IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Only run workflows if they might be able to work (#63164)

Browse Source
This commit is contained in:
Josh Soref 2023-07-28 05:01:14 -04:00 committed by GitHub
parent e6fe34c62c
commit 234b5c8c21
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 185 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/backport.yml vendored
View File

@ -7,6 +7,7 @@ on:
jobs: jobs:
main: main:
if: github.repository == 'grafana/grafana'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Actions - name: Checkout Actions

1
.github/workflows/bump-version.yml vendored
View File

@ -9,6 +9,7 @@ env:
YARN_ENABLE_IMMUTABLE_INSTALLS: false YARN_ENABLE_IMMUTABLE_INSTALLS: false
jobs: jobs:
main: main:
if: github.repository == 'grafana/grafana'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
# This is a basic workflow to help you get started with Actions # This is a basic workflow to help you get started with Actions

1
.github/workflows/close-milestone.yml vendored
View File

@ -14,6 +14,7 @@ on:
jobs: jobs:
main: main:
if: github.repository == 'grafana/grafana'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Actions - name: Checkout Actions

3
.github/workflows/codeql-analysis.yml vendored
View File

@ -18,6 +18,9 @@ on:
schedule: schedule:
- cron: '0 4 * * 6' - cron: '0 4 * * 6'
permissions:
security-events: write
jobs: jobs:
analyze: analyze:
name: Analyze name: Analyze

15
.github/workflows/commands.yml vendored
View File

@ -7,7 +7,22 @@ on:
concurrency: concurrency:
group: issue-commands-${{ github.event.issue.number }} group: issue-commands-${{ github.event.issue.number }}
jobs: jobs:
config:
runs-on: "ubuntu-latest"
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.GRAFANA_MISC_STATS_API_KEY != '' && secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
fi
main: main:
needs: config
if: needs.config.outputs.has-secrets
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Actions - name: Checkout Actions

