scripts/ops/drill-alertmanager-render.ps1

param(
  [string]$EvidenceDate = (Get-Date -Format 'yyyy-MM-dd')
)

$ErrorActionPreference = 'Stop'

$projectRoot = (Resolve-Path (Join-Path $PSScriptRoot '..\..')).Path
$evidenceRoot = Join-Path $projectRoot "docs\evidence\ops\$EvidenceDate\alerting"
$timestamp = Get-Date -Format 'yyyyMMdd-HHmmss'
$drillRoot = Join-Path $evidenceRoot $timestamp
$renderedConfigPath = Join-Path $drillRoot 'alertmanager.rendered.yaml'
$reportPath = Join-Path $drillRoot 'ALERTMANAGER_RENDER_DRILL.md'

New-Item -ItemType Directory -Force $evidenceRoot, $drillRoot | Out-Null

$env:ALERTMANAGER_DEFAULT_TO = 'ops-team@example.org'
$env:ALERTMANAGER_CRITICAL_TO = 'critical-oncall@example.org'
$env:ALERTMANAGER_WARNING_TO = 'warning-oncall@example.org'
$env:ALERTMANAGER_FROM = 'alertmanager@example.org'
$env:ALERTMANAGER_SMARTHOST = 'smtp.example.org:587'
$env:ALERTMANAGER_AUTH_USERNAME = 'alertmanager@example.org'
$env:ALERTMANAGER_AUTH_PASSWORD = 'synthetic-secret-for-render-drill'

try {
  & (Join-Path $PSScriptRoot 'render-alertmanager-config.ps1') `
    -TemplatePath (Join-Path $projectRoot 'deployment\alertmanager\alertmanager.yml') `
    -OutputPath $renderedConfigPath | Out-Null
} finally {
  Remove-Item Env:ALERTMANAGER_DEFAULT_TO -ErrorAction SilentlyContinue
  Remove-Item Env:ALERTMANAGER_CRITICAL_TO -ErrorAction SilentlyContinue
  Remove-Item Env:ALERTMANAGER_WARNING_TO -ErrorAction SilentlyContinue
  Remove-Item Env:ALERTMANAGER_FROM -ErrorAction SilentlyContinue
  Remove-Item Env:ALERTMANAGER_SMARTHOST -ErrorAction SilentlyContinue
  Remove-Item Env:ALERTMANAGER_AUTH_USERNAME -ErrorAction SilentlyContinue
  Remove-Item Env:ALERTMANAGER_AUTH_PASSWORD -ErrorAction SilentlyContinue
}

$renderedContent = Get-Content $renderedConfigPath -Raw -Encoding UTF8
if ($renderedContent -match '\$\{[A-Z0-9_]+\}') {
  throw 'render drill failed: unresolved placeholders remained'
}

$reportLines = @(
  '# Alertmanager Render Drill',
  '',
  "- Generated at: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss zzz')",
  "- Template file: $(Join-Path $projectRoot 'deployment\alertmanager\alertmanager.yml')",
  "- Rendered file: $renderedConfigPath",
  '- Synthetic secret values were injected through process environment variables for this drill only.',
  '- Result: template placeholders resolved successfully and the rendered config contains no unresolved `${ALERTMANAGER_*}` tokens.',
  '',
  '## Scope Note',
  '',
  '- This drill validates the config injection/rendering path only.',
  '- It does not prove real SMTP delivery, real contact routing, or production secret manager integration.',
  '',
  '## Evidence Files',
  '',
  "- $(Split-Path $renderedConfigPath -Leaf)",
  ''
)

Set-Content -Path $reportPath -Value ($reportLines -join [Environment]::NewLine) -Encoding UTF8
Get-Content $reportPath
docs: project docs, scripts, deployment configs, and evidence 2026-04-02 11:22:17 +08:00			`param(`
			`[string]$EvidenceDate = (Get-Date -Format 'yyyy-MM-dd')`
			`)`

