Skip to content

[release-12.0.5] Alerting: Fix copying of recording rule fields #110346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 3, 2025
Merged

[release-12.0.5] Alerting: Fix copying of recording rule fields #110346

merged 1 commit into from
Sep 3, 2025
+69 −3

Conversation

@moustafab
Copy link
Contributor

@moustafab moustafab commented Aug 29, 2025

Backport c73b3cc from #110311

Recording rule fields were not being copied correctly when duplicating an alert rule. This manifests as missing TargetDataSourceUID fields from the Record part of the rule when rules in a group are re-ordered.

Added some additional tests to ensure we cover the generation of recording rules in tests and fixed the copying logic to ensure all fields are copied correctly.

@moustafab
Alerting: Fix copying of recording rule fields
a91e570 
Recording rule fields were not being copied correctly when duplicating an alert rule. This manifests as missing `TargetDataSourceUID` fields from the `Record` part of the rule when rules in a group are re-ordered.

Added some additional tests to ensure we cover the generation of recording rules in tests and fixed the copying logic to ensure all fields are copied correctly.

(cherry picked from commit c73b3cc)
@moustafab moustafab requested a review from a team as a code owner August 29, 2025 14:23
@github-project-automation github-project-automation bot moved this to In review in Alerting Aug 29, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Aug 29, 2025

😢 zizmor failed with exit code 14.

Expand for full output 
error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/backend-code-checks.yml:3:1
   |
 3 | / on:
 4 | |   pull_request:
...  |
15 | |       - 'docs/**'
16 | |       - 'latest.json'
   | |_____________________^ generally used when publishing artifacts generated at runtime
17 |
...
31 |           uses: actions/setup-go@v5
32 | /         with:
33 | |           # Explicitly set Go version to 1.24.1 to ensure consistent OpenAPI spec generation
...  |
36 | |           go-version: 1.24.1
37 | |           cache: true
   | |_____________________^ opt-in for caching here
   |
   = note: audit confidence → Low

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/go-lint.yml:2:1
   |
 2 | / on:
 3 | |   push:
...  |
10 | |       - release-*.*.*
11 | |   pull_request:
   | |_______________^ generally used when publishing artifacts generated at runtime
12 |
...
22 |             persist-credentials: false
23 |         - uses: actions/setup-go@v5
   |           ^^^^^^^^^^^^^^^^^^^^^^^^^ cache enabled by default here
   |
   = note: audit confidence → Low

error[bot-conditions]: spoofable bot actor check
  --> ./.github/workflows/pr-dependabot-update-go-workspace.yml:18:3
   |
18 | /   update:
19 | |     runs-on: "ubuntu-latest"
20 | |     if: ${{ github.actor == 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository }}
   | |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ actor context may be spoofable
21 | |     continue-on-error: true
...  |
68 | |           git push origin "$BRANCH_NAME"
69 | |         fi
   | |___________^ this job
   |
   = note: audit confidence → Medium
   = note: this finding has an auto-fix

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/run-schema-v2-e2e.yml:3:1
   |
 3 | / on:
 4 | |   push:
...  |
 9 | |     branches:
10 | |       - '**'
   | |____________^ generally used when publishing artifacts generated at runtime
11 |
...
25 |         - name: Pin Go version to mod file
26 |           uses: actions/setup-go@v5
   |           ^^^^^^^^^^^^^^^^^^^^^^^^^ cache enabled by default here
   |
   = note: audit confidence → Low

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/run-schema-v2-e2e.yml:3:1
   |
 3 | / on:
 4 | |   push:
...  |
 9 | |     branches:
10 | |       - '**'
   | |____________^ generally used when publishing artifacts generated at runtime
11 |
...
30 |         - uses: actions/setup-node@v4
31 | /         with:
32 | |           node-version-file: '.nvmrc'
33 | |           cache: 'yarn'
   | |_______________________^ opt-in for caching here
   |
   = note: audit confidence → Low

201 findings (64 ignored, 132 suppressed, 1 fixable): 0 unknown, 0 informational, 0 low, 0 medium, 5 high

@moustafab moustafab merged commit 0d2ee90 into release-12.0.5 Sep 3, 2025
97 of 99 checks passed
@github-project-automation github-project-automation bot moved this from In review to Done in Alerting Sep 3, 2025
@moustafab moustafab deleted the backport-110311-to-release-12.0.5 branch September 3, 2025 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rwwiv rwwiv rwwiv approved these changes

Assignees

No one assigned

Labels

add to changelog area/alerting Grafana Alerting area/backend backport A backport PR type/bug

Projects

Alerting
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@moustafab @rwwiv