20
.github/workflows/detect-breaking-changes-report.yml vendored
View File

@ -15,6 +15,11 @@ jobs:
env: env:
ARTIFACT_NAME: 'levitate' # The name of the artifact that we would like to download ARTIFACT_NAME: 'levitate' # The name of the artifact that we would like to download
ARTIFACT_FOLDER: '${{ github.workspace }}/tmp' # The name of the folder where we will download the artifact to ARTIFACT_FOLDER: '${{ github.workspace }}/tmp' # The name of the folder where we will download the artifact to
permissions:
contents: write
issues: write
pull-requests: write
artifacts: read
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
@ -119,7 +124,7 @@ jobs:
# Posts a notification to Slack if a PR has a breaking change and it did not have a breaking change before # Posts a notification to Slack if a PR has a breaking change and it did not have a breaking change before
- name: Post to Slack - name: Post to Slack
id: slack id: slack
if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && steps.levitate-run.outputs.shouldSkip != 'true' if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && steps.levitate-run.outputs.shouldSkip != 'true' && env.HAS_SECRETS
uses: slackapi/slack-github-action@v1.24.0 uses: slackapi/slack-github-action@v1.24.0
with: with:
payload: | payload: |
@ -132,13 +137,15 @@ jobs:
} }
env: env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_LEVITATE_WEBHOOK_URL }} SLACK_WEBHOOK_URL: ${{ secrets.SLACK_LEVITATE_WEBHOOK_URL }}
HAS_SECRETS: ${{ (github.repository == "grafana/grafana" || secrets.SLACK_LEVITATE_WEBHOOK_URL != '') || '' }}
# Add the label # Add the label
- name: Add "levitate breaking change" label - name: Add "levitate breaking change" label
if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && steps.levitate-run.outputs.shouldSkip != 'true' if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && steps.levitate-run.outputs.shouldSkip != 'true' && env.HAS_SECRETS
uses: actions/github-script@v6 uses: actions/github-script@v6
env: env:
PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }} PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
HAS_SECRETS: ${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }}
script: | script: |
@ -151,10 +158,11 @@ jobs:
# Remove label (no more breaking changes) # Remove label (no more breaking changes)
- name: Remove "levitate breaking change" label - name: Remove "levitate breaking change" label
if: steps.levitate-run.outputs.exit_code == 0 && steps.does-label-exist.outputs.result == 1 && steps.levitate-run.outputs.shouldSkip != 'true' if: steps.levitate-run.outputs.exit_code == 0 && steps.does-label-exist.outputs.result == 1 && steps.levitate-run.outputs.shouldSkip != 'true' && env.HAS_SECRETS
uses: actions/github-script@v6 uses: actions/github-script@v6
env: env:
PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }} PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
HAS_SECRETS: ${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }}
script: | script: |
@ -169,10 +177,11 @@ jobs:
# This is very weird, the actual request goes through (comes back with a 201), but does not assign the team. # This is very weird, the actual request goes through (comes back with a 201), but does not assign the team.
# Related issue: https://github.com/renovatebot/renovate/issues/1908 # Related issue: https://github.com/renovatebot/renovate/issues/1908
- name: Add "grafana/plugins-platform-frontend" as a reviewer - name: Add "grafana/plugins-platform-frontend" as a reviewer
if: steps.levitate-run.outputs.exit_code && steps.levitate-run.outputs.shouldSkip != 'true' if: steps.levitate-run.outputs.exit_code && steps.levitate-run.outputs.shouldSkip != 'true' && env.HAS_SECRETS
uses: actions/github-script@v6 uses: actions/github-script@v6
env: env:
PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }} PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
HAS_SECRETS: ${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }}
script: | script: |
@ -186,10 +195,11 @@ jobs:
# Remove reviewers (no more breaking changes) # Remove reviewers (no more breaking changes)
- name: Remove "grafana/plugins-platform-frontend" from the list of reviewers - name: Remove "grafana/plugins-platform-frontend" from the list of reviewers
if: steps.levitate-run.outputs.exit_code == 0 && steps.levitate-run.outputs.shouldSkip != 'true' if: steps.levitate-run.outputs.exit_code == 0 && steps.levitate-run.outputs.shouldSkip != 'true' && env.HAS_SECRETS
uses: actions/github-script@v6 uses: actions/github-script@v6
env: env:
PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }} PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
HAS_SECRETS: ${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }}
script: | script: |

28
.github/workflows/epic-add-to-platform-ux-parent-project.yml vendored
View File