			`$ErrorActionPreference = 'Stop'`

			`$projectRoot = (Resolve-Path (Join-Path $PSScriptRoot '..\..')).Path`
			`$evidenceRoot = Join-Path $projectRoot "docs\evidence\ops\$EvidenceDate\alerting"`
			`$timestamp = Get-Date -Format 'yyyyMMdd-HHmmss'`
			`$drillRoot = Join-Path $evidenceRoot $timestamp`
			`$renderedConfigPath = Join-Path $drillRoot 'alertmanager.rendered.yaml'`
			`$reportPath = Join-Path $drillRoot 'ALERTMANAGER_RENDER_DRILL.md'`

			`New-Item -ItemType Directory -Force $evidenceRoot, $drillRoot \| Out-Null`

			`$env:ALERTMANAGER_DEFAULT_TO = 'ops-team@example.org'`
			`$env:ALERTMANAGER_CRITICAL_TO = 'critical-oncall@example.org'`
			`$env:ALERTMANAGER_WARNING_TO = 'warning-oncall@example.org'`
			`$env:ALERTMANAGER_FROM = 'alertmanager@example.org'`
			`$env:ALERTMANAGER_SMARTHOST = 'smtp.example.org:587'`
			`$env:ALERTMANAGER_AUTH_USERNAME = 'alertmanager@example.org'`
			`$env:ALERTMANAGER_AUTH_PASSWORD = 'synthetic-secret-for-render-drill'`

			`try {`
			& (Join-Path $PSScriptRoot 'render-alertmanager-config.ps1') `
			-TemplatePath (Join-Path $projectRoot 'deployment\alertmanager\alertmanager.yml') `
			`-OutputPath $renderedConfigPath \| Out-Null`
			`} finally {`
			`Remove-Item Env:ALERTMANAGER_DEFAULT_TO -ErrorAction SilentlyContinue`
			`Remove-Item Env:ALERTMANAGER_CRITICAL_TO -ErrorAction SilentlyContinue`
			`Remove-Item Env:ALERTMANAGER_WARNING_TO -ErrorAction SilentlyContinue`
			`Remove-Item Env:ALERTMANAGER_FROM -ErrorAction SilentlyContinue`
			`Remove-Item Env:ALERTMANAGER_SMARTHOST -ErrorAction SilentlyContinue`
			`Remove-Item Env:ALERTMANAGER_AUTH_USERNAME -ErrorAction SilentlyContinue`
			`Remove-Item Env:ALERTMANAGER_AUTH_PASSWORD -ErrorAction SilentlyContinue`
			`}`

			`$renderedContent = Get-Content $renderedConfigPath -Raw -Encoding UTF8`
			`if ($renderedContent -match '\$\{[A-Z0-9_]+\}') {`
			`throw 'render drill failed: unresolved placeholders remained'`
			`}`

			`$reportLines = @(`
			`'# Alertmanager Render Drill',`
			`'',`
			`"- Generated at: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss zzz')",`
			`"- Template file: $(Join-Path $projectRoot 'deployment\alertmanager\alertmanager.yml')",`
			`"- Rendered file: $renderedConfigPath",`
			`'- Synthetic secret values were injected through process environment variables for this drill only.',`
			'- Result: template placeholders resolved successfully and the rendered config contains no unresolved `${ALERTMANAGER_*}` tokens.',
			`'',`
			`'## Scope Note',`
			`'',`
			`'- This drill validates the config injection/rendering path only.',`
			`'- It does not prove real SMTP delivery, real contact routing, or production secret manager integration.',`
			`'',`
			`'## Evidence Files',`
			`'',`
			`"- $(Split-Path $renderedConfigPath -Leaf)",`
			`''`
			`)`

			`Set-Content -Path $reportPath -Value ($reportLines -join [Environment]::NewLine) -Encoding UTF8`
			`Get-Content $reportPath`