Add missing bucket resource definition

[forstmeier]

Overview

Changes

• add Grafana bucket
• various tweaks

Comments

I just added the bucket but I assume we're gonna have some changes if we setup something like Grafana Cloud.

Summary by CodeRabbit

• New Features

  • Added a new storage bucket for Grafana dashboards with appropriate access permissions.

• Chores

  • Updated resource names for improved clarity and consistency.
  • Temporarily disabled a type check in the Python linting process due to a known issue.
  • Made minor adjustments to configuration naming and volume settings in monitoring infrastructure.
  • Removed the infrastructure launch task from the project configuration.
  • Simplified and updated project contact and contribution guidelines across documentation.

[coderabbitai]

"""

Walkthrough

The changes comment out the uvx ty check command in the Python linting task within .mise.toml, add a new Grafana dashboards storage bucket and corresponding IAM permissions in infrastructure/buckets.py, and rename various configuration variables and resource names in infrastructure/monitoring.py for consistency. The infrastructure:up task was removed from .mise.toml. Documentation files were updated to replace Discord contact links with X (formerly Twitter) profiles. The todos.md file was deleted.

Changes

File(s)	Change Summary
.mise.toml	Commented out uvx ty check in python:lint task; removed infrastructure:up task; added explanatory comment.
infrastructure/buckets.py	Renamed IAM resource for object admin role; added Grafana dashboards bucket and IAM member for admin access.
infrastructure/monitoring.py	Renamed config variables and resource names for consistency; adjusted volume empty_dir field value.
.github/CODE_OF_CONDUCT.md,	Updated contact methods from Discord to X (Twitter); revised wording in code of conduct, contributing, and security docs.
.github/CONTRIBUTING.md
.github/SECURITY.md
README.md	Simplified contact instructions; replaced Discord and Twitter DM links with X profile links.
todos.md	Deleted detailed TODOs and code improvement suggestions document.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant Pulumi as Pulumi Infra
    participant GCS as Google Cloud Storage
    participant IAM as IAM

    Dev->>Pulumi: Define grafana_dashboards_bucket
    Pulumi->>GCS: Create "grafana-dashboards-bucket"
    Pulumi->>IAM: Grant objectAdmin role on grafana-dashboards-bucket to platform service account

Loading

Possibly related PRs

• add ty for type hinting #562: Disables the uvx ty check command in .mise.toml, directly related to the current PR's change in the linting configuration.
• no blind exceptions #569: Also disables the uvx ty check command in .mise.toml, indicating a direct connection to the linting task modifications.
• Update documentation and minor cleanup #594: Removes the infrastructure:up task from .mise.toml, overlapping with this PR’s removal of the same task.

Suggested labels

application

Suggested reviewers

• chrisaddy

Poem

A bucket for Grafana, shiny and new,
IAM roles renamed for a clearer view.
Type checks on pause, just for a bit,
Monitoring configs now perfectly fit.
With every hop, the platform grows—
A rabbit’s work, as everyone knows! 🐇
"""

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[forstmeier]

• Expand initial Grafana metrics resources and upload script #601
• Add missing bucket resource definition #599 👈 (View in Graphite)
• master

This stack of pull requests is managed by Graphite. Learn more about stacking.

[Copilot]

Pull Request Overview

This PR adds a missing Grafana dashboards bucket resource and refactors monitoring configuration names for consistency.

• Renames config to configuration and updates Prometheus resource identifiers in monitoring.py.
• Introduces grafana_dashboards_bucket and its IAM member in buckets.py.
• Temporarily comments out type checks in .mise.toml.

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
infrastructure/monitoring.py	Updated Config variable, renamed Prometheus bucket and volume names, and adjusted empty_dir usage
infrastructure/buckets.py	Defined new Grafana dashboards bucket and assigned objectAdmin IAM role
.mise.toml	Commented out the uvx ty check task and added a note about hanging failure

Comments suppressed due to low confidence (1)

infrastructure/buckets.py:24

• [nitpick] The new Grafana dashboards bucket and IAM binding lack automated tests; consider adding a unit or integration test to verify bucket properties and IAM roles.

grafana_dashboards_bucket = storage.Bucket(

[graphite-app]

Graphite Automations

"Assign author to pull request" took an action on this PR • (06/13/25)

1 assignee was added to this PR based on John Forstmeier's automation.

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (1)

infrastructure/monitoring.py (1)

83-96: ⚠️ Potential issue

empty_dir=None likely invalid – will generate emptyDir: null

Pulumi treats None as an explicit null which Cloud Run rejects. Use an empty object ({}) or omit the field:

-    name="prometheus-data",
-    empty_dir=None,
+    name="prometheus-data",
+    empty_dir={},

Please run pulumi preview to confirm.

