From af53444062f14f65e28bac4d3a45387c2a121f65 Mon Sep 17 00:00:00 2001 From: spinillos Date: Thu, 1 Aug 2024 19:19:46 +0200 Subject: [PATCH 01/22] Test PR to Github Action --- .github/workflows/set-envs.yml | 16 +++++ .github/workflows/test-pr.yml | 113 +++++++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+) create mode 100644 .github/workflows/set-envs.yml create mode 100644 .github/workflows/test-pr.yml diff --git a/.github/workflows/set-envs.yml b/.github/workflows/set-envs.yml new file mode 100644 index 00000000..9950c7f6 --- /dev/null +++ b/.github/workflows/set-envs.yml @@ -0,0 +1,16 @@ +name: set-env + +runs: + using: 'composite' + steps: + - name: Load secrets + uses: grafana/shared-workflows/actions/get-vault-secrets@main + with: + repo_secrets: | + SRCCLR_API_TOKEN=infra/data/ci/drone-plugins:srcclr_api_token + GRAFANA_API_KEY=infra/data/ci/drone-plugins:grafana_api_key + GCOM_PUBLISH_TOKEN=infra/data/ci/drone-plugins:gcom_publish_token + GITHUB_TOKEN=infra/data/ci/drone-plugins:github_token + common_secrets: | + GAR=secret/data/common/gar:.dockerconfigjson + GCR=secret/data/common/gcr:.dockerconfigjson diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml new file mode 100644 index 00000000..c4143d82 --- /dev/null +++ b/.github/workflows/test-pr.yml @@ -0,0 +1,113 @@ +name: test-pr +on: + pull_request: ~ + +env: + GF_FEATURE_TOGGLES_ENABLE: 'renderAuthJWT' + GF_PATHS_PROVISIONING: '/drone/src/scripts/drone/provisioning' + +permissions: + contents: read + id-token: write + +jobs: + set-env: + runs-on: ubuntu-x64 + steps: + - uses: actions/checkout@v4 + + - name: Set environment variables + uses: ./.github/actions/set-envs + + grabpl: + runs-on: ubuntu-x64 + container: + image: byrnedo/alpine-curl:0.1.8 + + steps: + - uses: actions/checkout@v4 + + - name: grabpl + run: | + mkdir -p bin + curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl + chmod +x bin/grabpl + + yarn: + runs-on: ubuntu-x64 + container: + image: grafana/grafana-plugin-ci:1.9.0 + needs: grabpl + + steps: + - uses: actions/checkout@v4 + + - name: yarn-install + run: | + . ~/.init-nvm.sh + yarn install --frozen-lockfile --no-progress + env: + PUPPETEER_CACHE_DIR: /drone/src/cache + + - name: yarn-build + run: | + . ~/.init-nvm.sh + yarn build + + - name: wait-for-grafana + id: wait-for-grafana + with: + images: jwilder/dockerize:0.6.1 + run: dockerize -wait http://grafana:3000 -timeout 120s + + - name: yarn-test + run: yarn test-ci + env: + CI: true + PUPPETEER_CACHE_DIR: /drone/src/cache + + security: + runs-on: ubuntu-x64 + container: + image: grafana/grafana-plugin-ci:1.9.0 + needs: [set-env, yarn] + + steps: + - uses: actions/checkout@v4 + + - name: security-scan + run: | + . ~/.init-nvm.sh + echo "Starting veracode scan..." + export _JAVA_OPTIONS=-Xmx4g + mkdir -p ci/jobs/security_scan + curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick --allow-dirty + env: + SRCCLR_API_TOKEN: ${{ env.SRCCLR_API_TOKEN }} + + packaging: + runs-on: ubuntu-x64 + strategy: + matrix: + packaging: + - linux-x64-glibc + - darwin-x64-unknown + - win32-x64-unknown + - linux-x64-glibc-no-chromium + - alpine-x64-no-chromium + container: + image: grafana/grafana-plugin-ci:1.9.0 + needs: [set-env, yarn] + + steps: + - uses: actions/checkout@v4 + + - name: package-${{ matrix.packaging }} + run: . | + . ~/.init-nvm.sh + ./scripts/package_target.sh ${{ matrix.packaging }} + bin/grabpl build-plugin-manifest ./dist/plugin-${{ matrix.packaging }} || true + ./scripts/archive_target.sh ${{ matrix.packaging }} + env: + GRAFANA_API_KEY: ${{ env.GRAFANA_API_KEY }} + From f568491529197b8ef3bdf52c76cfcc8de96a475d Mon Sep 17 00:00:00 2001 From: spinillos Date: Thu, 1 Aug 2024 19:26:17 +0200 Subject: [PATCH 02/22] Move permissions to envs and use the same checkout than other Grafana repos --- .github/workflows/set-envs.yml | 4 ++++ .github/workflows/test-pr.yml | 14 +++++--------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/set-envs.yml b/.github/workflows/set-envs.yml index 9950c7f6..49908a75 100644 --- a/.github/workflows/set-envs.yml +++ b/.github/workflows/set-envs.yml @@ -1,5 +1,9 @@ name: set-env +permissions: + contents: read + id-token: write + runs: using: 'composite' steps: diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index c4143d82..3d281981 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -6,15 +6,11 @@ env: GF_FEATURE_TOGGLES_ENABLE: 'renderAuthJWT' GF_PATHS_PROVISIONING: '/drone/src/scripts/drone/provisioning' -permissions: - contents: read - id-token: write - jobs: set-env: runs-on: ubuntu-x64 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set environment variables uses: ./.github/actions/set-envs @@ -25,7 +21,7 @@ jobs: image: byrnedo/alpine-curl:0.1.8 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: grabpl run: | @@ -40,7 +36,7 @@ jobs: needs: grabpl steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: yarn-install run: | @@ -73,7 +69,7 @@ jobs: needs: [set-env, yarn] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: security-scan run: | @@ -100,7 +96,7 @@ jobs: needs: [set-env, yarn] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: package-${{ matrix.packaging }} run: . | From dd1bb72eb797308ca8cae242e4e6c403e098609f Mon Sep 17 00:00:00 2001 From: spinillos Date: Thu, 1 Aug 2024 19:33:47 +0200 Subject: [PATCH 03/22] Remove test-pr from drone --- .drone.star | 5 +- .drone.yml | 524 +++++++++++++++--------------------- scripts/drone/pipeline.star | 12 - 3 files changed, 215 insertions(+), 326 deletions(-) diff --git a/.drone.star b/.drone.star index be0dc27c..0c8493f7 100644 --- a/.drone.star +++ b/.drone.star @@ -4,14 +4,13 @@ # 3. Run `make drone` # More information