses to minimise the number of API calls.
pint watchwill start a daemon that will continuously check all matching rules and expose metrics describing all discovered problems.
alerts/annotationandrule/labelnow includerequiredflag value in# pint disable ...comments. Rename# pint disable alerts/annotation($name)to# pint disable alerts/annotation($name:$required)and# pint disable rule/label($name)to# pint disable rule/label($name:$required).--offlineand--disabledflags are now global, usepint --offline lintinstead ofpint lint --offline.
promql/rate,query/seriesandpromql/vector_matchingchecks were not enabled for all definedprometheus {}blocks unless there was at least onerule {}block.annotationbasedmatchblocks didn't work correctly.
- File renames were not handled correctly when running
git cion branches with multiple commits.
- Allow disabling
query/seriescheck for individual series using# pint disable query/series(my_metric_name)comments.
- Fixed docker builds.
aggregatecheck didn't report stripping required labels on queries using aggregation with no grouping labels (sum(foo)).aggregatecheck didn't test for name and label matches on alert rules.
templatecheck will now include alert query line numbers when reporting issues.
- Labels returned by
absent()are only from equal match types (absent(foo="bar"), notabsent(foo=~"bar.+")butalerts/templatedidn't test for match type when checking for labels sourced fromabsent()queries.
aggregatecheck was refactored and uses to run a single test for bothbyandwithoutconditions. As a result this check might now find issues previously undetected. Check suppression comments will need to be migrated:# pint disable promql/bybecomes# pint disable promql/aggregate# pint disable promql/withoutbecomes# pint disable promql/aggregate# pint ignore promql/bybecomes# pint ignore promql/aggregate# pint ignore promql/withoutbecomes# pint ignore promql/aggregate
- Fixed false positive reports in
aggregatecheck.
--no-colorflag for disabling output colouring.
- Fixed duplicated warnings when multiple
rule {...}blocks where configured.
- Specifying multiple
# pint disable ...comments on a single rule would only apply last comment. This now works correctly and all comments will be applied.
- Added
alerts/forcheck that will look for invalidforvalues in alerting rules. This check is enabled by default.
comparisoncheck is now enabled by default and require no configuration. Removecomparison{ ... }blocks from pint config file when upgrading.templatecheck is now enabled by default and require no configuration. Removetemplate{ ... }blocks from pint config file when upgrading.ratecheck is now enabled by default for all configured Prometheus servers. Removerate{ ... }blocks from pint config file when upgrading.seriescheck is now enabled by default for all configured Prometheus servers. Removeseries{ ... }blocks from pint config file when upgrading.vector_matchingcheck is now enabled by default for all configured Prometheus servers. Removevector_matching{ ... }blocks from pint config file when upgrading.
- Support
parseDurationfunction in alert templates added in Prometheus 2.32.0
- Fixed
seriescheck handling of queries with{__name__="foo"}selectors.
- Fixed
templatecheck handling ofabsentcalls on aggregated metrics, likeabsent(sum(nonexistent{job="myjob"})).
-
templatecheck will now warn if any template is referencing a label that is not passed toabsent(). Example:{% raw %}
- alert: Foo expr: absent(foo{env="prod"}) annotations: summary: "foo metric is missing for job {{ $labels.job }}"
{% endraw %}
Would generate a warning since
absent()can only return labels that are explicitly passed to it and the above call only passesenvlabel. This can be fixed by updating the query toabsent(foo{env="prod", job="bar"}).
-
comparisoncheck will now warn when alert query uses bool modifier after condition, which can cause alert to always fire. Example:- alert: Foo expr: rate(error_count[5m]) > bool 5
Having
boolas part of> 5condition means that the query will return value1when condition is met, and0when it's not. Rather than returning value ofrate(error_count[5m])only when that value is> 5. Since all results of an alerting ruleexprare considered alerts such alert rule could always fire, regardless of the value returned byrate(error_count[5m]).
comparisoncheck will now ignoreabsent(foo)alert queries without any condition.
--offlineflag forpint cicommand.
- Fixed
templatecheck panic when alert query had a syntax error.
ruleblock can now specifyignoreconditions that have the same syntax asmatchbut will disablerulefor matching alerting and recording rules #48.matchandignoreblocks can now filter alerting and recording rules by name.recordwill be used as name for recording rules andalertfor alerting rules.
-
--offlineflag forpint lintcommand. When passed only checks that don't send any live queries to Prometheus server will be run. -
templatecheck will now warn if template if referencing a label that is being stripped by aggregation. Example:{% raw %}
- alert: Foo expr: count(up) without(instance) == 0 annotations: summary: "foo is down on {{ $labels.instance }}"
{% endraw %}
Would generate a warning since
instancelabel is being stripped bywithout(instance).
- Fixed file descriptor leak due to missing file
Close()#69.
- Retry queries that error with
query processing would load too many samples into memoryusing a smaller time range.
vector_matchingcheck for finding queries with incorrecton()orignoring()keywords.
comparisoncheck would trigger false positive for rules usingunlesskeyword.
# pint skip/lineplace between# pint skip/beginand# pint skip/endlines would reset ignore rules causing lines that should be ignored to be parsed.
valuecheck was replaced bytemplate, which covers the same functionality and more. See docs for details.