--- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-verify-drone node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - ./bin/build verify-drone depends_on: - compile-build-cmd image: byrnedo/alpine-curl:0.1.8 name: lint-drone trigger: event: - pull_request paths: exclude: - docs/** - '*.md' include: - scripts/drone/** - .drone.yml - .drone.star type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-verify-starlark node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - go install github.com/bazelbuild/buildtools/buildifier@latest - buildifier --lint=warn -mode=check -r . depends_on: - compile-build-cmd image: golang:1.22.4-alpine name: lint-starlark trigger: event: - pull_request paths: exclude: - docs/** - '*.md' include: - scripts/drone/** - .drone.star type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-verify-storybook node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - yarn storybook --quiet depends_on: - yarn-install detach: true image: node:20.9.0-alpine name: start-storybook - commands: - npx wait-on@7.2.0 -t 1m http://$HOST:$PORT - yarn e2e:storybook depends_on: - start-storybook environment: HOST: start-storybook PORT: "9001" image: cypress/included:13.10.0 name: end-to-end-tests-storybook-suite trigger: event: - pull_request paths: exclude: - docs/** - '*.md' include: - packages/grafana-ui/** type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-test-frontend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - apk add --update git bash - yarn betterer ci depends_on: - yarn-install image: node:20.9.0-alpine name: betterer-frontend - commands: - apk add --update curl jq bash - is_fork=$(curl --retry 5 "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST" | jq .head.repo.fork) - if [ "$is_fork" != false ]; then return 1; fi - git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git" ../grafana-enterprise - cd ../grafana-enterprise - if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}"; elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}"; else git checkout main; fi - cd ../ - ln -s src grafana - cd ./grafana-enterprise - ./build.sh environment: GITHUB_TOKEN: from_secret: github_token failure: ignore image: alpine/git:2.40.1 name: clone-enterprise - commands: - yarn run ci:test-frontend depends_on: - yarn-install environment: TEST_MAX_WORKERS: 50% image: node:20.9.0-alpine name: test-frontend trigger: event: - pull_request paths: exclude: - docs/** - '*.md' - pkg/** - packaging/** - go.sum - go.mod include: [] type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-lint-frontend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - apk add --update curl jq bash - is_fork=$(curl --retry 5 "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST" | jq .head.repo.fork) - if [ "$is_fork" != false ]; then return 1; fi - git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git" ../grafana-enterprise - cd ../grafana-enterprise - if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}"; elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}"; else git checkout main; fi - cd ../ - ln -s src grafana - cd ./grafana-enterprise - ./build.sh environment: GITHUB_TOKEN: from_secret: github_token failure: ignore image: alpine/git:2.40.1 name: clone-enterprise - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - yarn run prettier:check - yarn run lint - yarn run typecheck depends_on: - yarn-install environment: TEST_MAX_WORKERS: 50% image: node:20.9.0-alpine name: lint-frontend - commands: - |- make i18n-extract || (echo " Extraction failed. Make sure that you have no dynamic translation phrases, such as 't(\`preferences.theme.\$${themeID}\`, themeName)' and that no translation key is used twice. Search the output for '[warning]' to find the offending file." && false) - "\n file_diff=$(git diff --dirstat public/locales)\n if [ -n \"$file_diff\" ]; then\n echo $file_diff\n echo \"\nTranslation extraction has not been committed. Please run 'make i18n-extract', commit the changes and push again.\"\n exit 1\n fi\n \ " depends_on: - yarn-install image: node:20-bookworm name: verify-i18n trigger: event: - pull_request paths: exclude: - docs/** - '*.md' - pkg/** - packaging/** - go.sum - go.mod include: [] type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-test-backend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - apk add --update curl jq bash - is_fork=$(curl --retry 5 "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST" | jq .head.repo.fork) - if [ "$is_fork" != false ]; then return 1; fi - git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git" ../grafana-enterprise - cd ../grafana-enterprise - if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}"; elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}"; else git checkout main; fi - cd ../ - ln -s src grafana - cd ./grafana-enterprise - ./build.sh environment: GITHUB_TOKEN: from_secret: github_token failure: ignore image: alpine/git:2.40.1 name: clone-enterprise - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: [] image: golang:1.22.4-alpine name: verify-gen-cue - commands: - '# It is required that generated jsonnet is committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-jsonnet depends_on: [] image: golang:1.22.4-alpine name: verify-gen-jsonnet - commands: - apk add --update make - make gen-go depends_on: - verify-gen-cue image: golang:1.22.4-alpine name: wire-install - commands: - apk add --update build-base shared-mime-info shared-mime-info-lang - go list -f '{{.Dir}}/...' -m | xargs go test -tags requires_buildifer -short -covermode=atomic -timeout=5m depends_on: - wire-install image: golang:1.22.4-alpine name: test-backend - commands: - apk add --update build-base - go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install image: golang:1.22.4-alpine name: test-backend-integration trigger: event: - pull_request paths: exclude: - docs/** - '*.md' include: - Makefile - pkg/** - packaging/** - .drone.yml - conf/** - go.sum - go.mod - public/app/plugins/**/plugin.json - docs/sources/setup-grafana/configure-grafana/feature-toggles/** - devenv/** type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-lint-backend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - apk add --update curl jq bash - is_fork=$(curl --retry 5 "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST" | jq .head.repo.fork) - if [ "$is_fork" != false ]; then return 1; fi - git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git" ../grafana-enterprise - cd ../grafana-enterprise - if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}"; elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}"; else git checkout main; fi - cd ../ - ln -s src grafana - cd ./grafana-enterprise - ./build.sh environment: GITHUB_TOKEN: from_secret: github_token failure: ignore image: alpine/git:2.40.1 name: clone-enterprise - commands: - apk add --update make - make gen-go depends_on: [] image: golang:1.22.4-alpine name: wire-install - commands: - go run scripts/modowners/modowners.go check go.mod image: golang:1.22.4-alpine name: validate-modfile - commands: - apk add --update make - make swagger-validate image: golang:1.22.4-alpine name: validate-openapi-spec trigger: event: - pull_request paths: exclude: - docs/** - '*.md' include: - .golangci.toml - Makefile - pkg/** - packaging/** - .drone.yml - conf/** - go.sum - go.mod - public/app/plugins/**/plugin.json - devenv/** - .bingo/** type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-build-e2e node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - mkdir -p bin - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl - chmod +x bin/grabpl image: byrnedo/alpine-curl:0.1.8 name: grabpl - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: [] image: golang:1.22.4-alpine name: verify-gen-cue - commands: - '# It is required that generated jsonnet is committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-jsonnet depends_on: [] image: golang:1.22.4-alpine name: verify-gen-jsonnet - commands: - apk add --update make - make gen-go depends_on: - verify-gen-cue image: golang:1.22.4-alpine name: wire-install - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - apk add --update jq bash - yarn packages:build - yarn packages:pack - ./scripts/validate-npm-packages.sh depends_on: - yarn-install environment: NODE_OPTIONS: --max_old_space_size=8192 image: node:20.9.0-alpine name: build-frontend-packages - failure: ignore image: grafana/drone-downstream name: trigger-enterprise-downstream settings: params: - SOURCE_BUILD_NUMBER=${DRONE_COMMIT} - SOURCE_COMMIT=${DRONE_COMMIT} - OSS_PULL_REQUEST=${DRONE_PULL_REQUEST} repositories: - grafana/grafana-enterprise@${DRONE_SOURCE_BRANCH} server: https://drone.grafana.net token: from_secret: drone_token - commands: - /src/grafana-build artifacts -a targz:grafana:linux/amd64 -a targz:grafana:linux/arm64 -a targz:grafana:linux/arm/v7 --go-version=1.22.4 --yarn-cache=$$YARN_CACHE_FOLDER --build-id=$$DRONE_BUILD_NUMBER --grafana-dir=$$PWD > packages.txt depends_on: - yarn-install environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token image: grafana/grafana-build:main name: rgm-package pull: always volumes: - name: docker path: /var/run/docker.sock - commands: - apk add --update tar bash - mkdir grafana - tar --strip-components=1 -xvf ./dist/*amd64.tar.gz -C grafana - cp -r devenv scripts tools grafana && cd grafana && ./scripts/grafana-server/start-server depends_on: - rgm-package detach: true environment: GF_APP_MODE: development GF_SERVER_HTTP_PORT: "3001" GF_SERVER_ROUTER_LOGGING: "1" image: alpine:3.19.1 name: grafana-server - commands: - ./bin/build e2e-tests --port 3001 --suite dashboards-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-dashboards-suite - commands: - ./bin/build e2e-tests --port 3001 --suite scenes/dashboards-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-scenes/dashboards-suite - commands: - ./bin/build e2e-tests --port 3001 --suite smoke-tests-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-smoke-tests-suite - commands: - ./bin/build e2e-tests --port 3001 --suite scenes/smoke-tests-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-scenes/smoke-tests-suite - commands: - ./bin/build e2e-tests --port 3001 --suite panels-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-panels-suite - commands: - ./bin/build e2e-tests --port 3001 --suite scenes/panels-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-scenes/panels-suite - commands: - ./bin/build e2e-tests --port 3001 --suite various-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-various-suite - commands: - ./bin/build e2e-tests --port 3001 --suite scenes/various-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-scenes/various-suite - commands: - cd / - ./cpp-e2e/scripts/ci-run.sh azure ${DRONE_SOURCE_BRANCH} depends_on: - grafana-server environment: AZURE_SP_APP_ID: from_secret: azure_sp_app_id AZURE_SP_PASSWORD: from_secret: azure_sp_app_pw AZURE_TENANT: from_secret: azure_tenant CYPRESS_CI: "true" GITHUB_TOKEN: from_secret: github_token HOST: grafana-server image: us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e-13.10.0:1.0.0 name: end-to-end-tests-cloud-plugins-suite-azure when: paths: include: - pkg/tsdb/azuremonitor/** - public/app/plugins/datasource/azuremonitor/** - e2e/cloud-plugins-suite/azure-monitor.spec.ts repo: - grafana/grafana - commands: - npx wait-on@7.0.1 http://$HOST:$PORT - yarn playwright install --with-deps chromium - yarn e2e:playwright depends_on: - grafana-server environment: HOST: grafana-server PORT: "3001" PROV_DIR: /grafana/scripts/grafana-server/tmp/conf/provisioning image: node:20-bookworm name: playwright-plugin-e2e - commands: - apt-get update - apt-get install -yq zip - printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json - gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json - gsutil cp -r ./playwright-report/. gs://releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report - export E2E_PLAYWRIGHT_REPORT_URL=https://storage.googleapis.com/releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report/index.html - "echo \"E2E Playwright report uploaded to: \n $${E2E_PLAYWRIGHT_REPORT_URL}\"" depends_on: - playwright-plugin-e2e environment: GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY: from_secret: gcp_upload_artifacts_key failure: ignore image: google/cloud-sdk:431.0.0 name: playwright-e2e-report-upload when: status: - success - failure - commands: - if [ ! -d ./playwright-report/trace ]; then echo 'all tests passed'; exit 0; fi - export E2E_PLAYWRIGHT_REPORT_URL=https://storage.googleapis.com/releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report/index.html - 'curl -L -X POST https://api.github.com/repos/grafana/grafana/issues/${DRONE_PULL_REQUEST}/comments -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $${GITHUB_TOKEN}" -H "X-GitHub-Api-Version: 2022-11-28" -d "{\"body\":\"❌ Failed to run Playwright plugin e2e tests.

