-
Notifications
You must be signed in to change notification settings - Fork 155
109 lines (93 loc) · 3.06 KB
/
test-pr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
name: test-pr
on:
pull_request: ~
permissions:
contents: read
id-token: write
jobs:
test-pr:
runs-on: ubuntu-latest
services:
grafana:
image: grafana/grafana-enterprise:latest
env:
GF_FEATURE_TOGGLES_ENABLE: 'renderAuthJWT'
GF_PATHS_PROVISIONING: '/drone/src/scripts/drone/provisioning'
volumes:
- /var/run/docker
grabpl:
image: byrnedo/alpine-curl:0.1.8
dockerize:
image: jwilder/dockerize:0.6.1
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Load secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@main
with:
repo_secrets: |
SRCCLR_API_TOKEN=github_actions:srcclr_api_token
- name: grabpl
run: |
mkdir -p bin
curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl
chmod +x bin/grabpl
- uses: actions/cache/save@v4
id: grabpl-cache
with:
key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }}
path: bin/grabpl
- name: install-node
uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'yarn'
- name: yarn-install
run: yarn install --frozen-lockfile --no-progress
env:
PUPPETEER_CACHE_DIR: /tmp/src/cache
- name: yarn-build
run: yarn build
- name: wait-for-grafana
run: dockerize -wait http://grafana:3000 -timeout 120s
- name: yarn-test
run: yarn test-ci
env:
CI: true
PUPPETEER_CACHE_DIR: /src/cache
- name: security-scan
run: |
echo "Starting veracode scan..."
export _JAVA_OPTIONS=-Xmx4g
mkdir -p ci/jobs/security_scan
curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick --allow-dirty
env:
SRCCLR_API_TOKEN: ${{ env.SRCCLR_API_TOKEN }}
packaging:
runs-on: ubuntu-latest
container: grafana/grafana-plugin-ci:1.9.6
needs: [test-pr]
strategy:
matrix:
packaging:
- linux-x64-glibc
- darwin-x64-unknown
- win32-x64-unknown
- linux-x64-glibc-no-chromium
- alpine-x64-no-chromium
steps:
- uses: actions/cache/restore@v4
with:
path: bin/grabpl
key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }}
- name: Load secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@main
with:
repo_secrets: |
GRAFANA_API_KEY=github_actions:grafana_api_key
- name: package-${{ matrix.packaging }}
run: . |
./scripts/package_target.sh ${{ matrix.packaging }}
bin/grabpl build-plugin-manifest ./dist/plugin-${{ matrix.packaging }} || true
./scripts/archive_target.sh ${{ matrix.packaging }}
env:
GRAFANA_API_KEY: ${{ env.GRAFANA_API_KEY }}