🧹 Nitpick comments (4)

.mise.toml (1)

25-31:

Details

❓ Verification inconclusive

Temporary removal of type-checker weakens CI gate & comment typo

Disabling uvx ty check removes the only automated type-safety gate. Leaving it commented may allow regressions to slip through unnoticed.
If the tool hangs, consider:

1. Running it with a timeout (timeout 5m uvx ty check) so CI fails fast instead of hanging.
2. Moving the step behind an env-flag so local hangs don’t block the pipeline.
3. Opening a tracking ticket and adding a TODO here referencing it.

Minor: hangnig → hanging.

-# temporarily commented out ty check due to hangnig failure
+# TODO(OPS-123): re-enable after fixing hanging issue
+# temporarily commented out ty check due to hanging failure
 # timeout 5m uvx ty check

---

🏁 Script executed:

#!/bin/bash
# Verify all occurrences of the type-checker invocation in the repo
rg -n "uvx ty check"
rg -n "ty check"

Length of output: 473

---

Re-enable CI type-check step with timeout & TODO

It looks like the only invocation of uvx ty check lives in .mise.toml and is currently commented out—removing your CI’s type-safety gate. Please:

• File: .mise.toml (around lines 25–31)
  • Open a tracking ticket (e.g. OPS-123) for the hanging issue.
  • Fix the typo “hangnig” → “hanging” and reference the ticket in a TODO.
  • Re-enable the step under a timeout or behind an env flag so CI can fail fast.

-# temporarily commented out ty check due to hangnig failure
+# TODO(OPS-123): re-enable after fixing hanging issue
+# temporarily commented out ty check due to hanging failure
 # timeout 5m uvx ty check

Consider using timeout 5m uvx ty check in CI or gating it behind an env flag to prevent local hangs from blocking your pipeline.

infrastructure/buckets.py (1)

24-38: Grafana bucket created without lifecycle or versioning – consider hardening

The dashboards bucket will store configuration that teams may edit over time. Enabling object versioning and a basic retention policy makes rollback trivial and guards against accidental deletions.

 grafana_dashboards_bucket = storage.Bucket(
     "grafana-dashboards-bucket",
     name=config.require_secret("grafana_dashboards_bucket_name"),
     location=project.REGION,
     uniform_bucket_level_access=True,
+    versioning={"enabled": True},
+    retention_policy={"retention_period": 86_400},  # 1 day example
 )

Optional but recommended.

infrastructure/monitoring.py (2)

31-42: Hard-coded YAML inside source – consider externalising

Embedding a multi-line Prometheus YAML string makes diffing and linting harder. Storing it under infrastructure/prometheus.yaml and loading with Path.read_text() improves maintainability.

---

45-48: Bucket choice couples config & dashboards

prometheus_configuration is written to the Grafana dashboards bucket. Config files and dashboards have different lifecycles; using a separate config bucket would keep concerns isolated and permissions minimal (principle of least privilege).

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between df92352 and c314b0a.

⛔ Files ignored due to path filters (1)

• .flox/env/manifest.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• .mise.toml (1 hunks)
• infrastructure/buckets.py (1 hunks)
• infrastructure/monitoring.py (6 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

infrastructure/buckets.py (1)

application/datamanager/src/datamanager/config.py (1)

• Bucket (15-24)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Run Python tests

🔇 Additional comments (2)

infrastructure/monitoring.py (2)

70-71: Volume name rename LGTM

Container mount now matches volume resource; avoids runtime mount errors.

---

6-9:

Details

✅ Verification successful

Consistent variable name, but ensure no lingering config usages

You swapped config → configuration. Any stray config.require_* later in this file (or files that import from here) will raise NameError. Please grep the repo and update remaining references.

---

🏁 Script executed:

rg -n '\bconfig\.' infrastructure/monitoring.py

Length of output: 125

---

No remaining config variable references
The only config. match is inside the Prometheus CLI flag string on line 62, not a code reference. No further changes are required.

[forstmeier]

@chrisaddy this will need another 👀 .

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.mise.toml (1)

25-25: Add TODO for re-enabling uvx ty check
Include a TODO or GitHub issue reference so this lint step isn't permanently disabled once the hanging failure is resolved.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1d8f482 and e8aaa1a.

📒 Files selected for processing (6)

• .github/CODE_OF_CONDUCT.md (1 hunks)
• .github/CONTRIBUTING.md (1 hunks)
• .github/SECURITY.md (1 hunks)
• .mise.toml (1 hunks)
• README.md (1 hunks)
• todos.md (0 hunks)

💤 Files with no reviewable changes (1)

• todos.md

✅ Files skipped from review due to trivial changes (4)

• .github/SECURITY.md
• .github/CONTRIBUTING.md
• .github/CODE_OF_CONDUCT.md
• README.md

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Run Python quality checks
• GitHub Check: Run Python tests

🔇 Additional comments (1)

.mise.toml (1)

30-30: Assess impact of disabling type lint
Confirm that skipping the uvx ty check won’t allow critical type issues to slip through and ensure there’s a clear plan to reinstate it.

The merge-base changed after approval.

The merge-base changed after approval.