Click [here]($${E2E_PLAYWRIGHT_REPORT_URL}) to browse the Playwright report and trace viewer.
For information on how to run Playwright tests locally, refer to the [Developer guide](https://github.com/grafana/grafana/blob/main/contribute/developer-guide.md#to-run-the-playwright-tests). \"}"' depends_on: - playwright-e2e-report-upload environment: GITHUB_TOKEN: from_secret: github_token failure: ignore image: byrnedo/alpine-curl:0.1.8 name: playwright-e2e-report-post-link when: status: - success - failure - commands: - if [ -z `find ./e2e -type f -name *spec.ts.mp4` ]; then echo 'missing videos'; false; fi - apt-get update - apt-get install -yq zip - printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json - gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json - find ./e2e -type f -name "*spec.ts.mp4" | zip e2e/videos.zip -@ - gsutil cp e2e/videos.zip gs://$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip - export E2E_ARTIFACTS_VIDEO_ZIP=https://storage.googleapis.com/$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip - 'echo "E2E Test artifacts uploaded to: $${E2E_ARTIFACTS_VIDEO_ZIP}"' - 'curl -X POST https://api.github.com/repos/${DRONE_REPO}/statuses/${DRONE_COMMIT_SHA} -H "Authorization: token $${GITHUB_TOKEN}" -d "{\"state\":\"success\",\"target_url\":\"$${E2E_ARTIFACTS_VIDEO_ZIP}\", \"description\": \"Click on the details to download e2e recording videos\", \"context\": \"e2e_artifacts\"}"' depends_on: - end-to-end-tests-dashboards-suite - end-to-end-tests-panels-suite - end-to-end-tests-smoke-tests-suite - end-to-end-tests-various-suite environment: E2E_TEST_ARTIFACTS_BUCKET: releng-pipeline-artifacts-dev GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY: from_secret: gcp_upload_artifacts_key GITHUB_TOKEN: from_secret: github_token failure: ignore image: google/cloud-sdk:431.0.0 name: e2e-tests-artifacts-upload when: status: - success - failure - commands: - yarn storybook:build - ./bin/build verify-storybook depends_on: - rgm-package - build-frontend-packages environment: NODE_OPTIONS: --max_old_space_size=4096 image: node:20.9.0-alpine name: build-storybook when: paths: include: - packages/grafana-ui/** - commands: - npx wait-on@7.0.1 http://$HOST:$PORT - pa11y-ci --config .pa11yci-pr.conf.js depends_on: - grafana-server environment: GRAFANA_MISC_STATS_API_KEY: from_secret: grafana_misc_stats_api_key HOST: grafana-server PORT: 3001 failure: always image: grafana/docker-puppeteer:1.1.0 name: test-a11y-frontend - commands: - docker run --privileged --rm tonistiigi/binfmt --install all - /src/grafana-build artifacts -a docker:grafana:linux/amd64 -a docker:grafana:linux/amd64:ubuntu -a docker:grafana:linux/arm64 -a docker:grafana:linux/arm64:ubuntu -a docker:grafana:linux/arm/v7 -a docker:grafana:linux/arm/v7:ubuntu --yarn-cache=$$YARN_CACHE_FOLDER --build-id=$$DRONE_BUILD_NUMBER --go-version=1.22.4 --ubuntu-base=ubuntu:22.04 --alpine-base=alpine:3.19.1 --tag-format='{{ .version_base }}-{{ .buildID }}-{{ .arch }}' --grafana-dir=$$PWD --ubuntu-tag-format='{{ .version_base }}-{{ .buildID }}-ubuntu-{{ .arch }}' > docker.txt - find ./dist -name '*docker*.tar.gz' -type f | xargs -n1 docker load -i depends_on: - yarn-install environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token image: grafana/grafana-build:main name: rgm-build-docker pull: always volumes: - name: docker path: /var/run/docker.sock - commands: - ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana depends_on: - rgm-build-docker environment: DOCKER_PASSWORD: from_secret: docker_password DOCKER_USER: from_secret: docker_username GITHUB_APP_ID: from_secret: delivery-bot-app-id GITHUB_APP_INSTALLATION_ID: from_secret: delivery-bot-app-installation-id GITHUB_APP_PRIVATE_KEY: from_secret: delivery-bot-app-private-key failure: ignore image: google/cloud-sdk:431.0.0 name: publish-images-grafana volumes: - name: docker path: /var/run/docker.sock trigger: event: - pull_request paths: exclude: - '*.md' - docs/** - latest.json type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-integration-tests node: type: no-parallel platform: arch: amd64 os: linux services: - environment: PGDATA: /var/lib/postgresql/data/pgdata POSTGRES_DB: grafanatest POSTGRES_PASSWORD: grafanatest POSTGRES_USER: grafanatest image: postgres:12.3-alpine name: postgres volumes: - name: postgres path: /var/lib/postgresql/data/pgdata - commands: - docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci environment: MYSQL_DATABASE: grafana_tests MYSQL_PASSWORD: password MYSQL_ROOT_PASSWORD: rootpass MYSQL_USER: grafana image: mysql:5.7.39 name: mysql57 volumes: - name: mysql57 path: /var/lib/mysql - commands: - docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password environment: MYSQL_DATABASE: grafana_tests MYSQL_PASSWORD: password MYSQL_ROOT_PASSWORD: rootpass MYSQL_USER: grafana image: mysql:8.0.32 name: mysql80 volumes: - name: mysql80 path: /var/lib/mysql - commands: - /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled environment: {} image: grafana/mimir-alpine:r295-a23e559 name: mimir_backend - environment: {} image: redis:6.2.11-alpine name: redis - environment: {} image: memcached:1.6.9-alpine name: memcached steps: - commands: - apk add --update curl jq bash - is_fork=$(curl --retry 5 "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST" | jq .head.repo.fork) - if [ "$is_fork" != false ]; then return 1; fi - git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git" ../grafana-enterprise - cd ../grafana-enterprise - if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}"; elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}"; else git checkout main; fi - cd ../ - ln -s src grafana - cd ./grafana-enterprise - ./build.sh environment: GITHUB_TOKEN: from_secret: github_token failure: ignore image: alpine/git:2.40.1 name: clone-enterprise - commands: - mkdir -p bin - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl - chmod +x bin/grabpl image: byrnedo/alpine-curl:0.1.8 name: grabpl - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: [] image: golang:1.22.4-alpine name: verify-gen-cue - commands: - '# It is required that generated jsonnet is committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-jsonnet depends_on: [] image: golang:1.22.4-alpine name: verify-gen-jsonnet - commands: - apk add --update make - make gen-go depends_on: - verify-gen-cue image: golang:1.22.4-alpine name: wire-install - commands: - dockerize -wait tcp://postgres:5432 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-postgres - commands: - apk add --update build-base - apk add --update postgresql-client - psql -p 5432 -h postgres -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql - go clean -testcache - go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install - wait-for-postgres environment: GRAFANA_TEST_DB: postgres PGPASSWORD: grafanatest POSTGRES_HOST: postgres image: golang:1.22.4-alpine name: postgres-integration-tests - commands: - dockerize -wait tcp://mysql57:3306 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-mysql-5.7 - commands: - apk add --update build-base - apk add --update mysql-client - cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql57 -P 3306 -u root -prootpass - go clean -testcache - go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install - wait-for-mysql-5.7 environment: GRAFANA_TEST_DB: mysql MYSQL_HOST: mysql57 image: golang:1.22.4-alpine name: mysql-5.7-integration-tests - commands: - dockerize -wait tcp://mysql80:3306 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-mysql-8.0 - commands: - apk add --update build-base - apk add --update mysql-client - cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql80 -P 3306 -u root -prootpass - go clean -testcache - go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install - wait-for-mysql-8.0 environment: GRAFANA_TEST_DB: mysql MYSQL_HOST: mysql80 image: golang:1.22.4-alpine name: mysql-8.0-integration-tests - commands: - dockerize -wait tcp://redis:6379 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-redis - commands: - apk add --update build-base - go clean -testcache - go list -f '{{.Dir}}/...' -m | xargs go test -run IntegrationRedis -covermode=atomic -timeout=2m depends_on: - wire-install - wait-for-redis environment: REDIS_URL: redis://redis:6379/0 image: golang:1.22.4-alpine name: redis-integration-tests - commands: - dockerize -wait tcp://memcached:11211 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-memcached - commands: - apk add --update build-base - go clean -testcache - go list -f '{{.Dir}}/...' -m | xargs go test -run IntegrationMemcached -covermode=atomic -timeout=2m depends_on: - wire-install - wait-for-memcached environment: MEMCACHED_HOSTS: memcached:11211 image: golang:1.22.4-alpine name: memcached-integration-tests - commands: - dockerize -wait tcp://mimir_backend:8080 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-remote-alertmanager - commands: - apk add --update build-base - go clean -testcache - go test -run TestIntegrationRemoteAlertmanager -covermode=atomic -timeout=2m ./pkg/services/ngalert/... depends_on: - wire-install - wait-for-remote-alertmanager environment: AM_TENANT_ID: test AM_URL: http://mimir_backend:8080 failure: ignore image: golang:1.22.4-alpine name: remote-alertmanager-integration-tests trigger: event: - pull_request paths: exclude: - docs/** - '*.md' include: - pkg/** - packaging/** - .drone.yml - conf/** - go.sum - go.mod - public/app/plugins/**/plugin.json type: docker volumes: - host: path: /var/run/docker.sock name: docker - name: postgres temp: medium: memory - name: mysql57 temp: medium: memory - name: mysql80 temp: medium: memory --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-docs node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - pip3 install codespell - codespell -I docs/.codespellignore docs/ image: python:3.8 name: codespell - commands: - yarn run prettier:checkDocs depends_on: - yarn-install environment: NODE_OPTIONS: --max_old_space_size=8192 image: node:20.9.0-alpine name: lint-docs - commands: - mkdir -p /hugo/content/docs/grafana/latest - 'echo -e ''---\nredirectURL: /docs/grafana/latest/\ntype: redirect\nversioned: true\n---\n'' > /hugo/content/docs/grafana/_index.md' - cp -r docs/sources/* /hugo/content/docs/grafana/latest/ - cd /hugo && make prod image: grafana/docs-base:latest name: build-docs-website pull: always - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: [] image: golang:1.22.4-alpine name: verify-gen-cue trigger: event: - pull_request paths: include: - '*.md' - docs/** - packages/**/*.md - latest.json repo: - grafana/grafana type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-shellcheck node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - apt-get update -yq && apt-get install shellcheck - shellcheck -e SC1071 -e SC2162 scripts/**/*.sh image: ubuntu:22.04 name: shellcheck trigger: event: - pull_request paths: exclude: - '*.md' - docs/** - latest.json include: - scripts/**/*.sh type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] image_pull_secrets: - gcr - gar kind: pipeline name: pr-swagger-gen node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - apk add --update curl jq bash - is_fork=$(curl --retry 5 "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST" | jq .head.repo.fork) - if [ "$is_fork" != false ]; then return 1; fi - git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git" ../grafana-enterprise - cd ../grafana-enterprise - if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}"; elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}"; else git checkout main; fi - cd ../ - ln -s src grafana - cd ./grafana-enterprise - ./build.sh environment: GITHUB_TOKEN: from_secret: github_token failure: ignore image: alpine/git:2.40.1 name: clone-enterprise - commands: - apk add --update git make - make swagger-clean && make openapi3-gen - for f in public/api-merged.json public/openapi3.json; do git add $f; done - if [ -z "$(git diff --name-only --cached)" ]; then echo "Everything seems up to date!"; else git diff --cached && echo "Please ensure the branch is up-to-date, then regenerate the specification by running make swagger-clean && make openapi3-gen" && return 1; fi