about this process here: https://github.com/grafana/deployment_tools/blob/master/docs/infrastructure/drone/signing.md -load('scripts/drone/pipeline.star', 'prs_pipeline', 'master_pipeline', 'promotion_pipeline') +load('scripts/drone/pipeline.star', 'master_pipeline', 'promotion_pipeline') load('scripts/drone/vault.star', 'secrets') def main(ctx): return ( - prs_pipeline() - + master_pipeline() + master_pipeline() + promotion_pipeline() + secrets() ) diff --git a/.drone.yml b/.drone.yml index f681a774..fe2a811a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,471 +1,345 @@ --- -clone: - retries: 3 -depends_on: [] -image_pull_secrets: -- gcr -- gar kind: pipeline -name: test-pr -node: - type: no-parallel -platform: - arch: amd64 - os: linux -services: -- environment: - GF_FEATURE_TOGGLES_ENABLE: renderAuthJWT - GF_PATHS_PROVISIONING: /drone/src/scripts/drone/provisioning - image: grafana/grafana-enterprise:latest - name: grafana -steps: -- commands: - - mkdir -p bin - - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl - - chmod +x bin/grabpl - image: byrnedo/alpine-curl:0.1.8 - name: grabpl -- commands: - - . ~/.init-nvm.sh - - yarn install --frozen-lockfile --no-progress - depends_on: - - grabpl - environment: - PUPPETEER_CACHE_DIR: /drone/src/cache - image: grafana/grafana-plugin-ci:1.9.0 - name: yarn-install -- commands: - - . ~/.init-nvm.sh - - yarn build - depends_on: - - yarn-install - image: grafana/grafana-plugin-ci:1.9.0 - name: yarn-build -- commands: - - dockerize -wait http://grafana:3000 -timeout 120s - image: jwilder/dockerize:0.6.1 - name: wait-for-grafana -- commands: - - yarn test-ci - depends_on: - - wait-for-grafana - - yarn-build - environment: - CI: "true" - PUPPETEER_CACHE_DIR: /drone/src/cache - image: us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0 - name: yarn-test -- commands: - - . ~/.init-nvm.sh - - echo "Starting veracode scan..." - - '# Increase heap size or the scanner will die.' - - export _JAVA_OPTIONS=-Xmx4g - - mkdir -p ci/jobs/security_scan - - curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick - --allow-dirty - depends_on: - - yarn-build - environment: - SRCCLR_API_TOKEN: - from_secret: srcclr_api_token - failure: ignore - image: grafana/grafana-plugin-ci:1.9.0 - name: security-scan -- commands: - - . ~/.init-nvm.sh - - ./scripts/package_target.sh linux-x64-glibc - - bin/grabpl build-plugin-manifest ./dist/plugin-linux-x64-glibc || true - - ./scripts/archive_target.sh linux-x64-glibc - depends_on: - - yarn-test - environment: - GRAFANA_API_KEY: - from_secret: grafana_api_key - image: grafana/grafana-plugin-ci:1.9.0 - name: package-linux-x64-glibc -- commands: - - . ~/.init-nvm.sh - - ./scripts/package_target.sh darwin-x64-unknown - - bin/grabpl build-plugin-manifest ./dist/plugin-darwin-x64-unknown || true - - ./scripts/archive_target.sh darwin-x64-unknown - depends_on: - - yarn-test - environment: - GRAFANA_API_KEY: - from_secret: grafana_api_key - image: grafana/grafana-plugin-ci:1.9.0 - name: package-darwin-x64-unknown -- commands: - - . ~/.init-nvm.sh - - ./scripts/package_target.sh win32-x64-unknown - - bin/grabpl build-plugin-manifest ./dist/plugin-win32-x64-unknown || true - - ./scripts/archive_target.sh win32-x64-unknown - depends_on: - - yarn-test - environment: - GRAFANA_API_KEY: - from_secret: grafana_api_key - image: grafana/grafana-plugin-ci:1.9.0 - name: package-win32-x64-unknown -- commands: - - . ~/.init-nvm.sh - - ./scripts/package_target.sh linux-x64-glibc true plugin-linux-x64-glibc-no-chromium - - bin/grabpl build-plugin-manifest ./dist/plugin-linux-x64-glibc-no-chromium || - true - - ./scripts/archive_target.sh linux-x64-glibc plugin-linux-x64-glibc-no-chromium - depends_on: - - yarn-test - environment: - GRAFANA_API_KEY: - from_secret: grafana_api_key - image: grafana/grafana-plugin-ci:1.9.0 - name: package-linux-x64-glibc-no-chromium -- commands: - - . ~/.init-nvm.sh - - ./scripts/package_target.sh alpine-x64-unknown true plugin-alpine-x64-no-chromium - - bin/grabpl build-plugin-manifest ./dist/plugin-alpine-x64-no-chromium || true - - ./scripts/archive_target.sh alpine-x64-unknown plugin-alpine-x64-no-chromium - depends_on: - - yarn-test - environment: - GRAFANA_API_KEY: - from_secret: grafana_api_key - image: grafana/grafana-plugin-ci:1.9.0 - name: package-alpine-x64-no-chromium -trigger: - event: - - pull_request type: docker -volumes: -- host: - path: /var/run/docker.sock - name: docker ---- -clone: - retries: 3 -depends_on: [] -image_pull_secrets: -- gcr -- gar -kind: pipeline name: test-master -node: - type: no-parallel + platform: - arch: amd64 os: linux -services: -- environment: - GF_FEATURE_TOGGLES_ENABLE: renderAuthJWT - GF_PATHS_PROVISIONING: /drone/src/scripts/drone/provisioning - image: grafana/grafana-enterprise:latest - name: grafana + arch: amd64 + steps: -- commands: +- name: grabpl + image: byrnedo/alpine-curl:0.1.8 + commands: - mkdir -p bin - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl - chmod +x bin/grabpl - image: byrnedo/alpine-curl:0.1.8 - name: grabpl -- commands: + +- name: yarn-install + image: grafana/grafana-plugin-ci:1.9.0 + commands: - . ~/.init-nvm.sh - yarn install --frozen-lockfile --no-progress - depends_on: - - grabpl environment: PUPPETEER_CACHE_DIR: /drone/src/cache + depends_on: + - grabpl + +- name: yarn-build image: grafana/grafana-plugin-ci:1.9.0 - name: yarn-install -- commands: + commands: - . ~/.init-nvm.sh - yarn build depends_on: - yarn-install - image: grafana/grafana-plugin-ci:1.9.0 - name: yarn-build -- commands: - - dockerize -wait http://grafana:3000 -timeout 120s + +- name: wait-for-grafana image: jwilder/dockerize:0.6.1 - name: wait-for-grafana -- commands: + commands: + - dockerize -wait http://grafana:3000 -timeout 120s + +- name: yarn-test + image: us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0 + commands: - yarn test-ci + environment: + CI: true + PUPPETEER_CACHE_DIR: /drone/src/cache depends_on: - wait-for-grafana - yarn-build - environment: - CI: "true" - PUPPETEER_CACHE_DIR: /drone/src/cache - image: us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0 - name: yarn-test -- commands: + +- name: security-scan + image: grafana/grafana-plugin-ci:1.9.0 + commands: - . ~/.init-nvm.sh - echo "Starting veracode scan..." - - '# Increase heap size or the scanner will die.' + - "# Increase heap size or the scanner will die." - export _JAVA_OPTIONS=-Xmx4g - mkdir -p ci/jobs/security_scan - - curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick - --allow-dirty - depends_on: - - yarn-build + - curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick --allow-dirty environment: SRCCLR_API_TOKEN: from_secret: srcclr_api_token failure: ignore + depends_on: + - yarn-build + +- name: package-linux-x64-glibc image: grafana/grafana-plugin-ci:1.9.0 - name: security-scan -- commands: + commands: - . ~/.init-nvm.sh - ./scripts/package_target.sh linux-x64-glibc - bin/grabpl build-plugin-manifest ./dist/plugin-linux-x64-glibc - ./scripts/archive_target.sh linux-x64-glibc - depends_on: - - yarn-test environment: GRAFANA_API_KEY: from_secret: grafana_api_key + depends_on: + - yarn-test + +- name: package-darwin-x64-unknown image: grafana/grafana-plugin-ci:1.9.0 - name: package-linux-x64-glibc -- commands: + commands: - . ~/.init-nvm.sh - ./scripts/package_target.sh darwin-x64-unknown - bin/grabpl build-plugin-manifest ./dist/plugin-darwin-x64-unknown - ./scripts/archive_target.sh darwin-x64-unknown - depends_on: - - yarn-test environment: GRAFANA_API_KEY: from_secret: grafana_api_key + depends_on: + - yarn-test + +- name: package-win32-x64-unknown image: grafana/grafana-plugin-ci:1.9.0 - name: package-darwin-x64-unknown -- commands: + commands: - . ~/.init-nvm.sh - ./scripts/package_target.sh win32-x64-unknown - bin/grabpl build-plugin-manifest ./dist/plugin-win32-x64-unknown - ./scripts/archive_target.sh win32-x64-unknown - depends_on: - - yarn-test environment: GRAFANA_API_KEY: from_secret: grafana_api_key + depends_on: + - yarn-test + +- name: package-linux-x64-glibc-no-chromium image: grafana/grafana-plugin-ci:1.9.0 - name: package-win32-x64-unknown -- commands: + commands: - . ~/.init-nvm.sh - ./scripts/package_target.sh linux-x64-glibc true plugin-linux-x64-glibc-no-chromium - bin/grabpl build-plugin-manifest ./dist/plugin-linux-x64-glibc-no-chromium - ./scripts/archive_target.sh linux-x64-glibc plugin-linux-x64-glibc-no-chromium - depends_on: - - yarn-test environment: GRAFANA_API_KEY: from_secret: grafana_api_key + depends_on: + - yarn-test + +- name: package-alpine-x64-no-chromium image: grafana/grafana-plugin-ci:1.9.0 - name: package-linux-x64-glibc-no-chromium -- commands: + commands: - . ~/.init-nvm.sh - ./scripts/package_target.sh alpine-x64-unknown true plugin-alpine-x64-no-chromium - bin/grabpl build-plugin-manifest ./dist/plugin-alpine-x64-no-chromium - ./scripts/archive_target.sh alpine-x64-unknown plugin-alpine-x64-no-chromium - depends_on: - - yarn-test environment: GRAFANA_API_KEY: from_secret: grafana_api_key - image: grafana/grafana-plugin-ci:1.9.0 - name: package-alpine-x64-no-chromium -- commands: - - ./scripts/build_push_docker.sh master depends_on: - yarn-test + +- name: publish_to_docker_master + image: google/cloud-sdk:449.0.0 + commands: + - ./scripts/build_push_docker.sh master environment: DOCKER_PASS: from_secret: docker_pass DOCKER_USER: from_secret: docker_user IMAGE_NAME: grafana/grafana-image-renderer - image: google/cloud-sdk:449.0.0 - name: publish_to_docker_master volumes: - name: docker path: /var/run/docker.sock + depends_on: + - yarn-test + +services: +- name: grafana + image: grafana/grafana-enterprise:latest + environment: + GF_FEATURE_TOGGLES_ENABLE: renderAuthJWT + GF_PATHS_PROVISIONING: /drone/src/scripts/drone/provisioning + +volumes: +- name: docker + host: + path: /var/run/docker.sock + +image_pull_secrets: +- gcr +- gar + +node: + type: no-parallel + trigger: branch: - master event: - push -type: docker -volumes: -- host: - path: /var/run/docker.sock - name: docker + --- -clone: - retries: 3 -depends_on: [] -image_pull_secrets: -- gcr -- gar kind: pipeline +type: docker name: release -node: - type: no-parallel + platform: - arch: amd64 os: linux -services: -- environment: - GF_FEATURE_TOGGLES_ENABLE: renderAuthJWT - GF_PATHS_PROVISIONING: /drone/src/scripts/drone/provisioning - image: grafana/grafana-enterprise:latest - name: grafana + arch: amd64 + steps: -- commands: +- name: grabpl + image: byrnedo/alpine-curl:0.1.8 + commands: - mkdir -p bin - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl - chmod +x bin/grabpl - image: byrnedo/alpine-curl:0.1.8 - name: grabpl -- commands: + +- name: yarn-install + image: grafana/grafana-plugin-ci:1.9.0 + commands: - . ~/.init-nvm.sh - yarn install --frozen-lockfile --no-progress - depends_on: - - grabpl environment: PUPPETEER_CACHE_DIR: /drone/src/cache + depends_on: + - grabpl + +- name: yarn-build image: grafana/grafana-plugin-ci:1.9.0 - name: yarn-install -- commands: + commands: - . ~/.init-nvm.sh - yarn build depends_on: - yarn-install - image: grafana/grafana-plugin-ci:1.9.0 - name: yarn-build -- commands: - - dockerize -wait http://grafana:3000 -timeout 120s + +- name: wait-for-grafana image: jwilder/dockerize:0.6.1 - name: wait-for-grafana -- commands: + commands: + - dockerize -wait http://grafana:3000 -timeout 120s + +- name: yarn-test + image: us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0 + commands: - yarn test-ci + environment: + CI: true + PUPPETEER_CACHE_DIR: /drone/src/cache depends_on: - wait-for-grafana - yarn-build - environment: - CI: "true" - PUPPETEER_CACHE_DIR: /drone/src/cache - image: us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0 - name: yarn-test -- commands: + +- name: security-scan + image: grafana/grafana-plugin-ci:1.9.0 + commands: - . ~/.init-nvm.sh - echo "Starting veracode scan..." - - '# Increase heap size or the scanner will die.' + - "# Increase heap size or the scanner will die." - export _JAVA_OPTIONS=-Xmx4g - mkdir -p ci/jobs/security_scan - - curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick - --allow-dirty - depends_on: - - yarn-build + - curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick --allow-dirty environment: SRCCLR_API_TOKEN: from_secret: srcclr_api_token failure: ignore + depends_on: + - yarn-build + +- name: package-linux-x64-glibc image: grafana/grafana-plugin-ci:1.9.0 - name: security-scan -- commands: + commands: - . ~/.init-nvm.sh - ./scripts/package_target.sh linux-x64-glibc - bin/grabpl build-plugin-manifest ./dist/plugin-linux-x64-glibc - ./scripts/archive_target.sh linux-x64-glibc - depends_on: - - yarn-test environment: GRAFANA_API_KEY: from_secret: grafana_api_key + depends_on: + - yarn-test + +- name: package-darwin-x64-unknown image: grafana/grafana-plugin-ci:1.9.0 - name: package-linux-x64-glibc -- commands: + commands: - . ~/.init-nvm.sh - ./scripts/package_target.sh darwin-x64-unknown - bin/grabpl build-plugin-manifest ./dist/plugin-darwin-x64-unknown - ./scripts/archive_target.sh darwin-x64-unknown - depends_on: - - yarn-test environment: GRAFANA_API_KEY: from_secret: grafana_api_key + depends_on: + - yarn-test + +- name: package-win32-x64-unknown image: grafana/grafana-plugin-ci:1.9.0 - name: package-darwin-x64-unknown -- commands: + commands: - . ~/.init-nvm.sh - ./scripts/package_target.sh win32-x64-unknown - bin/grabpl build-plugin-manifest ./dist/plugin-win32-x64-unknown - ./scripts/archive_target.sh win32-x64-unknown - depends_on: - - yarn-test environment: GRAFANA_API_KEY: from_secret: grafana_api_key + depends_on: + - yarn-test + +- name: package-linux-x64-glibc-no-chromium image: grafana/grafana-plugin-ci:1.9.0 - name: package-win32-x64-unknown -- commands: + commands: - . ~/.init-nvm.sh - ./scripts/package_target.sh linux-x64-glibc true plugin-linux-x64-glibc-no-chromium - bin/grabpl build-plugin-manifest ./dist/plugin-linux-x64-glibc-no-chromium - ./scripts/archive_target.sh linux-x64-glibc plugin-linux-x64-glibc-no-chromium - depends_on: - - yarn-test environment: GRAFANA_API_KEY: from_secret: grafana_api_key + depends_on: + - yarn-test + +- name: package-alpine-x64-no-chromium image: grafana/grafana-plugin-ci:1.9.0 - name: package-linux-x64-glibc-no-chromium -- commands: + commands: - . ~/.init-nvm.sh - ./scripts/package_target.sh alpine-x64-unknown true plugin-alpine-x64-no-chromium - bin/grabpl build-plugin-manifest ./dist/plugin-alpine-x64-no-chromium - ./scripts/archive_target.sh alpine-x64-unknown plugin-alpine-x64-no-chromium - depends_on: - - yarn-test environment: GRAFANA_API_KEY: from_secret: grafana_api_key - image: grafana/grafana-plugin-ci:1.9.0 - name: package-alpine-x64-no-chromium -- commands: + depends_on: + - yarn-test + +- name: publish_to_github + image: cibuilds/github:0.13.0 + commands: - ./scripts/generate_md5sum.sh - ./scripts/publish_github_release.sh + environment: + GITHUB_TOKEN: + from_secret: github_token depends_on: - package-linux-x64-glibc - package-darwin-x64-unknown - package-win32-x64-unknown - package-linux-x64-glibc-no-chromium - package-alpine-x64-no-chromium - environment: - GITHUB_TOKEN: - from_secret: github_token - image: cibuilds/github:0.13.0 - name: publish_to_github -- commands: + +- name: publish_to_docker + image: google/cloud-sdk:449.0.0 + commands: - ./scripts/build_push_docker.sh - depends_on: - - publish_to_github environment: DOCKER_PASS: from_secret: docker_pass DOCKER_USER: from_secret: docker_user IMAGE_NAME: grafana/grafana-image-renderer - image: google/cloud-sdk:449.0.0 - name: publish_to_docker volumes: - name: docker path: /var/run/docker.sock -- commands: + depends_on: + - publish_to_github + +- name: publish_to_gcom + image: grafana/grafana-plugin-ci:1.9.0 + commands: - . ~/.init-nvm.sh - yarn run create-gcom-plugin-json ${DRONE_COMMIT} - yarn run push-to-gcom - depends_on: - - publish_to_github environment: GCOM_PUBLISH_TOKEN: from_secret: gcom_publish_token @@ -473,8 +347,28 @@ steps: from_secret: gcom_uagent GCOM_URL: from_secret: gcom_url - image: grafana/grafana-plugin-ci:1.9.0 - name: publish_to_gcom + depends_on: + - publish_to_github + +services: +- name: grafana + image: grafana/grafana-enterprise:latest + environment: + GF_FEATURE_TOGGLES_ENABLE: renderAuthJWT + GF_PATHS_PROVISIONING: /drone/src/scripts/drone/provisioning + +volumes: +- name: docker + host: + path: /var/run/docker.sock + +image_pull_secrets: +- gcr +- gar + +node: + type: no-parallel + trigger: branch: - master @@ -482,49 +376,57 @@ trigger: - promote target: - release -type: docker -volumes: -- host: - path: /var/run/docker.sock - name: docker + --- -get: - name: .dockerconfigjson - path: secret/data/common/gcr kind: secret name: gcr ---- + get: - name: github_token - path: infra/data/ci/drone-plugins + path: secret/data/common/gcr + name: .dockerconfigjson + +--- kind: secret name: github_token ---- + get: - name: gcom_publish_token path: infra/data/ci/drone-plugins + name: github_token + +--- kind: secret name: gcom_publish_token ---- + get: - name: grafana_api_key path: infra/data/ci/drone-plugins + name: gcom_publish_token + +--- kind: secret name: grafana_api_key ---- + get: - name: srcclr_api_token path: infra/data/ci/drone-plugins + name: grafana_api_key + +--- kind: secret name: srcclr_api_token ---- + get: - name: .dockerconfigjson - path: secret/data/common/gar + path: infra/data/ci/drone-plugins + name: srcclr_api_token + +--- kind: secret name: gar + +get: + path: secret/data/common/gar + name: .dockerconfigjson + --- kind: signature -hmac: aef686a708994a7210707534e31b9ccd2c5b4356fb2f09afa3505914c43c6aea +hmac: ed9251eb9edbdb89a47f3705ee7332607ea92747163f5d4138ddc404c85c34fc ... diff --git a/scripts/drone/pipeline.star b/scripts/drone/pipeline.star index 82534aaf..027d22ff 100644 --- a/scripts/drone/pipeline.star +++ b/scripts/drone/pipeline.star @@ -18,18 +18,6 @@ def common_steps(skip_errors): package_step(arch='alpine-x64-unknown', name='package-alpine-x64-no-chromium', skip_chromium=True, override_output='plugin-alpine-x64-no-chromium', skip_errors=skip_errors), ] -def prs_pipeline(): - return [ - pipeline( - name='test-pr', - trigger={ - 'event': ['pull_request'], - }, - steps=common_steps(True), - services=e2e_services(), - ), - ] - def master_pipeline(): steps = common_steps(False) + [ publish_to_docker_master(), From e1febc3427b1bd552b9fa1c791f8120e26d26a67 Mon Sep 17 00:00:00 2001 From: spinillos Date: Fri, 2 Aug 2024 12:04:00 +0200 Subject: [PATCH 04/22] All together in the same job --- .github/workflows/set-envs.yml | 20 -------- .github/workflows/test-pr.yml | 89 ++++++++++++---------------------- 2 files changed, 32 insertions(+), 77 deletions(-) delete mode 100644 .github/workflows/set-envs.yml diff --git a/.github/workflows/set-envs.yml b/.github/workflows/set-envs.yml deleted file mode 100644 index 49908a75..00000000 --- a/.github/workflows/set-envs.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: set-env - -permissions: - contents: read - id-token: write - -runs: - using: 'composite' - steps: - - name: Load secrets - uses: grafana/shared-workflows/actions/get-vault-secrets@main - with: - repo_secrets: | - SRCCLR_API_TOKEN=infra/data/ci/drone-plugins:srcclr_api_token - GRAFANA_API_KEY=infra/data/ci/drone-plugins:grafana_api_key - GCOM_PUBLISH_TOKEN=infra/data/ci/drone-plugins:gcom_publish_token - GITHUB_TOKEN=infra/data/ci/drone-plugins:github_token - common_secrets: | - GAR=secret/data/common/gar:.dockerconfigjson - GCR=secret/data/common/gcr:.dockerconfigjson diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 3d281981..211dbfc0 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -2,42 +2,47 @@ name: test-pr on: pull_request: ~ -env: - GF_FEATURE_TOGGLES_ENABLE: 'renderAuthJWT' - GF_PATHS_PROVISIONING: '/drone/src/scripts/drone/provisioning' - jobs: - set-env: + test-pr: runs-on: ubuntu-x64 + strategy: + matrix: + packaging: + - linux-x64-glibc + - darwin-x64-unknown + - win32-x64-unknown + - linux-x64-glibc-no-chromium + - alpine-x64-no-chromium + container: grafana/grafana-plugin-ci:1.9.0 + services: + grafana: + image: grafana/grafana-enterprise:latest + env: + GF_FEATURE_TOGGLES_ENABLE: 'renderAuthJWT' + GF_PATHS_PROVISIONING: '/drone/src/scripts/drone/provisioning' + volumes: + - /var/run/docker + grabpl: + image: byrnedo/alpine-curl:0.1.8 + dockerize: + image: jwilder/dockerize:0.6.1 + steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Set environment variables - uses: ./.github/actions/set-envs - - grabpl: - runs-on: ubuntu-x64 - container: - image: byrnedo/alpine-curl:0.1.8 - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - + - name: Load secrets + uses: grafana/shared-workflows/actions/get-vault-secrets@main + with: + repo_secrets: | + SRCCLR_API_TOKEN=infra/data/ci/drone-plugins:srcclr_api_token + GRAFANA_API_KEY=infra/data/ci/drone-plugins:grafana_api_key + - name: grabpl run: | mkdir -p bin curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl chmod +x bin/grabpl - - yarn: - runs-on: ubuntu-x64 - container: - image: grafana/grafana-plugin-ci:1.9.0 - needs: grabpl - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - + - name: yarn-install run: | . ~/.init-nvm.sh @@ -49,11 +54,8 @@ jobs: run: | . ~/.init-nvm.sh yarn build - + - name: wait-for-grafana - id: wait-for-grafana - with: - images: jwilder/dockerize:0.6.1 run: dockerize -wait http://grafana:3000 -timeout 120s - name: yarn-test @@ -62,15 +64,6 @@ jobs: CI: true PUPPETEER_CACHE_DIR: /drone/src/cache - security: - runs-on: ubuntu-x64 - container: - image: grafana/grafana-plugin-ci:1.9.0 - needs: [set-env, yarn] - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: security-scan run: | . ~/.init-nvm.sh @@ -80,23 +73,6 @@ jobs: curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick --allow-dirty env: SRCCLR_API_TOKEN: ${{ env.SRCCLR_API_TOKEN }} - - packaging: - runs-on: ubuntu-x64 - strategy: - matrix: - packaging: - - linux-x64-glibc - - darwin-x64-unknown - - win32-x64-unknown - - linux-x64-glibc-no-chromium - - alpine-x64-no-chromium - container: - image: grafana/grafana-plugin-ci:1.9.0 - needs: [set-env, yarn] - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: package-${{ matrix.packaging }} run: . | @@ -106,4 +82,3 @@ jobs: ./scripts/archive_target.sh ${{ matrix.packaging }} env: GRAFANA_API_KEY: ${{ env.GRAFANA_API_KEY }} - From 8384baac1672b483d14e3ba7b88d54dacd786c78 Mon Sep 17 00:00:00 2001 From: spinillos Date: Fri, 2 Aug 2024 13:10:10 +0200 Subject: [PATCH 05/22] Move packaging to different job --- .github/workflows/test-pr.yml | 46 ++++++++++++++++++++++++++--------- 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 211dbfc0..4b72d1ad 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -4,15 +4,7 @@ on: jobs: test-pr: - runs-on: ubuntu-x64 - strategy: - matrix: - packaging: - - linux-x64-glibc - - darwin-x64-unknown - - win32-x64-unknown - - linux-x64-glibc-no-chromium - - alpine-x64-no-chromium + runs-on: ubuntu-latest container: grafana/grafana-plugin-ci:1.9.0 services: grafana: @@ -35,7 +27,6 @@ jobs: with: repo_secrets: | SRCCLR_API_TOKEN=infra/data/ci/drone-plugins:srcclr_api_token - GRAFANA_API_KEY=infra/data/ci/drone-plugins:grafana_api_key - name: grabpl run: | @@ -43,12 +34,18 @@ jobs: curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl chmod +x bin/grabpl + - uses: actions/cache/save@v4 + id: grabpl-cache + with: + key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }} + path: bin/grabpl + - name: yarn-install run: | . ~/.init-nvm.sh yarn install --frozen-lockfile --no-progress env: - PUPPETEER_CACHE_DIR: /drone/src/cache + PUPPETEER_CACHE_DIR: /src/cache - name: yarn-build run: | @@ -62,7 +59,7 @@ jobs: run: yarn test-ci env: CI: true - PUPPETEER_CACHE_DIR: /drone/src/cache + PUPPETEER_CACHE_DIR: /src/cache - name: security-scan run: | @@ -74,6 +71,31 @@ jobs: env: SRCCLR_API_TOKEN: ${{ env.SRCCLR_API_TOKEN }} + packaging: + runs-on: ubuntu-latest + container: grafana/grafana-plugin-ci:1.9.0 + needs: [test-pr] + strategy: + matrix: + packaging: + - linux-x64-glibc + - darwin-x64-unknown + - win32-x64-unknown + - linux-x64-glibc-no-chromium + - alpine-x64-no-chromium + + steps: + - uses: actions/cache/restore@v4 + with: + path: bin/grabpl + key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }} + + - name: Load secrets + uses: grafana/shared-workflows/actions/get-vault-secrets@main + with: + repo_secrets: | + GRAFANA_API_KEY=infra/data/ci/drone-plugins:grafana_api_key + - name: package-${{ matrix.packaging }} run: . | . ~/.init-nvm.sh From c815d53d8c18505ded67de358995619d3ac5663a Mon Sep 17 00:00:00 2001 From: spinillos Date: Fri, 2 Aug 2024 13:17:38 +0200 Subject: [PATCH 06/22] Permissions --- .github/workflows/test-pr.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 4b72d1ad..0372b2bd 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -1,9 +1,13 @@ name: test-pr on: pull_request: ~ + +permissions: + contents: read + id-token: write jobs: - test-pr: + test-pr: runs-on: ubuntu-latest container: grafana/grafana-plugin-ci:1.9.0 services: From 0979808f26498dbb1c51205aaea30b90c4540972 Mon Sep 17 00:00:00 2001 From: spinillos Date: Fri, 2 Aug 2024 13:32:41 +0200 Subject: [PATCH 07/22] Update secrets path --- .github/workflows/test-pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 0372b2bd..dafdf37a 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -30,7 +30,7 @@ jobs: uses: grafana/shared-workflows/actions/get-vault-secrets@main with: repo_secrets: | - SRCCLR_API_TOKEN=infra/data/ci/drone-plugins:srcclr_api_token + SRCCLR_API_TOKEN=grafana-image-renderer:srcclr_api_token - name: grabpl run: | @@ -98,7 +98,7 @@ jobs: uses: grafana/shared-workflows/actions/get-vault-secrets@main with: repo_secrets: | - GRAFANA_API_KEY=infra/data/ci/drone-plugins:grafana_api_key + GRAFANA_API_KEY=grafana-image-renderer:grafana_api_key - name: package-${{ matrix.packaging }} run: . | From 6ef6d7f153533d30dc4333aa3fecb96506890a9d Mon Sep 17 00:00:00 2001 From: spinillos Date: Fri, 2 Aug 2024 13:41:22 +0200 Subject: [PATCH 08/22] Try to use old secrets path --- .github/workflows/test-pr.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index dafdf37a..53a17f2e 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -29,8 +29,8 @@ jobs: - name: Load secrets uses: grafana/shared-workflows/actions/get-vault-secrets@main with: - repo_secrets: | - SRCCLR_API_TOKEN=grafana-image-renderer:srcclr_api_token + common_secrets: | + SRCCLR_API_TOKEN=infra/data/ci/drone-plugins:srcclr_api_token - name: grabpl run: | @@ -96,9 +96,9 @@ jobs: - name: Load secrets uses: grafana/shared-workflows/actions/get-vault-secrets@main - with: - repo_secrets: | - GRAFANA_API_KEY=grafana-image-renderer:grafana_api_key + with: + common_secrets: | + GRAFANA_API_KEY=infra/data/ci/drone-plugins:grafana_api_key - name: package-${{ matrix.packaging }} run: . | From 3de56e44ef4578c1f33f0b2cd1b87c53292b0b87 Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 12:35:07 +0200 Subject: [PATCH 09/22] Update key paths --- .github/workflows/test-pr.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 53a17f2e..3609528d 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -29,8 +29,8 @@ jobs: - name: Load secrets uses: grafana/shared-workflows/actions/get-vault-secrets@main with: - common_secrets: | - SRCCLR_API_TOKEN=infra/data/ci/drone-plugins:srcclr_api_token + repo_secrets: | + SRCCLR_API_TOKEN=grafana_image_renderer/github_actions:srcclr_api_token - name: grabpl run: | @@ -97,8 +97,8 @@ jobs: - name: Load secrets uses: grafana/shared-workflows/actions/get-vault-secrets@main with: - common_secrets: | - GRAFANA_API_KEY=infra/data/ci/drone-plugins:grafana_api_key + repo_secrets: | + GRAFANA_API_KEY=grafana_image_renderer/github_actions:grafana_api_key - name: package-${{ matrix.packaging }} run: . | From 0f4c863c2c7f2e76b5314cf67b3b0878cc10d655 Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 12:37:02 +0200 Subject: [PATCH 10/22] Remove image renderer path --- .github/workflows/test-pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 3609528d..2751a252 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -30,7 +30,7 @@ jobs: uses: grafana/shared-workflows/actions/get-vault-secrets@main with: repo_secrets: | - SRCCLR_API_TOKEN=grafana_image_renderer/github_actions:srcclr_api_token + SRCCLR_API_TOKEN=github_actions:srcclr_api_token - name: grabpl run: | @@ -98,7 +98,7 @@ jobs: uses: grafana/shared-workflows/actions/get-vault-secrets@main with: repo_secrets: | - GRAFANA_API_KEY=grafana_image_renderer/github_actions:grafana_api_key + GRAFANA_API_KEY=github_actions:grafana_api_key - name: package-${{ matrix.packaging }} run: . | From 5df483ac3685b16e885335c1ea7759eb29518d5a Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 14:29:41 +0200 Subject: [PATCH 11/22] Remove drone container and install node --- .github/workflows/test-pr.yml | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 2751a252..217c7862 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -9,7 +9,6 @@ permissions: jobs: test-pr: runs-on: ubuntu-latest - container: grafana/grafana-plugin-ci:1.9.0 services: grafana: image: grafana/grafana-enterprise:latest @@ -43,18 +42,20 @@ jobs: with: key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }} path: bin/grabpl - + + - name: install-node + run: actions/setup-node@v4 + with: + node-version: '16' + cache: 'yarn' + - name: yarn-install - run: | - . ~/.init-nvm.sh - yarn install --frozen-lockfile --no-progress + run: yarn install --frozen-lockfile --no-progress env: PUPPETEER_CACHE_DIR: /src/cache - name: yarn-build - run: | - . ~/.init-nvm.sh - yarn build + run: yarn build - name: wait-for-grafana run: dockerize -wait http://grafana:3000 -timeout 120s @@ -67,7 +68,6 @@ jobs: - name: security-scan run: | - . ~/.init-nvm.sh echo "Starting veracode scan..." export _JAVA_OPTIONS=-Xmx4g mkdir -p ci/jobs/security_scan @@ -77,7 +77,7 @@ jobs: packaging: runs-on: ubuntu-latest - container: grafana/grafana-plugin-ci:1.9.0 + container: grafana/grafana-plugin-ci:1.9.6 needs: [test-pr] strategy: matrix: @@ -102,7 +102,6 @@ jobs: - name: package-${{ matrix.packaging }} run: . | - . ~/.init-nvm.sh ./scripts/package_target.sh ${{ matrix.packaging }} bin/grabpl build-plugin-manifest ./dist/plugin-${{ matrix.packaging }} || true ./scripts/archive_target.sh ${{ matrix.packaging }} From 4a0f829055d5027c86fb1e7e05cf3dfa7337eb43 Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 15:57:06 +0200 Subject: [PATCH 12/22] Fix typo --- .github/workflows/test-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 217c7862..2d6eff1f 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -44,7 +44,7 @@ jobs: path: bin/grabpl - name: install-node - run: actions/setup-node@v4 + uses: actions/setup-node@v4 with: node-version: '16' cache: 'yarn' From 35c06d7aba5ee814d6f6e895efc036a8ff734755 Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 16:06:02 +0200 Subject: [PATCH 13/22] Update node version --- .github/workflows/test-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 2d6eff1f..0fc83e9c 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -46,7 +46,7 @@ jobs: - name: install-node uses: actions/setup-node@v4 with: - node-version: '16' + node-version: '18' cache: 'yarn' - name: yarn-install From 99ba5af710c6ffe82914c3ba25f43cc7ea689e47 Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 16:09:58 +0200 Subject: [PATCH 14/22] Update tmp cache --- .github/workflows/test-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 0fc83e9c..1d2a30f9 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -52,7 +52,7 @@ jobs: - name: yarn-install run: yarn install --frozen-lockfile --no-progress env: - PUPPETEER_CACHE_DIR: /src/cache + PUPPETEER_CACHE_DIR: /tmp/src/cache - name: yarn-build run: yarn build From 1b35e52af1f0594e8f86168a65cbe7b9ebf06528 Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 16:18:21 +0200 Subject: [PATCH 15/22] Remove Grafana waiting --- .github/workflows/test-pr.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 1d2a30f9..1b22cf42 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -19,8 +19,6 @@ jobs: - /var/run/docker grabpl: image: byrnedo/alpine-curl:0.1.8 - dockerize: - image: jwilder/dockerize:0.6.1 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -57,9 +55,6 @@ jobs: - name: yarn-build run: yarn build - - name: wait-for-grafana - run: dockerize -wait http://grafana:3000 -timeout 120s - - name: yarn-test run: yarn test-ci env: From 1f888c4348accec86dcd16a7035bab8192fed5dd Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 16:27:03 +0200 Subject: [PATCH 16/22] Fix puppeter cache --- .github/workflows/test-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 1b22cf42..3c27d651 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -59,7 +59,7 @@ jobs: run: yarn test-ci env: CI: true - PUPPETEER_CACHE_DIR: /src/cache + PUPPETEER_CACHE_DIR: /tmp/src/cache - name: security-scan run: | From e2d7ebb4105b0012314797be3b886f4adc50cf46 Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 16:50:03 +0200 Subject: [PATCH 17/22] Fix provisioning path and yarn cache --- .github/workflows/test-pr.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 3c27d651..05549baf 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -14,7 +14,7 @@ jobs: image: grafana/grafana-enterprise:latest env: GF_FEATURE_TOGGLES_ENABLE: 'renderAuthJWT' - GF_PATHS_PROVISIONING: '/drone/src/scripts/drone/provisioning' + GF_PATHS_PROVISIONING: '/scripts/drone/provisioning' volumes: - /var/run/docker grabpl: @@ -45,9 +45,21 @@ jobs: uses: actions/setup-node@v4 with: node-version: '18' - cache: 'yarn' + + - name: Get yarn cache directory path + id: yarn-cache-dir-path + run: echo "::set-output name=dir::$(yarn cache dir)" + + - id: cache-yarn-cache + uses: actions/cache@v4 + with: + path: ${{ steps.yarn-cache-dir-path.outputs.dir }} + key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} + restore-keys: | + ${{ runner.os }}-yarn- - name: yarn-install + if: steps.cache-yarn-cache.outputs.cache-hit != 'true' run: yarn install --frozen-lockfile --no-progress env: PUPPETEER_CACHE_DIR: /tmp/src/cache From 