-
Notifications
You must be signed in to change notification settings - Fork 155
110 lines (95 loc) · 3.14 KB
/
test-pr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: test-pr
on:
pull_request: ~
permissions:
contents: read
id-token: write
jobs:
test-pr:
runs-on: ubuntu-latest
container: grafana/grafana-plugin-ci:1.9.0
services:
grafana:
image: grafana/grafana-enterprise:latest
env:
GF_FEATURE_TOGGLES_ENABLE: 'renderAuthJWT'
GF_PATHS_PROVISIONING: '/drone/src/scripts/drone/provisioning'
volumes:
- /var/run/docker
grabpl:
image: byrnedo/alpine-curl:0.1.8
dockerize:
image: jwilder/dockerize:0.6.1
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Load secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@main
with:
common_secrets: |
SRCCLR_API_TOKEN=infra/data/ci/drone-plugins:srcclr_api_token
- name: grabpl
run: |
mkdir -p bin
curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl
chmod +x bin/grabpl
- uses: actions/cache/save@v4
id: grabpl-cache
with:
key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }}
path: bin/grabpl
- name: yarn-install
run: |
. ~/.init-nvm.sh
yarn install --frozen-lockfile --no-progress
env:
PUPPETEER_CACHE_DIR: /src/cache
- name: yarn-build
run: |
. ~/.init-nvm.sh
yarn build
- name: wait-for-grafana
run: dockerize -wait http://grafana:3000 -timeout 120s
- name: yarn-test
run: yarn test-ci
env:
CI: true
PUPPETEER_CACHE_DIR: /src/cache
- name: security-scan
run: |
. ~/.init-nvm.sh
echo "Starting veracode scan..."
export _JAVA_OPTIONS=-Xmx4g
mkdir -p ci/jobs/security_scan
curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick --allow-dirty
env:
SRCCLR_API_TOKEN: ${{ env.SRCCLR_API_TOKEN }}
packaging:
runs-on: ubuntu-latest
container: grafana/grafana-plugin-ci:1.9.0
needs: [test-pr]
strategy:
matrix:
packaging:
- linux-x64-glibc
- darwin-x64-unknown
- win32-x64-unknown
- linux-x64-glibc-no-chromium
- alpine-x64-no-chromium
steps:
- uses: actions/cache/restore@v4
with:
path: bin/grabpl
key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }}
- name: Load secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@main
with:
common_secrets: |
GRAFANA_API_KEY=infra/data/ci/drone-plugins:grafana_api_key
- name: package-${{ matrix.packaging }}
run: . |
. ~/.init-nvm.sh
./scripts/package_target.sh ${{ matrix.packaging }}
bin/grabpl build-plugin-manifest ./dist/plugin-${{ matrix.packaging }} || true
./scripts/archive_target.sh ${{ matrix.packaging }}
env:
GRAFANA_API_KEY: ${{ env.GRAFANA_API_KEY }}