depends_on: - clone-enterprise environment: GITHUB_TOKEN: from_secret: github_token image: golang:1.22.4-alpine name: swagger-gen trigger: event: - pull_request type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: pr-integration-benchmarks node: type: no-parallel platform: arch: amd64 os: linux services: - environment: PGDATA: /var/lib/postgresql/data/pgdata POSTGRES_DB: grafanatest POSTGRES_PASSWORD: grafanatest POSTGRES_USER: grafanatest image: postgres:12.3-alpine name: postgres volumes: - name: postgres path: /var/lib/postgresql/data/pgdata - commands: - docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci environment: MYSQL_DATABASE: grafana_tests MYSQL_PASSWORD: password MYSQL_ROOT_PASSWORD: rootpass MYSQL_USER: grafana image: mysql:5.7.39 name: mysql57 volumes: - name: mysql57 path: /var/lib/mysql - commands: - docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password environment: MYSQL_DATABASE: grafana_tests MYSQL_PASSWORD: password MYSQL_ROOT_PASSWORD: rootpass MYSQL_USER: grafana image: mysql:8.0.32 name: mysql80 volumes: - name: mysql80 path: /var/lib/mysql - commands: - /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled environment: {} image: grafana/mimir-alpine:r295-a23e559 name: mimir_backend - environment: {} image: redis:6.2.11-alpine name: redis - environment: {} image: memcached:1.6.9-alpine name: memcached steps: - commands: - apk add --update curl jq bash - git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git" ../grafana-enterprise - cd ../grafana-enterprise - if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}"; elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}"; else git checkout main; fi - cd ../ - ln -s src grafana - cd ./grafana-enterprise - ./build.sh environment: GITHUB_TOKEN: from_secret: github_token failure: ignore image: alpine/git:2.40.1 name: clone-enterprise - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: - clone-enterprise image: golang:1.22.4-alpine name: verify-gen-cue - commands: - '# It is required that generated jsonnet is committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-jsonnet depends_on: - clone-enterprise image: golang:1.22.4-alpine name: verify-gen-jsonnet - commands: - apk add --update make - make gen-go depends_on: - verify-gen-cue image: golang:1.22.4-alpine name: wire-install - commands: - apk add --update build-base - if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi - go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES} depends_on: - wire-install image: golang:1.22.4-alpine name: sqlite-benchmark-integration-tests - commands: - apk add --update build-base - if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi - go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES} depends_on: - wire-install environment: GRAFANA_TEST_DB: postgres PGPASSWORD: grafanatest POSTGRES_HOST: postgres image: golang:1.22.4-alpine name: postgres-benchmark-integration-tests - commands: - apk add --update build-base - if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi - go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES} depends_on: - wire-install environment: GRAFANA_TEST_DB: mysql MYSQL_HOST: mysql57 image: golang:1.22.4-alpine name: mysql-5.7-benchmark-integration-tests - commands: - apk add --update build-base - if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi - go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES} depends_on: - wire-install environment: GRAFANA_TEST_DB: mysql MYSQL_HOST: mysql80 image: golang:1.22.4-alpine name: mysql-8.0-benchmark-integration-tests trigger: event: - promote target: - gobenchmarks type: docker volumes: - host: path: /var/run/docker.sock name: docker - name: postgres temp: medium: memory - name: mysql57 temp: medium: memory - name: mysql80 temp: medium: memory --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: main-docs node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - pip3 install codespell - codespell -I docs/.codespellignore docs/ image: python:3.8 name: codespell - commands: - yarn run prettier:checkDocs depends_on: - yarn-install environment: NODE_OPTIONS: --max_old_space_size=8192 image: node:20.9.0-alpine name: lint-docs - commands: - mkdir -p /hugo/content/docs/grafana/latest - 'echo -e ''---\nredirectURL: /docs/grafana/latest/\ntype: redirect\nversioned: true\n---\n'' > /hugo/content/docs/grafana/_index.md' - cp -r docs/sources/* /hugo/content/docs/grafana/latest/ - cd /hugo && make prod image: grafana/docs-base:latest name: build-docs-website pull: always - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: [] image: golang:1.22.4-alpine name: verify-gen-cue trigger: branch: main event: - push paths: include: - '*.md' - docs/** - packages/**/*.md - latest.json repo: - grafana/grafana type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: main-test-frontend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - apk add --update git bash - yarn betterer ci depends_on: - yarn-install image: node:20.9.0-alpine name: betterer-frontend - commands: - yarn run ci:test-frontend depends_on: - yarn-install environment: TEST_MAX_WORKERS: 50% image: node:20.9.0-alpine name: test-frontend trigger: branch: main event: - push paths: exclude: - '*.md' - docs/** - latest.json repo: - grafana/grafana type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: main-lint-frontend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - yarn run prettier:check - yarn run lint - yarn run typecheck depends_on: - yarn-install environment: TEST_MAX_WORKERS: 50% image: node:20.9.0-alpine name: lint-frontend - commands: - |- make i18n-extract || (echo " Extraction failed. Make sure that you have no dynamic translation phrases, such as 't(\`preferences.theme.\$${themeID}\`, themeName)' and that no translation key is used twice. Search the output for '[warning]' to find the offending file." && false) - "\n file_diff=$(git diff --dirstat public/locales)\n if [ -n \"$file_diff\" ]; then\n echo $file_diff\n echo \"\nTranslation extraction has not been committed. Please run 'make i18n-extract', commit the changes and push again.\"\n exit 1\n fi\n \ " depends_on: - yarn-install image: node:20-bookworm name: verify-i18n trigger: branch: main event: - push paths: exclude: - '*.md' - docs/** - latest.json repo: - grafana/grafana type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: main-test-backend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: [] image: golang:1.22.4-alpine name: verify-gen-cue - commands: - '# It is required that generated jsonnet is committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-jsonnet depends_on: [] image: golang:1.22.4-alpine name: verify-gen-jsonnet - commands: - apk add --update make - make gen-go depends_on: - verify-gen-cue image: golang:1.22.4-alpine name: wire-install - commands: - apk add --update build-base shared-mime-info shared-mime-info-lang - go list -f '{{.Dir}}/...' -m | xargs go test -tags requires_buildifer -short -covermode=atomic -timeout=5m depends_on: - wire-install image: golang:1.22.4-alpine name: test-backend - commands: - apk add --update build-base - go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install image: golang:1.22.4-alpine name: test-backend-integration trigger: branch: main event: - push paths: exclude: - '*.md' - docs/** - latest.json repo: - grafana/grafana type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: main-lint-backend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - apk add --update make - make gen-go depends_on: [] image: golang:1.22.4-alpine name: wire-install - commands: - go run scripts/modowners/modowners.go check go.mod image: golang:1.22.4-alpine name: validate-modfile - commands: - apk add --update make - make swagger-validate image: golang:1.22.4-alpine name: validate-openapi-spec - commands: - ./bin/build verify-drone depends_on: - compile-build-cmd image: byrnedo/alpine-curl:0.1.8 name: lint-drone trigger: branch: main event: - push paths: exclude: - '*.md' - docs/** - latest.json repo: - grafana/grafana type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: main-verify-storybook node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - yarn storybook --quiet depends_on: - yarn-install detach: true image: node:20.9.0-alpine name: start-storybook - commands: - npx wait-on@7.2.0 -t 1m http://$HOST:$PORT - yarn e2e:storybook depends_on: - start-storybook environment: HOST: start-storybook PORT: "9001" image: cypress/included:13.10.0 name: end-to-end-tests-storybook-suite trigger: branch: main event: - push paths: exclude: - '*.md' - docs/** - latest.json repo: - grafana/grafana type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: main-build-e2e-publish node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - mkdir -p bin - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl - chmod +x bin/grabpl image: byrnedo/alpine-curl:0.1.8 name: grabpl - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: [] image: golang:1.22.4-alpine name: verify-gen-cue - commands: - '# It is required that generated jsonnet is committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-jsonnet depends_on: [] image: golang:1.22.4-alpine name: verify-gen-jsonnet - commands: - apk add --update make - make gen-go depends_on: - verify-gen-cue image: golang:1.22.4-alpine name: wire-install - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - apk add --update jq - new_version=$(cat package.json | jq -r .version | sed s/pre/${DRONE_BUILD_NUMBER}/g) - 'echo "New version: $new_version"' - yarn run lerna version $new_version --exact --no-git-tag-version --no-push --force-publish -y - yarn install --mode=update-lockfile depends_on: - yarn-install image: node:20.9.0-alpine name: update-package-json-version - commands: - apk add --update jq bash - yarn packages:build - yarn packages:pack - ./scripts/validate-npm-packages.sh depends_on: - yarn-install - update-package-json-version environment: NODE_OPTIONS: --max_old_space_size=8192 image: node:20.9.0-alpine name: build-frontend-packages - commands: - /src/grafana-build artifacts -a targz:grafana:linux/amd64 -a targz:grafana:linux/arm64 -a targz:grafana:linux/arm/v7 --go-version=1.22.4 --yarn-cache=$$YARN_CACHE_FOLDER --build-id=$$DRONE_BUILD_NUMBER --grafana-dir=$$PWD > packages.txt depends_on: - update-package-json-version environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token image: grafana/grafana-build:main name: rgm-package pull: always volumes: - name: docker path: /var/run/docker.sock - commands: - apk add --update tar bash - mkdir grafana - tar --strip-components=1 -xvf ./dist/*amd64.tar.gz -C grafana - cp -r devenv scripts tools grafana && cd grafana && ./scripts/grafana-server/start-server depends_on: - rgm-package detach: true environment: GF_APP_MODE: development GF_SERVER_HTTP_PORT: "3001" GF_SERVER_ROUTER_LOGGING: "1" image: alpine:3.19.1 name: grafana-server - commands: - ./bin/build e2e-tests --port 3001 --suite dashboards-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-dashboards-suite - commands: - ./bin/build e2e-tests --port 3001 --suite scenes/dashboards-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-scenes/dashboards-suite - commands: - ./bin/build e2e-tests --port 3001 --suite smoke-tests-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-smoke-tests-suite - commands: - ./bin/build e2e-tests --port 3001 --suite scenes/smoke-tests-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-scenes/smoke-tests-suite - commands: - ./bin/build e2e-tests --port 3001 --suite panels-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-panels-suite - commands: - ./bin/build e2e-tests --port 3001 --suite scenes/panels-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-scenes/panels-suite - commands: - ./bin/build e2e-tests --port 3001 --suite various-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-various-suite - commands: - ./bin/build e2e-tests --port 3001 --suite scenes/various-suite depends_on: - grafana-server environment: HOST: grafana-server image: cypress/included:13.10.0 name: end-to-end-tests-scenes/various-suite - commands: - cd / - ./cpp-e2e/scripts/ci-run.sh azure ${DRONE_SOURCE_BRANCH} depends_on: - grafana-server environment: AZURE_SP_APP_ID: from_secret: azure_sp_app_id AZURE_SP_PASSWORD: from_secret: azure_sp_app_pw AZURE_TENANT: from_secret: azure_tenant CYPRESS_CI: "true" GITHUB_TOKEN: from_secret: github_token HOST: grafana-server image: us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e-13.10.0:1.0.0 name: end-to-end-tests-cloud-plugins-suite-azure when: paths: include: - pkg/tsdb/azuremonitor/** - public/app/plugins/datasource/azuremonitor/** - e2e/cloud-plugins-suite/azure-monitor.spec.ts repo: - grafana/grafana - commands: - npx wait-on@7.0.1 http://$HOST:$PORT - yarn playwright install --with-deps chromium - yarn e2e:playwright depends_on: - grafana-server environment: HOST: grafana-server PORT: "3001" PROV_DIR: /grafana/scripts/grafana-server/tmp/conf/provisioning image: node:20-bookworm name: playwright-plugin-e2e - commands: - apt-get update - apt-get install -yq zip - printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json - gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json - gsutil cp -r ./playwright-report/. gs://releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report - export E2E_PLAYWRIGHT_REPORT_URL=https://storage.googleapis.com/releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report/index.html - "echo \"E2E Playwright report uploaded to: \n $${E2E_PLAYWRIGHT_REPORT_URL}\"" depends_on: - playwright-plugin-e2e environment: GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY: from_secret: gcp_upload_artifacts_key failure: ignore image: google/cloud-sdk:431.0.0 name: playwright-e2e-report-upload when: status: - success - failure - commands: - if [ ! -d ./playwright-report/trace ]; then echo 'all tests passed'; exit 0; fi - export E2E_PLAYWRIGHT_REPORT_URL=https://storage.googleapis.com/releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report/index.html - 'curl -L -X POST https://api.github.com/repos/grafana/grafana/issues/${DRONE_PULL_REQUEST}/comments -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $${GITHUB_TOKEN}" -H "X-GitHub-Api-Version: 2022-11-28" -d "{\"body\":\"❌ Failed to run Playwright plugin e2e tests.