589b8de5870e9233df4a74f993fb50548fcd1ee8 Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 17:03:05 +0200 Subject: [PATCH 18/22] Add puppeter service --- .github/workflows/test-pr.yml | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 05549baf..d05bb572 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -19,6 +19,8 @@ jobs: - /var/run/docker grabpl: image: byrnedo/alpine-curl:0.1.8 + puppeter: + image: us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -45,21 +47,8 @@ jobs: uses: actions/setup-node@v4 with: node-version: '18' - - - name: Get yarn cache directory path - id: yarn-cache-dir-path - run: echo "::set-output name=dir::$(yarn cache dir)" - - id: cache-yarn-cache - uses: actions/cache@v4 - with: - path: ${{ steps.yarn-cache-dir-path.outputs.dir }} - key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} - restore-keys: | - ${{ runner.os }}-yarn- - - name: yarn-install - if: steps.cache-yarn-cache.outputs.cache-hit != 'true' run: yarn install --frozen-lockfile --no-progress env: PUPPETEER_CACHE_DIR: /tmp/src/cache @@ -70,7 +59,7 @@ jobs: - name: yarn-test run: yarn test-ci env: - CI: true + CI: "true" PUPPETEER_CACHE_DIR: /tmp/src/cache - name: security-scan From fb6bb36c7dbce949e887924b3d651b79d33e00a3 Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 18:15:30 +0200 Subject: [PATCH 19/22] Run puppeteer and wait for grafana (test) --- .github/workflows/test-pr.yml | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index d05bb572..ec63389e 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -19,8 +19,6 @@ jobs: - /var/run/docker grabpl: image: byrnedo/alpine-curl:0.1.8 - puppeter: - image: us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -55,6 +53,30 @@ jobs: - name: yarn-build run: yarn build + + - uses: grafana/shared-workflows/actions/login-to-gar@main + id: login-to-gar + with: + registry: 'us-docker.pkg.dev' + environment: 'prod' + + - name: run-puppeter-image + run: | + docker pull docker-puppeteer:2.0.0 + docker run docker-puppeteer:2.0.0 + + - name: wait-for-grafana + run: | + for i in {1..10}; do + if docker exec grafana curl -sf http://localhost:3000; then + echo "Grafana is ready!" + exit 0 + fi + echo "Waiting for container to be ready..." + sleep 10 + done + echo "Container failed to start in time" >&2 + exit 1 - name: yarn-test run: yarn test-ci From e83ae3265c0cab6bd9cf73e16996a6ce02b11265 Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 18:28:27 +0200 Subject: [PATCH 20/22] More tests --- .github/workflows/test-pr.yml | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index ec63389e..a7f613af 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -40,11 +40,36 @@ jobs: with: key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }} path: bin/grabpl + restore-keys: | + grabpl-${{ runner.os }}- + grabpl- - name: install-node uses: actions/setup-node@v4 with: node-version: '18' + + - name: Get yarn cache directory path + id: yarn-cache-dir-path + run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT + + - name: Cache yarn cache + uses: actions/cache@v4 + id: cache-yarn-cache + with: + path: ${{ steps.yarn-cache-dir-path.outputs.dir }} + key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} + restore-keys: | + ${{ runner.os }}-yarn- + + - name: Cache node_modules + id: cache-node-modules + uses: actions/cache@v4 + with: + path: node_modules + key: ${{ runner.os }}-${{ matrix.node-version }}-nodemodules-${{ hashFiles('**/yarn.lock') }} + restore-keys: | + ${{ runner.os }}-${{ matrix.node-version }}-nodemodules- - name: yarn-install run: yarn install --frozen-lockfile --no-progress @@ -57,13 +82,13 @@ jobs: - uses: grafana/shared-workflows/actions/login-to-gar@main id: login-to-gar with: - registry: 'us-docker.pkg.dev' - environment: 'prod' + registry: us-docker.pkg.dev + environment: prod - name: run-puppeter-image run: | - docker pull docker-puppeteer:2.0.0 - docker run docker-puppeteer:2.0.0 + docker pull us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0 + docker run us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0 - name: wait-for-grafana run: | From f2bdc50154b6e4100ba2086f64e6902d5014cc39 Mon Sep 17 00:00:00 2001 From: spinillos Date: Mon, 5 Aug 2024 18:38:15 +0200 Subject: [PATCH 21/22] More tests --- .github/workflows/test-pr.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index a7f613af..ebdf3528 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -35,7 +35,7 @@ jobs: curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl chmod +x bin/grabpl - - uses: actions/cache/save@v4 + - uses: actions/cache@v4 id: grabpl-cache with: key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }} @@ -82,8 +82,8 @@ jobs: - uses: grafana/shared-workflows/actions/login-to-gar@main id: login-to-gar with: - registry: us-docker.pkg.dev - environment: prod + registry: "us-docker.pkg.dev" + environment: "prod" - name: run-puppeter-image run: | @@ -132,7 +132,7 @@ jobs: - alpine-x64-no-chromium steps: - - uses: actions/cache/restore@v4 + - uses: actions/cache@v4 with: path: bin/grabpl key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }} From e3f21d03b504d28b1093ce1726066d4dc6da7698 Mon Sep 17 00:00:00 2001 From: spinillos Date: Tue, 6 Aug 2024 10:29:41 +0200 Subject: [PATCH 22/22] Use default gar config --- .github/workflows/test-pr.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index ebdf3528..4b7570ba 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -81,10 +81,7 @@ jobs: - uses: grafana/shared-workflows/actions/login-to-gar@main id: login-to-gar - with: - registry: "us-docker.pkg.dev" - environment: "prod" - + - name: run-puppeter-image run: | docker pull us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0