fix(prometheus-rules): escape PromQL $labels for Helm rendering#527
Closed
bussyjd wants to merge 1 commit into
Closed
fix(prometheus-rules): escape PromQL $labels for Helm rendering#527bussyjd wants to merge 1 commit into
bussyjd wants to merge 1 commit into
Conversation
PrometheusRule annotations use {{ $labels.X }} which Prometheus
evaluates at alert-firing time. When this file is rendered through
Helm (via chart: ./base in helmfile.yaml), Helm's Go-template engine
tries to evaluate $labels at chart-render time and fails with:
Error: UPGRADE FAILED: parse error at
(base-infra/templates/x402-prometheus-rules.yaml:N):
undefined variable "$labels"
Wrap each templated brace pair as {{ "{{" }}...{{ "}}" }} so Helm
emits literal Prometheus template syntax verbatim into the YAML
output, where Prometheus picks it up at alert-eval time.
Bug surfaced by integration-branch full stack-up; not caught by
`go test ./...` (unit tests don't render Helm) nor by the agent
worktree validation (which only checked Go-side compilation).
Recommend adding a CI smoke that pipes embedded *.yaml templates
through `helm template ./base` to catch this class going forward.
Stacks on PR #513 (which introduced the file in commit 27e1ac5).
This was referenced May 24, 2026
Closed
Collaborator
Author
|
Superseded by bundle PR #536 — closing in favor of the consolidated merge target. Original branch and history preserved. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
PrometheusRule annotations use
{{ $labels.X }}which Prometheus evaluates at alert-firing time. When this file is rendered through Helm (viachart: ./basein helmfile.yaml), Helm's Go-template engine tries to evaluate$labelsat chart-render time and fails:This blocks
obol stack upwhenever the file is re-applied.Before
After
Surfaced by
The 14-PR integration test campaign — full stack-up of integration branch combining all 15 PRs.
go test ./...doesn't render Helm so it didn't catch this; nor did the per-PR validation since none ranhelm template.Recommendation for follow-up
Add a CI smoke that pipes every embedded
*.yamltemplate throughhelm template ./baseto catch this class going forward.Stacks on
PR #513 (introduced the file in commit
27e1ac5). Once this lands, PRs #515/#516/#519/#524 (also stacked on #513) automatically pick up the fix when they rebase.Test plan
go build ./...cleanhelm templateworks on the fixed file (validated during the integration test stack-up — see plans/integration-test-L7-paid-flow-20260524.md)Bug #1 of 4 surfaced by integration testing
See
plans/integration-test-results-final-20260524.mdfor the full 4-bug list.