Click [here]($${E2E_PLAYWRIGHT_REPORT_URL}) to browse the Playwright report and trace viewer.
For information on how to run Playwright tests locally, refer to the [Developer guide](https://github.com/grafana/grafana/blob/main/contribute/developer-guide.md#to-run-the-playwright-tests). \"}"' depends_on: - playwright-e2e-report-upload environment: GITHUB_TOKEN: from_secret: github_token failure: ignore image: byrnedo/alpine-curl:0.1.8 name: playwright-e2e-report-post-link when: status: - success - failure - commands: - if [ -z `find ./e2e -type f -name *spec.ts.mp4` ]; then echo 'missing videos'; false; fi - apt-get update - apt-get install -yq zip - printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json - gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json - find ./e2e -type f -name "*spec.ts.mp4" | zip e2e/videos.zip -@ - gsutil cp e2e/videos.zip gs://$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip - export E2E_ARTIFACTS_VIDEO_ZIP=https://storage.googleapis.com/$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip - 'echo "E2E Test artifacts uploaded to: $${E2E_ARTIFACTS_VIDEO_ZIP}"' - 'curl -X POST https://api.github.com/repos/${DRONE_REPO}/statuses/${DRONE_COMMIT_SHA} -H "Authorization: token $${GITHUB_TOKEN}" -d "{\"state\":\"success\",\"target_url\":\"$${E2E_ARTIFACTS_VIDEO_ZIP}\", \"description\": \"Click on the details to download e2e recording videos\", \"context\": \"e2e_artifacts\"}"' depends_on: - end-to-end-tests-dashboards-suite - end-to-end-tests-panels-suite - end-to-end-tests-smoke-tests-suite - end-to-end-tests-various-suite environment: E2E_TEST_ARTIFACTS_BUCKET: releng-pipeline-artifacts-dev GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY: from_secret: gcp_upload_artifacts_key GITHUB_TOKEN: from_secret: github_token failure: ignore image: google/cloud-sdk:431.0.0 name: e2e-tests-artifacts-upload when: status: - success - failure - commands: - yarn storybook:build - ./bin/build verify-storybook depends_on: - rgm-package - build-frontend-packages environment: NODE_OPTIONS: --max_old_space_size=4096 image: node:20.9.0-alpine name: build-storybook when: paths: include: - packages/grafana-ui/** - commands: - npx wait-on@7.0.1 http://$HOST:$PORT - pa11y-ci --config .pa11yci.conf.js --json > pa11y-ci-results.json depends_on: - grafana-server environment: GRAFANA_MISC_STATS_API_KEY: from_secret: grafana_misc_stats_api_key HOST: grafana-server PORT: 3001 failure: ignore image: grafana/docker-puppeteer:1.1.0 name: test-a11y-frontend - commands: - ./bin/build store-storybook --deployment canary depends_on: - build-storybook - end-to-end-tests-dashboards-suite - end-to-end-tests-panels-suite - end-to-end-tests-smoke-tests-suite - end-to-end-tests-various-suite environment: GCP_KEY: from_secret: gcp_grafanauploads PRERELEASE_BUCKET: from_secret: prerelease_bucket image: grafana/grafana-ci-deploy:1.3.3 name: store-storybook when: paths: include: - packages/grafana-ui/** repo: - grafana/grafana - commands: - apk add --update bash grep git - ./scripts/ci-frontend-metrics.sh ./grafana/public/build | ./bin/build publish-metrics $$GRAFANA_MISC_STATS_API_KEY depends_on: - test-a11y-frontend environment: GRAFANA_MISC_STATS_API_KEY: from_secret: grafana_misc_stats_api_key failure: ignore image: node:20.9.0-alpine name: publish-frontend-metrics when: repo: - grafana/grafana - commands: - docker run --privileged --rm tonistiigi/binfmt --install all - /src/grafana-build artifacts -a docker:grafana:linux/amd64 -a docker:grafana:linux/amd64:ubuntu -a docker:grafana:linux/arm64 -a docker:grafana:linux/arm64:ubuntu -a docker:grafana:linux/arm/v7 -a docker:grafana:linux/arm/v7:ubuntu --yarn-cache=$$YARN_CACHE_FOLDER --build-id=$$DRONE_BUILD_NUMBER --go-version=1.22.4 --ubuntu-base=ubuntu:22.04 --alpine-base=alpine:3.19.1 --tag-format='{{ .version_base }}-{{ .buildID }}-{{ .arch }}' --grafana-dir=$$PWD --ubuntu-tag-format='{{ .version_base }}-{{ .buildID }}-ubuntu-{{ .arch }}' > docker.txt - find ./dist -name '*docker*.tar.gz' -type f | xargs -n1 docker load -i depends_on: - update-package-json-version environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token image: grafana/grafana-build:main name: rgm-build-docker pull: always volumes: - name: docker path: /var/run/docker.sock - commands: - ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana depends_on: - rgm-build-docker environment: DOCKER_PASSWORD: from_secret: docker_password DOCKER_USER: from_secret: docker_username GCP_KEY: from_secret: gcp_grafanauploads GITHUB_APP_ID: from_secret: delivery-bot-app-id GITHUB_APP_INSTALLATION_ID: from_secret: delivery-bot-app-installation-id GITHUB_APP_PRIVATE_KEY: from_secret: delivery-bot-app-private-key image: google/cloud-sdk:431.0.0 name: publish-images-grafana volumes: - name: docker path: /var/run/docker.sock when: repo: - grafana/grafana - commands: - ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana-oss depends_on: - rgm-build-docker environment: DOCKER_PASSWORD: from_secret: docker_password DOCKER_USER: from_secret: docker_username GCP_KEY: from_secret: gcp_grafanauploads GITHUB_APP_ID: from_secret: delivery-bot-app-id GITHUB_APP_INSTALLATION_ID: from_secret: delivery-bot-app-installation-id GITHUB_APP_PRIVATE_KEY: from_secret: delivery-bot-app-private-key image: google/cloud-sdk:431.0.0 name: publish-images-grafana-oss volumes: - name: docker path: /var/run/docker.sock when: repo: - grafana/grafana - commands: - apk add --update bash - ./scripts/publish-npm-packages.sh --dist-tag 'canary' --registry 'https://registry.npmjs.org' depends_on: - end-to-end-tests-dashboards-suite - end-to-end-tests-panels-suite - end-to-end-tests-smoke-tests-suite - end-to-end-tests-various-suite - build-frontend-packages environment: NPM_TOKEN: from_secret: npm_token image: node:20.9.0-alpine name: release-canary-npm-packages when: paths: include: - packages/** repo: - grafana/grafana - commands: - ./bin/build upload-packages --edition oss depends_on: - end-to-end-tests-dashboards-suite - end-to-end-tests-panels-suite - end-to-end-tests-smoke-tests-suite - end-to-end-tests-various-suite environment: GCP_KEY: from_secret: gcp_grafanauploads_base64 PRERELEASE_BUCKET: from_secret: prerelease_bucket image: grafana/grafana-ci-deploy:1.3.3 name: upload-packages when: repo: - grafana/grafana - commands: - ./bin/build upload-cdn --edition oss depends_on: - grafana-server environment: GCP_KEY: from_secret: gcp_grafanauploads PRERELEASE_BUCKET: from_secret: prerelease_bucket image: grafana/grafana-ci-deploy:1.3.3 name: upload-cdn-assets when: repo: - grafana/grafana trigger: branch: main event: - push paths: exclude: - '*.md' - docs/** - latest.json repo: - grafana/grafana type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: main-integration-tests node: type: no-parallel platform: arch: amd64 os: linux services: - environment: PGDATA: /var/lib/postgresql/data/pgdata POSTGRES_DB: grafanatest POSTGRES_PASSWORD: grafanatest POSTGRES_USER: grafanatest image: postgres:12.3-alpine name: postgres volumes: - name: postgres path: /var/lib/postgresql/data/pgdata - commands: - docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci environment: MYSQL_DATABASE: grafana_tests MYSQL_PASSWORD: password MYSQL_ROOT_PASSWORD: rootpass MYSQL_USER: grafana image: mysql:5.7.39 name: mysql57 volumes: - name: mysql57 path: /var/lib/mysql - commands: - docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password environment: MYSQL_DATABASE: grafana_tests MYSQL_PASSWORD: password MYSQL_ROOT_PASSWORD: rootpass MYSQL_USER: grafana image: mysql:8.0.32 name: mysql80 volumes: - name: mysql80 path: /var/lib/mysql - commands: - /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled environment: {} image: grafana/mimir-alpine:r295-a23e559 name: mimir_backend - environment: {} image: redis:6.2.11-alpine name: redis - environment: {} image: memcached:1.6.9-alpine name: memcached steps: - commands: - mkdir -p bin - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl - chmod +x bin/grabpl image: byrnedo/alpine-curl:0.1.8 name: grabpl - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: [] image: golang:1.22.4-alpine name: verify-gen-cue - commands: - '# It is required that generated jsonnet is committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-jsonnet depends_on: [] image: golang:1.22.4-alpine name: verify-gen-jsonnet - commands: - apk add --update make - make gen-go depends_on: - verify-gen-cue image: golang:1.22.4-alpine name: wire-install - commands: - dockerize -wait tcp://postgres:5432 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-postgres - commands: - apk add --update build-base - apk add --update postgresql-client - psql -p 5432 -h postgres -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql - go clean -testcache - go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install - wait-for-postgres environment: GRAFANA_TEST_DB: postgres PGPASSWORD: grafanatest POSTGRES_HOST: postgres image: golang:1.22.4-alpine name: postgres-integration-tests - commands: - dockerize -wait tcp://mysql57:3306 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-mysql-5.7 - commands: - apk add --update build-base - apk add --update mysql-client - cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql57 -P 3306 -u root -prootpass - go clean -testcache - go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install - wait-for-mysql-5.7 environment: GRAFANA_TEST_DB: mysql MYSQL_HOST: mysql57 image: golang:1.22.4-alpine name: mysql-5.7-integration-tests - commands: - dockerize -wait tcp://mysql80:3306 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-mysql-8.0 - commands: - apk add --update build-base - apk add --update mysql-client - cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql80 -P 3306 -u root -prootpass - go clean -testcache - go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install - wait-for-mysql-8.0 environment: GRAFANA_TEST_DB: mysql MYSQL_HOST: mysql80 image: golang:1.22.4-alpine name: mysql-8.0-integration-tests - commands: - dockerize -wait tcp://redis:6379 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-redis - commands: - apk add --update build-base - go clean -testcache - go list -f '{{.Dir}}/...' -m | xargs go test -run IntegrationRedis -covermode=atomic -timeout=2m depends_on: - wire-install - wait-for-redis environment: REDIS_URL: redis://redis:6379/0 image: golang:1.22.4-alpine name: redis-integration-tests - commands: - dockerize -wait tcp://memcached:11211 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-memcached - commands: - apk add --update build-base - go clean -testcache - go list -f '{{.Dir}}/...' -m | xargs go test -run IntegrationMemcached -covermode=atomic -timeout=2m depends_on: - wire-install - wait-for-memcached environment: MEMCACHED_HOSTS: memcached:11211 image: golang:1.22.4-alpine name: memcached-integration-tests - commands: - dockerize -wait tcp://mimir_backend:8080 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-remote-alertmanager - commands: - apk add --update build-base - go clean -testcache - go test -run TestIntegrationRemoteAlertmanager -covermode=atomic -timeout=2m ./pkg/services/ngalert/... depends_on: - wire-install - wait-for-remote-alertmanager environment: AM_TENANT_ID: test AM_URL: http://mimir_backend:8080 failure: ignore image: golang:1.22.4-alpine name: remote-alertmanager-integration-tests trigger: branch: main event: - push paths: exclude: - '*.md' - docs/** - latest.json repo: - grafana/grafana type: docker volumes: - host: path: /var/run/docker.sock name: docker - name: postgres temp: medium: memory - name: mysql57 temp: medium: memory - name: mysql80 temp: medium: memory --- clone: retries: 3 depends_on: - main-test-frontend - main-test-backend - main-build-e2e-publish - main-integration-tests environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: main-windows platform: arch: amd64 os: windows version: "1809" services: [] steps: - commands: - echo $env:DRONE_RUNNER_NAME image: mcr.microsoft.com/windows:1809 name: identify-runner - commands: - $$ProgressPreference = "SilentlyContinue" - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/windows/grabpl.exe -OutFile grabpl.exe image: grafana/ci-wix:0.1.1 name: windows-init trigger: branch: main event: - push paths: exclude: - '*.md' - docs/** - latest.json repo: - grafana/grafana type: docker volumes: - host: path: //./pipe/docker_engine/ name: docker --- clone: retries: 3 depends_on: - main-build-e2e-publish - main-integration-tests environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: main-trigger-downstream node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - image: grafana/drone-downstream name: trigger-enterprise-downstream settings: params: - SOURCE_BUILD_NUMBER=${DRONE_COMMIT} - SOURCE_COMMIT=${DRONE_COMMIT} repositories: - grafana/grafana-enterprise@main server: https://drone.grafana.net token: from_secret: drone_token trigger: branch: main event: - push paths: exclude: - '*.md' - docs/** - latest.json repo: - grafana/grafana type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: - main-test-frontend - main-test-backend - main-build-e2e-publish - main-integration-tests - main-windows kind: pipeline name: main-notify platform: arch: amd64 os: linux steps: - image: plugins/slack name: slack settings: channel: grafana-ci-notifications template: |- Build {{build.number}} failed for commit: : {{build.link}} Branch: Author: {{build.author}} webhook: from_secret: slack_webhook trigger: branch: main event: - push paths: exclude: - '*.md' - docs/** - latest.json repo: - grafana/grafana status: - failure type: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: publish-docker-public node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - mkdir -p bin - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl - chmod +x bin/grabpl image: byrnedo/alpine-curl:0.1.8 name: grabpl - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - ./bin/build artifacts docker fetch --edition oss depends_on: - compile-build-cmd environment: DOCKER_PASSWORD: from_secret: docker_password DOCKER_USER: from_secret: docker_username GCP_KEY: from_secret: gcp_grafanauploads image: google/cloud-sdk:431.0.0 name: fetch-images volumes: - name: docker path: /var/run/docker.sock - commands: - ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana --version-tag ${DRONE_TAG} depends_on: - fetch-images environment: DOCKER_PASSWORD: from_secret: docker_password DOCKER_USER: from_secret: docker_username GCP_KEY: from_secret: gcp_grafanauploads GITHUB_APP_ID: from_secret: delivery-bot-app-id GITHUB_APP_INSTALLATION_ID: from_secret: delivery-bot-app-installation-id GITHUB_APP_PRIVATE_KEY: from_secret: delivery-bot-app-private-key image: google/cloud-sdk:431.0.0 name: publish-images-grafana volumes: - name: docker path: /var/run/docker.sock - commands: - ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana-oss --version-tag ${DRONE_TAG} depends_on: - fetch-images environment: DOCKER_PASSWORD: from_secret: docker_password DOCKER_USER: from_secret: docker_username GCP_KEY: from_secret: gcp_grafanauploads GITHUB_APP_ID: from_secret: delivery-bot-app-id GITHUB_APP_INSTALLATION_ID: from_secret: delivery-bot-app-installation-id GITHUB_APP_PRIVATE_KEY: from_secret: delivery-bot-app-private-key image: google/cloud-sdk:431.0.0 name: publish-images-grafana-oss volumes: - name: docker path: /var/run/docker.sock trigger: event: - promote target: - public type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] image_pull_secrets: - gcr - gar kind: pipeline name: create-release-pr node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - apk add perl - v_target=`echo $${TAG} | perl -pe 's/^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/v\1.\2.x/'` - default_target=`if [[ -n $$LATEST ]]; then echo 'main'; else echo $$v_target; fi` - backport=`if [[ -n $$LATEST ]]; then echo $$v_target; fi` - curl -L $${GH_CLI_URL} | tar -xz --strip-components=1 -C /usr - gh workflow run -f dry_run=$${DRY_RUN} -f version=$${TAG} -f target=$${TARGET:-$default_target} -f backport=$${BACKPORT:-$default_backport} --repo=grafana/grafana release-pr.yml depends_on: [] environment: GH_CLI_URL: https://github.com/cli/cli/releases/download/v2.50.0/gh_2.50.0_linux_amd64.tar.gz GITHUB_TOKEN: from_secret: github_token image: byrnedo/alpine-curl:0.1.8 name: create-release-pr trigger: event: - promote target: release-pr type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: publish-artifacts-public node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - ./bin/build artifacts packages --tag $${DRONE_TAG} --src-bucket $${PRERELEASE_BUCKET} depends_on: - compile-build-cmd environment: GCP_KEY: from_secret: gcp_grafanauploads_base64 PRERELEASE_BUCKET: from_secret: prerelease_bucket image: grafana/grafana-ci-deploy:1.3.3 name: publish-artifacts - commands: - ./bin/build artifacts static-assets --tag ${DRONE_TAG} --static-asset-editions=grafana-oss depends_on: - compile-build-cmd environment: GCP_KEY: from_secret: gcp_grafanauploads_base64 PRERELEASE_BUCKET: from_secret: prerelease_bucket STATIC_ASSET_EDITIONS: from_secret: static_asset_editions image: grafana/grafana-ci-deploy:1.3.3 name: publish-static-assets - commands: - ./bin/build artifacts storybook --tag ${DRONE_TAG} depends_on: - compile-build-cmd environment: GCP_KEY: from_secret: gcp_grafanauploads_base64 PRERELEASE_BUCKET: from_secret: prerelease_bucket image: grafana/grafana-ci-deploy:1.3.3 name: publish-storybook - commands: - apk add perl - v_target=`echo $${TAG} | perl -pe 's/^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/v\1.\2.x/'` - default_target=`if [[ -n $$LATEST ]]; then echo 'main'; else echo $$v_target; fi` - backport=`if [[ -n $$LATEST ]]; then echo $$v_target; fi` - curl -L $${GH_CLI_URL} | tar -xz --strip-components=1 -C /usr - gh workflow run -f dry_run=$${DRY_RUN} -f version=$${TAG} -f target=$${TARGET:-$default_target} -f backport=$${BACKPORT:-$default_backport} --repo=grafana/grafana release-pr.yml depends_on: - publish-artifacts - publish-static-assets environment: GH_CLI_URL: https://github.com/cli/cli/releases/download/v2.50.0/gh_2.50.0_linux_amd64.tar.gz GITHUB_TOKEN: from_secret: github_token image: byrnedo/alpine-curl:0.1.8 name: create-release-pr trigger: event: - promote target: - public type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: publish-npm-packages-public node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - ./bin/build artifacts npm retrieve --tag ${DRONE_TAG} depends_on: - compile-build-cmd - yarn-install environment: GCP_KEY: from_secret: gcp_grafanauploads_base64 PRERELEASE_BUCKET: from_secret: prerelease_bucket failure: ignore image: grafana/grafana-ci-deploy:1.3.3 name: retrieve-npm-packages - commands: - ./bin/build artifacts npm release --tag ${DRONE_TAG} depends_on: - compile-build-cmd - retrieve-npm-packages environment: NPM_TOKEN: from_secret: npm_token failure: ignore image: node:20.9.0-alpine name: release-npm-packages trigger: event: - promote target: - public type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] image_pull_secrets: - gcr - gar kind: pipeline name: verify-grafanacom-artifacts node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - apk add curl bash - "\n for i in {1..5}; do\n if ./scripts/drone/verify-grafanacom.sh; then\n exit 0\n elif [ $i -eq 5 ]; then\n exit 1\n else\n sleep 60\n fi\n done\n \ " depends_on: [] image: node:20.9.0-alpine name: verify-grafanacom trigger: event: - promote target: verify-grafanacom-artifacts type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: - publish-artifacts-public - publish-docker-public environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: publish-packages node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - depends_on: - compile-build-cmd image: us.gcr.io/kubernetes-dev/package-publish:latest name: publish-linux-packages-deb privileged: true settings: access_key_id: from_secret: packages_access_key_id deb_distribution: auto gpg_passphrase: from_secret: packages_gpg_passphrase gpg_private_key: from_secret: packages_gpg_private_key gpg_public_key: from_secret: packages_gpg_public_key package_path: gs://grafana-prerelease/artifacts/downloads/*${DRONE_TAG}/oss/**.deb secret_access_key: from_secret: packages_secret_access_key service_account_json: from_secret: packages_service_account target_bucket: grafana-packages - depends_on: - compile-build-cmd image: us.gcr.io/kubernetes-dev/package-publish:latest name: publish-linux-packages-rpm privileged: true settings: access_key_id: from_secret: packages_access_key_id deb_distribution: auto gpg_passphrase: from_secret: packages_gpg_passphrase gpg_private_key: from_secret: packages_gpg_private_key gpg_public_key: from_secret: packages_gpg_public_key package_path: gs://grafana-prerelease/artifacts/downloads/*${DRONE_TAG}/oss/**.rpm secret_access_key: from_secret: packages_secret_access_key service_account_json: from_secret: packages_service_account target_bucket: grafana-packages - commands: - ./bin/build publish grafana-com --edition oss ${DRONE_TAG} depends_on: - publish-linux-packages-deb - publish-linux-packages-rpm environment: GCP_KEY: from_secret: gcp_grafanauploads_base64 GRAFANA_COM_API_KEY: from_secret: grafana_api_key image: grafana/grafana-ci-deploy:1.3.3 name: publish-grafanacom - commands: - apk add curl bash - "\n for i in {1..5}; do\n if ./scripts/drone/verify-grafanacom.sh; then\n exit 0\n elif [ $i -eq 5 ]; then\n exit 1\n else\n sleep 60\n fi\n done\n \ " depends_on: - publish-grafanacom image: node:20.9.0-alpine name: verify-grafanacom trigger: event: - promote target: - public type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: - main-test-backend - main-test-frontend image_pull_secrets: - gcr - gar kind: pipeline name: rgm-main-prerelease node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - export GRAFANA_DIR=$$(pwd) - cd /src && ./scripts/drone_build_main.sh environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token ALPINE_BASE: alpine:3.19.1 CDN_DESTINATION: from_secret: rgm_cdn_destination DESTINATION: from_secret: destination DOCKER_PASSWORD: from_secret: docker_password DOCKER_USERNAME: from_secret: docker_username DOWNLOADS_DESTINATION: from_secret: rgm_downloads_destination GCOM_API_KEY: from_secret: grafana_api_key GCP_KEY_BASE64: from_secret: gcp_key_base64 GITHUB_TOKEN: from_secret: github_token GO_VERSION: 1.22.4 GPG_PASSPHRASE: from_secret: packages_gpg_passphrase GPG_PRIVATE_KEY: from_secret: packages_gpg_private_key GPG_PUBLIC_KEY: from_secret: packages_gpg_public_key NPM_TOKEN: from_secret: npm_token STORYBOOK_DESTINATION: from_secret: rgm_storybook_destination UBUNTU_BASE: ubuntu:22.04 image: grafana/grafana-build:main name: rgm-build pull: always volumes: - name: docker path: /var/run/docker.sock trigger: branch: main event: - push paths: exclude: - '*.md' - docs/** - packages/**/*.md - latest.json repo: - grafana/grafana type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: release-whatsnew-checker node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd depends_on: [] environment: CGO_ENABLED: 0 image: golang:1.22.4-alpine name: compile-build-cmd - commands: - ./bin/build whatsnew-checker depends_on: - compile-build-cmd image: golang:1.22.4-alpine name: whats-new-checker trigger: event: exclude: - promote ref: exclude: - refs/tags/*-cloud* include: - refs/tags/v* type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: