Skip to content

Implement SSL Certificate Monitor workflow #28176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
meteorcloudy wants to merge 17 commits into from
Closed

Implement SSL Certificate Monitor workflow #28176

meteorcloudy wants to merge 17 commits into from
+263 −0

Conversation

@meteorcloudy
Copy link
Member

@meteorcloudy meteorcloudy commented Jan 7, 2026
edited
Loading

This PR introduces a new SSL certificate monitoring workflow for Bazel domains.

Core Changes:

  • Automated SSL Check: Adds a daily workflow and Python script to monitor SSL certificate expirations.
  • Intelligent Issue Reporting: Creates a GitHub issue when certificates are expiring, or adds a comment to an existing open issue to avoid duplicates.
  • PR Validation: Automatically validates changes to the monitoring script or domain configuration in Pull Requests.
  • Configuration: Includes a customizable list of domains and warning thresholds in .github/config/ssl_domains.yaml.

@github-actions github-actions bot added team-OSS Issues for the Bazel OSS team: installation, release processBazel packaging, website awaiting-review PR is awaiting review from an assigned reviewer labels Jan 7, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 7, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new, well-structured Python script and configuration file for monitoring SSL certificate expiration, which is a great improvement for infrastructure reliability. My review identifies a couple of areas in the new script where robustness and maintainability can be enhanced. Specifically, I've suggested replacing a broad exception with more specific ones to avoid masking potential bugs, and removing a redundant and misleading code block to improve clarity. These changes will make the script more robust and easier for future developers to maintain.

@meteorcloudy meteorcloudy changed the title Improve SSL Certificate Monitor workflow Implement SSL Certificate Monitor workflow Jan 7, 2026
@meteorcloudy
Copy link
Member Author

meteorcloudy commented Jan 7, 2026

I have addressed both PR review suggestions:

  1. Narrowed the broad Exception catch to (OSError, ValueError) in check_all().
  2. Removed the redundant DEFAULT_CONFIG_PATH check in main() as it is already handled by the SSLMonitor constructor.

fmeum
fmeum reviewed Jan 7, 2026
View reviewed changes
Wyverald
Wyverald reviewed Jan 7, 2026
View reviewed changes
ted-xie
ted-xie reviewed Jan 7, 2026
View reviewed changes
@meteorcloudy meteorcloudy added infrastructure Issues related to Bazel infrastructure and removed infrastructure Issues related to Bazel infrastructure labels Jan 8, 2026
@meteorcloudy
Copy link
Member Author

meteorcloudy commented Jan 9, 2026

Tested in #28200 and it successfully generated #28201

@copybara-service copybara-service bot closed this in 5c2f63f Jan 9, 2026
@github-actions github-actions bot removed the awaiting-review PR is awaiting review from an assigned reviewer label Jan 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Wyverald Wyverald Wyverald left review comments

@ted-xie ted-xie ted-xie left review comments

+2 more reviewers

@fmeum fmeum fmeum left review comments

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

team-OSS Issues for the Bazel OSS team: installation, release processBazel packaging, website

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@meteorcloudy @Wyverald @fmeum @ted-xie