release-test-frontend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - apk add --update git bash - yarn betterer ci depends_on: - yarn-install image: node:20.9.0-alpine name: betterer-frontend - commands: - yarn run ci:test-frontend depends_on: - yarn-install environment: TEST_MAX_WORKERS: 50% image: node:20.9.0-alpine name: test-frontend trigger: event: exclude: - promote ref: exclude: - refs/tags/*-cloud* include: - refs/tags/v* type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: release-test-backend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: [] image: golang:1.22.4-alpine name: verify-gen-cue - commands: - '# It is required that generated jsonnet is committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-jsonnet depends_on: [] image: golang:1.22.4-alpine name: verify-gen-jsonnet - commands: - apk add --update make - make gen-go depends_on: - verify-gen-cue image: golang:1.22.4-alpine name: wire-install - commands: - apk add --update build-base shared-mime-info shared-mime-info-lang - go list -f '{{.Dir}}/...' -m | xargs go test -tags requires_buildifer -short -covermode=atomic -timeout=5m depends_on: - wire-install image: golang:1.22.4-alpine name: test-backend - commands: - apk add --update build-base - go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install image: golang:1.22.4-alpine name: test-backend-integration trigger: event: exclude: - promote ref: exclude: - refs/tags/*-cloud* include: - refs/tags/v* type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: - release-test-backend - release-test-frontend image_pull_secrets: - gcr - gar kind: pipeline name: rgm-tag-prerelease node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - export GRAFANA_DIR=$$(pwd) - cd /src && ./scripts/drone_build_tag_grafana.sh environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token ALPINE_BASE: alpine:3.19.1 CDN_DESTINATION: from_secret: rgm_cdn_destination DESTINATION: from_secret: destination DOCKER_PASSWORD: from_secret: docker_password DOCKER_USERNAME: from_secret: docker_username DOWNLOADS_DESTINATION: from_secret: rgm_downloads_destination GCOM_API_KEY: from_secret: grafana_api_key GCP_KEY_BASE64: from_secret: gcp_key_base64 GITHUB_TOKEN: from_secret: github_token GO_VERSION: 1.22.4 GPG_PASSPHRASE: from_secret: packages_gpg_passphrase GPG_PRIVATE_KEY: from_secret: packages_gpg_private_key GPG_PUBLIC_KEY: from_secret: packages_gpg_public_key NPM_TOKEN: from_secret: npm_token STORYBOOK_DESTINATION: from_secret: rgm_storybook_destination UBUNTU_BASE: ubuntu:22.04 image: grafana/grafana-build:main name: rgm-build pull: always volumes: - name: docker path: /var/run/docker.sock trigger: event: exclude: - promote ref: exclude: - refs/tags/*-cloud* include: - refs/tags/v* type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: - rgm-tag-prerelease image_pull_secrets: - gcr - gar kind: pipeline name: rgm-tag-prerelease-windows platform: arch: amd64 os: windows version: "1809" services: [] steps: - commands: - echo $env:DRONE_RUNNER_NAME image: mcr.microsoft.com/windows:1809 name: identify-runner - commands: - $$ProgressPreference = "SilentlyContinue" - Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/windows/grabpl.exe -OutFile grabpl.exe image: grafana/ci-wix:0.1.1 name: windows-init - commands: - $$gcpKey = $$env:GCP_KEY - '[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($$gcpKey)) > gcpkey.json' - dos2unix gcpkey.json - gcloud auth activate-service-account --key-file=gcpkey.json - rm gcpkey.json - cp C:\App\nssm-2.24.zip . - .\grabpl.exe windows-installer --target gs://grafana-prerelease/artifacts/downloads/${DRONE_TAG}/oss/release/grafana-${DRONE_TAG:1}.windows-amd64.zip --edition oss ${DRONE_TAG} - $$fname = ((Get-Childitem grafana*.msi -name) -split "`n")[0] - gsutil cp $$fname gs://grafana-prerelease/artifacts/downloads/${DRONE_TAG}/oss/release/ - gsutil cp "$$fname.sha256" gs://grafana-prerelease/artifacts/downloads/${DRONE_TAG}/oss/release/ depends_on: - windows-init environment: GCP_KEY: from_secret: gcp_grafanauploads_base64 GITHUB_TOKEN: from_secret: github_token PRERELEASE_BUCKET: from_secret: prerelease_bucket image: grafana/ci-wix:0.1.1 name: build-windows-installer trigger: event: exclude: - promote ref: exclude: - refs/tags/*-cloud* include: - refs/tags/v* type: docker volumes: - host: path: //./pipe/docker_engine/ name: docker --- clone: retries: 3 depends_on: - rgm-tag-prerelease - rgm-tag-prerelease-windows image_pull_secrets: - gcr - gar kind: pipeline name: rgm-tag-verify-prerelease-assets node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - apt-get update && apt-get install -yq gettext - printenv GCP_KEY | base64 -d > /tmp/key.json - gcloud auth activate-service-account --key-file=/tmp/key.json - ./scripts/list-release-artifacts.sh ${DRONE_TAG} | xargs -n1 gsutil stat >> /tmp/stat.log - '! cat /tmp/stat.log | grep "No URLs matched"' depends_on: - clone environment: BUCKET: grafana-prerelease GCP_KEY: from_secret: gcp_key_base64 image: google/cloud-sdk:431.0.0 name: gsutil-stat trigger: event: exclude: - promote ref: exclude: - refs/tags/*-cloud* include: - refs/tags/v* type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: - release-test-backend - release-test-frontend image_pull_secrets: - gcr - gar kind: pipeline name: rgm-version-branch-prerelease node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - export GRAFANA_DIR=$$(pwd) - cd /src && ./scripts/drone_build_tag_grafana.sh environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token ALPINE_BASE: alpine:3.19.1 CDN_DESTINATION: from_secret: rgm_cdn_destination DESTINATION: from_secret: destination DOCKER_PASSWORD: from_secret: docker_password DOCKER_USERNAME: from_secret: docker_username DOWNLOADS_DESTINATION: from_secret: rgm_downloads_destination GCOM_API_KEY: from_secret: grafana_api_key GCP_KEY_BASE64: from_secret: gcp_key_base64 GITHUB_TOKEN: from_secret: github_token GO_VERSION: 1.22.4 GPG_PASSPHRASE: from_secret: packages_gpg_passphrase GPG_PRIVATE_KEY: from_secret: packages_gpg_private_key GPG_PUBLIC_KEY: from_secret: packages_gpg_public_key NPM_TOKEN: from_secret: npm_token STORYBOOK_DESTINATION: from_secret: rgm_storybook_destination UBUNTU_BASE: ubuntu:22.04 image: grafana/grafana-build:main name: rgm-build pull: always volumes: - name: docker path: /var/run/docker.sock trigger: ref: - refs/heads/v[0-9]* type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: - rgm-version-branch-prerelease image_pull_secrets: - gcr - gar kind: pipeline name: rgm-prerelease-verify-prerelease-assets node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - apt-get update && apt-get install -yq gettext - printenv GCP_KEY | base64 -d > /tmp/key.json - gcloud auth activate-service-account --key-file=/tmp/key.json - ./scripts/list-release-artifacts.sh ${DRONE_TAG} | xargs -n1 gsutil stat >> /tmp/stat.log - '! cat /tmp/stat.log | grep "No URLs matched"' depends_on: - clone environment: BUCKET: grafana-prerelease GCP_KEY: from_secret: gcp_key_base64 image: google/cloud-sdk:431.0.0 name: gsutil-stat trigger: ref: - refs/heads/v[0-9]* type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: nightly-test-frontend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - yarn install --immutable || yarn install --immutable depends_on: [] image: node:20.9.0-alpine name: yarn-install - commands: - apk add --update git bash - yarn betterer ci depends_on: - yarn-install image: node:20.9.0-alpine name: betterer-frontend - commands: - yarn run ci:test-frontend depends_on: - yarn-install environment: TEST_MAX_WORKERS: 50% image: node:20.9.0-alpine name: test-frontend trigger: cron: include: - nightly-release event: include: - cron type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: nightly-test-backend node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: [] image: golang:1.22.4-alpine name: verify-gen-cue - commands: - '# It is required that generated jsonnet is committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-jsonnet depends_on: [] image: golang:1.22.4-alpine name: verify-gen-jsonnet - commands: - apk add --update make - make gen-go depends_on: - verify-gen-cue image: golang:1.22.4-alpine name: wire-install - commands: - apk add --update build-base shared-mime-info shared-mime-info-lang - go list -f '{{.Dir}}/...' -m | xargs go test -tags requires_buildifer -short -covermode=atomic -timeout=5m depends_on: - wire-install image: golang:1.22.4-alpine name: test-backend - commands: - apk add --update build-base - go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install image: golang:1.22.4-alpine name: test-backend-integration trigger: cron: include: - nightly-release event: include: - cron type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: - nightly-test-backend - nightly-test-frontend image_pull_secrets: - gcr - gar kind: pipeline name: rgm-nightly-build node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - export GRAFANA_DIR=$$(pwd) - cd /src && ./scripts/drone_build_nightly_grafana.sh environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token ALPINE_BASE: alpine:3.19.1 CDN_DESTINATION: from_secret: rgm_cdn_destination DESTINATION: from_secret: destination DOCKER_PASSWORD: from_secret: docker_password DOCKER_USERNAME: from_secret: docker_username DOWNLOADS_DESTINATION: from_secret: rgm_downloads_destination GCOM_API_KEY: from_secret: grafana_api_key GCP_KEY_BASE64: from_secret: gcp_key_base64 GITHUB_TOKEN: from_secret: github_token GO_VERSION: 1.22.4 GPG_PASSPHRASE: from_secret: packages_gpg_passphrase GPG_PRIVATE_KEY: from_secret: packages_gpg_private_key GPG_PUBLIC_KEY: from_secret: packages_gpg_public_key NPM_TOKEN: from_secret: npm_token STORYBOOK_DESTINATION: from_secret: rgm_storybook_destination UBUNTU_BASE: ubuntu:22.04 image: grafana/grafana-build:main name: rgm-build pull: always volumes: - name: docker path: /var/run/docker.sock - commands: - mkdir -p $${DESTINATION}/$${DRONE_BUILD_EVENT} - printenv GCP_KEY_BASE64 | base64 -d > /tmp/key.json - gcloud auth activate-service-account --key-file=/tmp/key.json - gcloud storage cp -r $${DRONE_WORKSPACE}/dist/* $${DESTINATION}/$${DRONE_BUILD_EVENT} depends_on: - rgm-build environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token CDN_DESTINATION: from_secret: rgm_cdn_destination DESTINATION: from_secret: destination DOCKER_PASSWORD: from_secret: docker_password DOCKER_USERNAME: from_secret: docker_username DOWNLOADS_DESTINATION: from_secret: rgm_downloads_destination GCOM_API_KEY: from_secret: grafana_api_key GCP_KEY_BASE64: from_secret: gcp_key_base64 GITHUB_TOKEN: from_secret: github_token GPG_PASSPHRASE: from_secret: packages_gpg_passphrase GPG_PRIVATE_KEY: from_secret: packages_gpg_private_key GPG_PUBLIC_KEY: from_secret: packages_gpg_public_key NPM_TOKEN: from_secret: npm_token STORYBOOK_DESTINATION: from_secret: rgm_storybook_destination image: google/cloud-sdk:alpine name: rgm-copy trigger: cron: include: - nightly-release event: include: - cron type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: - rgm-nightly-build image_pull_secrets: - gcr - gar kind: pipeline name: rgm-nightly-publish node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - mkdir -p $${DRONE_WORKSPACE}/dist - printenv GCP_KEY_BASE64 | base64 -d > /tmp/key.json - gcloud auth activate-service-account --key-file=/tmp/key.json - gcloud storage cp -r $${DESTINATION}/$${DRONE_BUILD_EVENT}/*_$${DRONE_BUILD_NUMBER}_* $${DRONE_WORKSPACE}/dist environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token CDN_DESTINATION: from_secret: rgm_cdn_destination DESTINATION: from_secret: destination DOCKER_PASSWORD: from_secret: docker_password DOCKER_USERNAME: from_secret: docker_username DOWNLOADS_DESTINATION: from_secret: rgm_downloads_destination GCOM_API_KEY: from_secret: grafana_api_key GCP_KEY_BASE64: from_secret: gcp_key_base64 GITHUB_TOKEN: from_secret: github_token GPG_PASSPHRASE: from_secret: packages_gpg_passphrase GPG_PRIVATE_KEY: from_secret: packages_gpg_private_key GPG_PUBLIC_KEY: from_secret: packages_gpg_public_key NPM_TOKEN: from_secret: npm_token STORYBOOK_DESTINATION: from_secret: rgm_storybook_destination image: google/cloud-sdk:alpine name: rgm-copy - commands: - export GRAFANA_DIR=$$(pwd) - cd /src && ./scripts/drone_publish_nightly_grafana.sh depends_on: - rgm-copy environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token ALPINE_BASE: alpine:3.19.1 CDN_DESTINATION: from_secret: rgm_cdn_destination DESTINATION: from_secret: destination DOCKER_PASSWORD: from_secret: docker_password DOCKER_USERNAME: from_secret: docker_username DOWNLOADS_DESTINATION: from_secret: rgm_downloads_destination GCOM_API_KEY: from_secret: grafana_api_key GCP_KEY_BASE64: from_secret: gcp_key_base64 GITHUB_TOKEN: from_secret: github_token GO_VERSION: 1.22.4 GPG_PASSPHRASE: from_secret: packages_gpg_passphrase GPG_PRIVATE_KEY: from_secret: packages_gpg_private_key GPG_PUBLIC_KEY: from_secret: packages_gpg_public_key NPM_TOKEN: from_secret: npm_token STORYBOOK_DESTINATION: from_secret: rgm_storybook_destination UBUNTU_BASE: ubuntu:22.04 image: grafana/grafana-build:main name: rgm-publish pull: always volumes: - name: docker path: /var/run/docker.sock - depends_on: - rgm-publish image: us.gcr.io/kubernetes-dev/package-publish:latest name: publish-deb privileged: true settings: access_key_id: from_secret: packages_access_key_id gpg_passphrase: from_secret: packages_gpg_passphrase gpg_private_key: from_secret: packages_gpg_private_key gpg_public_key: from_secret: packages_gpg_public_key package_path: file:///drone/src/dist/*.deb secret_access_key: from_secret: packages_secret_access_key service_account_json: from_secret: packages_service_account target_bucket: grafana-packages - depends_on: - rgm-publish image: us.gcr.io/kubernetes-dev/package-publish:latest name: publish-rpm privileged: true settings: access_key_id: from_secret: packages_access_key_id gpg_passphrase: from_secret: packages_gpg_passphrase gpg_private_key: from_secret: packages_gpg_private_key gpg_public_key: from_secret: packages_gpg_public_key package_path: file:///drone/src/dist/*.rpm secret_access_key: from_secret: packages_secret_access_key service_account_json: from_secret: packages_service_account target_bucket: grafana-packages trigger: cron: include: - nightly-release event: include: - cron type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: retries: 3 depends_on: [] image_pull_secrets: - gcr - gar kind: pipeline name: rgm-promotion node: type: no-parallel platform: arch: amd64 os: linux services: [] steps: - commands: - 'dagger run --silent /src/grafana-build artifacts -a $${ARTIFACTS} --grafana-ref=$${GRAFANA_REF} --enterprise-ref=$${ENTERPRISE_REF} --grafana-repo=$${GRAFANA_REPO} --version=$${VERSION} ' - --go-version=1.22.4 environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token ALPINE_BASE: alpine:3.19.1 CDN_DESTINATION: from_secret: rgm_cdn_destination DESTINATION: from_secret: destination DOCKER_PASSWORD: from_secret: docker_password DOCKER_USERNAME: from_secret: docker_username DOWNLOADS_DESTINATION: from_secret: rgm_downloads_destination GCOM_API_KEY: from_secret: grafana_api_key GCP_KEY_BASE64: from_secret: gcp_key_base64 GITHUB_TOKEN: from_secret: github_token GO_VERSION: 1.22.4 GPG_PASSPHRASE: from_secret: packages_gpg_passphrase GPG_PRIVATE_KEY: from_secret: packages_gpg_private_key GPG_PUBLIC_KEY: from_secret: packages_gpg_public_key NPM_TOKEN: from_secret: npm_token STORYBOOK_DESTINATION: from_secret: rgm_storybook_destination UBUNTU_BASE: ubuntu:22.04 image: grafana/grafana-build:main name: rgm-build pull: always volumes: - name: docker path: /var/run/docker.sock - commands: - printenv GCP_KEY_BASE64 | base64 -d > /tmp/key.json - gcloud auth activate-service-account --key-file=/tmp/key.json - gcloud storage cp -r dist/* $${UPLOAD_TO} environment: _EXPERIMENTAL_DAGGER_CLOUD_TOKEN: from_secret: dagger_token CDN_DESTINATION: from_secret: rgm_cdn_destination DESTINATION: from_secret: destination DOCKER_PASSWORD: from_secret: docker_password DOCKER_USERNAME: from_secret: docker_username DOWNLOADS_DESTINATION: from_secret: rgm_downloads_destination GCOM_API_KEY: from_secret: grafana_api_key GCP_KEY_BASE64: from_secret: gcp_key_base64 GITHUB_TOKEN: from_secret: github_token GPG_PASSPHRASE: from_secret: packages_gpg_passphrase GPG_PRIVATE_KEY: from_secret: packages_gpg_private_key GPG_PUBLIC_KEY: from_secret: packages_gpg_public_key NPM_TOKEN: from_secret: npm_token STORYBOOK_DESTINATION: from_secret: rgm_storybook_destination image: google/cloud-sdk:alpine name: rgm-copy trigger: event: - promote target: upload-packages type: docker volumes: - host: path: /var/run/docker.sock name: docker --- clone: disable: true depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: testing-test-backend-windows platform: arch: amd64 os: windows version: "1809" services: [] steps: - commands: - git clone "https://$$env:GITHUB_TOKEN@github.com/$$env:DRONE_REPO.git" . - git checkout -f $$env:DRONE_COMMIT environment: GITHUB_TOKEN: from_secret: github_token image: grafana/ci-wix:0.1.1 name: clone - commands: [] depends_on: - clone image: golang:1.22.4-windowsservercore-1809 name: windows-init - commands: - go install github.com/google/wire/cmd/wire@v0.5.0 - wire gen -tags oss ./pkg/server depends_on: - windows-init image: golang:1.22.4-windowsservercore-1809 name: wire-install - commands: - go test -tags requires_buildifer -short -covermode=atomic -timeout=5m ./pkg/... depends_on: - wire-install image: golang:1.22.4-windowsservercore-1809 name: test-backend trigger: event: - promote target: - test-windows type: docker volumes: - host: path: //./pipe/docker_engine/ name: docker --- clone: retries: 3 depends_on: [] environment: EDITION: oss image_pull_secrets: - gcr - gar kind: pipeline name: integration-tests node: type: no-parallel platform: arch: amd64 os: linux services: - environment: PGDATA: /var/lib/postgresql/data/pgdata POSTGRES_DB: grafanatest POSTGRES_PASSWORD: grafanatest POSTGRES_USER: grafanatest image: postgres:12.3-alpine name: postgres volumes: - name: postgres path: /var/lib/postgresql/data/pgdata - commands: - docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci environment: MYSQL_DATABASE: grafana_tests MYSQL_PASSWORD: password MYSQL_ROOT_PASSWORD: rootpass MYSQL_USER: grafana image: mysql:5.7.39 name: mysql57 volumes: - name: mysql57 path: /var/lib/mysql - commands: - docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password environment: MYSQL_DATABASE: grafana_tests MYSQL_PASSWORD: password MYSQL_ROOT_PASSWORD: rootpass MYSQL_USER: grafana image: mysql:8.0.32 name: mysql80 volumes: - name: mysql80 path: /var/lib/mysql - commands: - /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled environment: {} image: grafana/mimir-alpine:r295-a23e559 name: mimir_backend - environment: {} image: redis:6.2.11-alpine name: redis - environment: {} image: memcached:1.6.9-alpine name: memcached steps: - commands: - mkdir -p bin - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl - chmod +x bin/grabpl image: byrnedo/alpine-curl:0.1.8 name: grabpl - commands: - echo $DRONE_RUNNER_NAME image: alpine:3.19.1 name: identify-runner - commands: - '# It is required that code generated from Thema/CUE be committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-cue depends_on: [] image: golang:1.22.4-alpine name: verify-gen-cue - commands: - '# It is required that generated jsonnet is committed and in sync with its inputs.' - '# The following command will fail if running code generators produces any diff in output.' - apk add --update make - CODEGEN_VERIFY=1 make gen-jsonnet depends_on: [] image: golang:1.22.4-alpine name: verify-gen-jsonnet - commands: - apk add --update make - make gen-go depends_on: - verify-gen-cue image: golang:1.22.4-alpine name: wire-install - commands: - dockerize -wait tcp://postgres:5432 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-postgres - commands: - apk add --update build-base - apk add --update postgresql-client - psql -p 5432 -h postgres -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql - go clean -testcache - go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install - wait-for-postgres environment: GRAFANA_TEST_DB: postgres PGPASSWORD: grafanatest POSTGRES_HOST: postgres image: golang:1.22.4-alpine name: postgres-integration-tests - commands: - dockerize -wait tcp://mysql57:3306 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-mysql-5.7 - commands: - apk add --update build-base - apk add --update mysql-client - cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql57 -P 3306 -u root -prootpass - go clean -testcache - go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install - wait-for-mysql-5.7 environment: GRAFANA_TEST_DB: mysql MYSQL_HOST: mysql57 image: golang:1.22.4-alpine name: mysql-5.7-integration-tests - commands: - dockerize -wait tcp://mysql80:3306 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-mysql-8.0 - commands: - apk add --update build-base - apk add --update mysql-client - cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql80 -P 3306 -u root -prootpass - go clean -testcache - go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u) depends_on: - wire-install - wait-for-mysql-8.0 environment: GRAFANA_TEST_DB: mysql MYSQL_HOST: mysql80 image: golang:1.22.4-alpine name: mysql-8.0-integration-tests - commands: - dockerize -wait tcp://redis:6379 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-redis - commands: - apk add --update build-base - go clean -testcache - go list -f '{{.Dir}}/...' -m | xargs go test -run IntegrationRedis -covermode=atomic -timeout=2m depends_on: - wire-install - wait-for-redis environment: REDIS_URL: redis://redis:6379/0 image: golang:1.22.4-alpine name: redis-integration-tests - commands: - dockerize -wait tcp://memcached:11211 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-memcached - commands: - apk add --update build-base - go clean -testcache - go list -f '{{.Dir}}/...' -m | xargs go test -run IntegrationMemcached -covermode=atomic -timeout=2m depends_on: - wire-install - wait-for-memcached environment: MEMCACHED_HOSTS: memcached:11211 image: golang:1.22.4-alpine name: memcached-integration-tests - commands: - dockerize -wait tcp://mimir_backend:8080 -timeout 120s image: jwilder/dockerize:0.6.1 name: wait-for-remote-alertmanager - commands: - apk add --update build-base - go clean -testcache - go test -run TestIntegrationRemoteAlertmanager -covermode=atomic -timeout=2m ./pkg/services/ngalert/... depends_on: - wire-install - wait-for-remote-alertmanager environment: AM_TENANT_ID: test AM_URL: http://mimir_backend:8080 failure: ignore image: golang:1.22.4-alpine name: remote-alertmanager-integration-tests trigger: event: - promote target: integration-tests type: docker volumes: - host: path: /var/run/docker.sock name: docker - name: postgres temp: medium: memory - name: mysql57 temp: medium: memory - name: mysql80 temp: medium: memory --- clone: disable: true depends_on: [] image_pull_secrets: - gcr - gar kind: pipeline name: publish-ci-windows-test-image platform: arch: amd64 os: windows version: "1809" services: [] steps: - commands: - git clone "https://$$env:GITHUB_TOKEN@github.com/grafana/grafana-ci-sandbox.git" . - git checkout -f $$env:DRONE_COMMIT environment: GITHUB_TOKEN: from_secret: github_token image: grafana/ci-wix:0.1.1 name: clone - commands: - cd scripts\build\ci-windows-test - docker login -u $$env:DOCKER_USERNAME -p $$env:DOCKER_PASSWORD - docker build -t grafana/grafana-ci-windows-test:$$env:TAG . - docker push grafana/grafana-ci-windows-test:$$env:TAG environment: DOCKER_PASSWORD: from_secret: docker_password DOCKER_USERNAME: from_secret: docker_username image: docker:windowsservercore-1809 name: build-and-publish volumes: - name: docker path: //./pipe/docker_engine/ trigger: event: - promote target: - ci-windows-test-image type: docker volumes: - host: path: //./pipe/docker_engine/ name: docker --- clone: retries: 3 kind: pipeline name: scan-grafana/grafana:latest-image platform: arch: amd64 os: linux steps: - commands: - echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io environment: GCR_CREDENTIALS: from_secret: gcr_credentials image: docker:dind name: authenticate-gcr volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - commands: - trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest depends_on: - authenticate-gcr image: aquasec/trivy:0.21.0 name: scan-unknown-low-medium-vulnerabilities volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - commands: - trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest depends_on: - authenticate-gcr environment: GOOGLE_APPLICATION_CREDENTIALS: from_secret: gcr_credentials_json image: aquasec/trivy:0.21.0 name: scan-high-critical-vulnerabilities volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - image: plugins/slack name: slack-notify-failure settings: channel: grafana-backend-ops template: 'Nightly docker image scan job for grafana/grafana:latest failed: {{build.link}}' webhook: from_secret: slack_webhook_backend when: status: failure trigger: cron: nightly event: cron type: docker volumes: - host: path: /var/run/docker.sock name: docker - name: config temp: {} --- clone: retries: 3 kind: pipeline name: scan-grafana/grafana:main-image platform: arch: amd64 os: linux steps: - commands: - echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io environment: GCR_CREDENTIALS: from_secret: gcr_credentials image: docker:dind name: authenticate-gcr volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - commands: - trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main depends_on: - authenticate-gcr image: aquasec/trivy:0.21.0 name: scan-unknown-low-medium-vulnerabilities volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - commands: - trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main depends_on: - authenticate-gcr environment: GOOGLE_APPLICATION_CREDENTIALS: from_secret: gcr_credentials_json image: aquasec/trivy:0.21.0 name: scan-high-critical-vulnerabilities volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - image: plugins/slack name: slack-notify-failure settings: channel: grafana-backend-ops template: 'Nightly docker image scan job for grafana/grafana:main failed: {{build.link}}' webhook: from_secret: slack_webhook_backend when: status: failure trigger: cron: nightly event: cron type: docker volumes: - host: path: /var/run/docker.sock name: docker - name: config temp: {} --- clone: retries: 3 kind: pipeline name: scan-grafana/grafana:latest-ubuntu-image platform: arch: amd64 os: linux steps: - commands: - echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io environment: GCR_CREDENTIALS: from_secret: gcr_credentials image: docker:dind name: authenticate-gcr volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - commands: - trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest-ubuntu depends_on: - authenticate-gcr image: aquasec/trivy:0.21.0 name: scan-unknown-low-medium-vulnerabilities volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - commands: - trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest-ubuntu depends_on: - authenticate-gcr environment: GOOGLE_APPLICATION_CREDENTIALS: from_secret: gcr_credentials_json image: aquasec/trivy:0.21.0 name: scan-high-critical-vulnerabilities volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - image: plugins/slack name: slack-notify-failure settings: channel: grafana-backend-ops template: 'Nightly docker image scan job for grafana/grafana:latest-ubuntu failed: {{build.link}}' webhook: from_secret: slack_webhook_backend when: status: failure trigger: cron: nightly event: cron type: docker volumes: - host: path: /var/run/docker.sock name: docker - name: config temp: {} --- clone: retries: 3 kind: pipeline name: scan-grafana/grafana:main-ubuntu-image platform: arch: amd64 os: linux steps: - commands: - echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io environment: GCR_CREDENTIALS: from_secret: gcr_credentials image: docker:dind name: authenticate-gcr volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - commands: - trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main-ubuntu depends_on: - authenticate-gcr image: aquasec/trivy:0.21.0 name: scan-unknown-low-medium-vulnerabilities volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - commands: - trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main-ubuntu depends_on: - authenticate-gcr environment: GOOGLE_APPLICATION_CREDENTIALS: from_secret: gcr_credentials_json image: aquasec/trivy:0.21.0 name: scan-high-critical-vulnerabilities volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - image: plugins/slack name: slack-notify-failure settings: channel: grafana-backend-ops template: 'Nightly docker image scan job for grafana/grafana:main-ubuntu failed: {{build.link}}' webhook: from_secret: slack_webhook_backend when: status: failure trigger: cron: nightly event: cron type: docker volumes: - host: path: /var/run/docker.sock name: docker - name: config temp: {} --- clone: retries: 3 kind: pipeline name: scan-build-test-and-publish-docker-images platform: arch: amd64 os: linux steps: - commands: - echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io environment: GCR_CREDENTIALS: from_secret: gcr_credentials image: docker:dind name: authenticate-gcr volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - commands: - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM alpine/git:2.40.1 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM golang:1.22.4-alpine - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM node:20.9.0-alpine - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM node:20-bookworm - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM google/cloud-sdk:431.0.0 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana-ci-deploy:1.3.3 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM alpine:3.19.1 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM ubuntu:22.04 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM byrnedo/alpine-curl:0.1.8 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM plugins/slack - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM python:3.8 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM postgres:12.3-alpine - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/mimir-alpine:r295-a23e559 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM mysql:5.7.39 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM mysql:8.0.32 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM redis:6.2.11-alpine - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM memcached:1.6.9-alpine - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM us.gcr.io/kubernetes-dev/package-publish:latest - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM osixia/openldap:1.4.0 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/drone-downstream - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/docker-puppeteer:1.1.0 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/docs-base:latest - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM cypress/included:13.10.0 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM jwilder/dockerize:0.6.1 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM koalaman/shellcheck:stable depends_on: - authenticate-gcr image: aquasec/trivy:0.21.0 name: scan-unknown-low-medium-vulnerabilities volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - commands: - trivy --exit-code 1 --severity HIGH,CRITICAL alpine/git:2.40.1 - trivy --exit-code 1 --severity HIGH,CRITICAL golang:1.22.4-alpine - trivy --exit-code 1 --severity HIGH,CRITICAL node:20.9.0-alpine - trivy --exit-code 1 --severity HIGH,CRITICAL node:20-bookworm - trivy --exit-code 1 --severity HIGH,CRITICAL google/cloud-sdk:431.0.0 - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana-ci-deploy:1.3.3 - trivy --exit-code 1 --severity HIGH,CRITICAL alpine:3.19.1 - trivy --exit-code 1 --severity HIGH,CRITICAL ubuntu:22.04 - trivy --exit-code 1 --severity HIGH,CRITICAL byrnedo/alpine-curl:0.1.8 - trivy --exit-code 1 --severity HIGH,CRITICAL plugins/slack - trivy --exit-code 1 --severity HIGH,CRITICAL python:3.8 - trivy --exit-code 1 --severity HIGH,CRITICAL postgres:12.3-alpine - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/mimir-alpine:r295-a23e559 - trivy --exit-code 1 --severity HIGH,CRITICAL mysql:5.7.39 - trivy --exit-code 1 --severity HIGH,CRITICAL mysql:8.0.32 - trivy --exit-code 1 --severity HIGH,CRITICAL redis:6.2.11-alpine - trivy --exit-code 1 --severity HIGH,CRITICAL memcached:1.6.9-alpine - trivy --exit-code 1 --severity HIGH,CRITICAL us.gcr.io/kubernetes-dev/package-publish:latest - trivy --exit-code 1 --severity HIGH,CRITICAL osixia/openldap:1.4.0 - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/drone-downstream - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/docker-puppeteer:1.1.0 - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/docs-base:latest - trivy --exit-code 1 --severity HIGH,CRITICAL cypress/included:13.10.0 - trivy --exit-code 1 --severity HIGH,CRITICAL jwilder/dockerize:0.6.1 - trivy --exit-code 1 --severity HIGH,CRITICAL koalaman/shellcheck:stable depends_on: - authenticate-gcr environment: GOOGLE_APPLICATION_CREDENTIALS: from_secret: gcr_credentials_json image: aquasec/trivy:0.21.0 name: scan-high-critical-vulnerabilities volumes: - name: docker path: /var/run/docker.sock - name: config path: /root/.docker/ - image: plugins/slack name: slack-notify-failure settings: channel: grafana-backend-ops template: 'Nightly docker image scan job for build-images failed: {{build.link}}' webhook: from_secret: slack_webhook_backend when: status: failure trigger: cron: nightly event: cron type: docker volumes: - host: path: /var/run/docker.sock name: docker - name: config temp: {} --- get: name: credentials.json path: infra/data/ci/grafana-release-eng/grafanauploads kind: secret name: gcp_grafanauploads --- get: name: credentials_base64 path: infra/data/ci/grafana-release-eng/grafanauploads kind: secret name: gcp_grafanauploads_base64 --- get: name: api_key path: infra/data/ci/grafana-release-eng/grafanacom kind: secret name: grafana_api_key --- get: name: .dockerconfigjson path: secret/data/common/gcr kind: secret name: gcr --- get: name: .dockerconfigjson path: secret/data/common/gar kind: secret name: gar --- get: name: pat path: infra/data/ci/github/grafanabot kind: secret name: github_token --- get: name: machine-user-token path: infra/data/ci/drone kind: secret name: drone_token --- get: name: bucket path: infra/data/ci/grafana/prerelease kind: secret name: prerelease_bucket --- get: name: username path: infra/data/ci/grafanaci-docker-hub kind: secret name: docker_username --- get: name: password path: infra/data/ci/grafanaci-docker-hub kind: secret name: docker_password --- get: name: credentials.json path: infra/data/ci/grafana/releng/artifacts-uploader-service-account kind: secret name: gcp_upload_artifacts_key --- get: name: credentials.json path: infra/data/ci/grafana/assets-downloader-build-container-service-account kind: secret name: gcp_download_build_container_assets_key --- get: name: application_id path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials kind: secret name: azure_sp_app_id --- get: name: application_secret path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials kind: secret name: azure_sp_app_pw --- get: name: tenant_id path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials kind: secret name: azure_tenant --- get: name: token path: infra/data/ci/grafana-release-eng/npm kind: secret name: npm_token --- get: name: public-key-b64 path: infra/data/ci/packages-publish/gpg kind: secret name: packages_gpg_public_key --- get: name: private-key-b64 path: infra/data/ci/packages-publish/gpg kind: secret name: packages_gpg_private_key --- get: name: passphrase path: infra/data/ci/packages-publish/gpg kind: secret name: packages_gpg_passphrase --- get: name: credentials.json path: infra/data/ci/packages-publish/service-account kind: secret name: packages_service_account --- get: name: AccessID path: infra/data/ci/packages-publish/bucket-credentials kind: secret name: packages_access_key_id --- get: name: Secret path: infra/data/ci/packages-publish/bucket-credentials kind: secret name: packages_secret_access_key --- get: name: static_asset_editions path: infra/data/ci/grafana-release-eng/artifact-publishing kind: secret name: static_asset_editions --- get: name: gcp_service_account_prod_base64 path: infra/data/ci/grafana-release-eng/rgm kind: secret name: gcp_key_base64 --- get: name: destination_prod path: infra/data/ci/grafana-release-eng/rgm kind: secret name: destination --- get: name: storybook_destination path: infra/data/ci/grafana-release-eng/rgm kind: secret name: rgm_storybook_destination --- get: name: cdn_destination path: infra/data/ci/grafana-release-eng/rgm kind: secret name: rgm_cdn_destination --- get: name: downloads_destination path: infra/data/ci/grafana-release-eng/rgm kind: secret name: rgm_downloads_destination --- get: name: dagger_token path: infra/data/ci/grafana-release-eng/rgm kind: secret name: dagger_token --- get: name: app-id path: infra/data/ci/grafana-release-eng/grafana-delivery-bot kind: secret name: delivery-bot-app-id --- get: name: app-installation-id path: infra/data/ci/grafana-release-eng/grafana-delivery-bot kind: secret name: delivery-bot-app-installation-id --- get: name: app-private-key path: infra/data/ci/grafana-release-eng/grafana-delivery-bot kind: secret name: delivery-bot-app-private-key --- get: name: service-account path: secret/data/common/gcr kind: secret name: gcr_credentials --- kind: signature hmac: 33b84712df805ae55115bdfedc6c40f71c75e7d6065656b49295b0f78f47bb9d ...