@ -5,21 +5,35 @@ on:
types: [opened, closed, edited, reopened, assigned, unassigned, labeled, unlabeled] types: [opened, closed, edited, reopened, assigned, unassigned, labeled, unlabeled]
labels: labels:
- 'type/epic' - 'type/epic'
env: env:
GITHUB_TOKEN: ${{ secrets.GH_BOT_PROJECTS_ACCESS_TOKEN }} GH_TOKEN: ${{ secrets.GH_BOT_PROJECTS_ACCESS_TOKEN }}
ORGANIZATION: ${{ github.repository_owner }} ORGANIZATION: ${{ github.repository_owner }}
REPO: ${{ github.event.repository.name }} REPO: ${{ github.event.repository.name }}
PARENT_PROJECT: 304 PARENT_PROJECT: 304
CHILD_PROJECT_1: 78 CHILD_PROJECT_1: 78
CHILD_PROJECT_2: 111 CHILD_PROJECT_2: 111
CHILD_PROJECT_3: 202 CHILD_PROJECT_3: 202
concurrency: concurrency:
group: issue-add-to-parent-project-${{ github.event.number }} group: issue-add-to-parent-project-${{ github.event.number }}
jobs: jobs:
config:
runs-on: "ubuntu-latest"
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.GH_BOT_PROJECTS_ACCESS_TOKEN != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
fi
main: main:
if: contains(github.event.issue.labels.*.name, 'type/epic') needs: config
if: needs.config.outputs.has-secrets && contains(github.event.issue.labels.*.name, 'type/epic')
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check if issue is in child or parent projects - name: Check if issue is in child or parent projects
@ -46,7 +60,7 @@ jobs:
} }
} }
}' -f org=$ORGANIZATION -f repo=$REPO > projects_data.json }' -f org=$ORGANIZATION -f repo=$REPO > projects_data.json
echo 'IN_PARENT_PROJ='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | .project != null' projects_data.json) >> $GITHUB_ENV echo 'IN_PARENT_PROJ='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | .project != null' projects_data.json) >> $GITHUB_ENV
echo 'PARENT_PROJ_STATUS_ID='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | select(.fieldValueByName != null) | .fieldValueByName.optionId' projects_data.json) >> $GITHUB_ENV echo 'PARENT_PROJ_STATUS_ID='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | select(.fieldValueByName != null) | .fieldValueByName.optionId' projects_data.json) >> $GITHUB_ENV
echo 'ITEM_ID='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | .id' projects_data.json) >> $GITHUB_ENV echo 'ITEM_ID='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | .id' projects_data.json) >> $GITHUB_ENV
@ -96,7 +110,7 @@ jobs:
} }
} }
}' -f project=$PROJECT_ID -f issue=${{ github.event.issue.node_id }} --jq '.data.addProjectV2ItemById.item.id')" }' -f project=$PROJECT_ID -f issue=${{ github.event.issue.node_id }} --jq '.data.addProjectV2ItemById.item.id')"
echo 'ITEM_ID='$item_id >> $GITHUB_ENV echo 'ITEM_ID='$item_id >> $GITHUB_ENV
- name: Set parent project status Done - name: Set parent project status Done
if: contains(env.CHILD_PROJ_STATUS, 'Done') if: contains(env.CHILD_PROJ_STATUS, 'Done')
@ -124,7 +138,7 @@ jobs:
projectId: $project projectId: $project
itemId: $item itemId: $item
fieldId: $status_field fieldId: $status_field
value: { value: {
singleSelectOptionId: $status_value singleSelectOptionId: $status_value
} }
}) { }) {

15
.github/workflows/github-release.yml vendored
View File

@ -9,7 +9,22 @@ on:
required: false required: false
description: Mark this release as latest (`1`) or not (`0`, default) description: Mark this release as latest (`1`) or not (`0`, default)
jobs: jobs:
config:
runs-on: "ubuntu-latest"
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.GRAFANA_MISC_STATS_API_KEY != '' && secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
fi
main: main:
needs: config
if: needs.config.outputs.has-secrets
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: "Generate token" - name: "Generate token"

15
.github/workflows/issue-labeled.yml vendored
View File

@ -5,7 +5,22 @@ on:
types: [labeled] types: [labeled]
jobs: jobs:
config:
runs-on: "ubuntu-latest"
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.SLACK_WEBHOOK_URL != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
fi
notify: notify:
needs: config
if: needs.config.outputs.has-secrets
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: "Download teams.yml to know which label is for which team" - name: "Download teams.yml to know which label is for which team"

15
.github/workflows/metrics-collector.yml vendored
View File

@ -16,7 +16,22 @@ on:
types: [opened, closed] types: [opened, closed]
jobs: jobs:
config:
runs-on: "ubuntu-latest"
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.GRAFANA_MISC_STATS_API_KEY != '' && secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
fi
main: main:
needs: config
if: needs.config.outputs.has-secrets
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Actions - name: Checkout Actions

16
.github/workflows/milestone.yml vendored
View File

@ -6,12 +6,28 @@ on:
description: 'The version to be released please respect: major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. example: 7.4.3, 7.4.3-preview or 7.4.3-preview1' description: 'The version to be released please respect: major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. example: 7.4.3, 7.4.3-preview or 7.4.3-preview1'
required: true required: true
jobs: jobs:
config:
runs-on: "ubuntu-latest"
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
fi
call-remove-milestone: call-remove-milestone:
needs: config
if: needs.config.outputs.has-secrets
uses: grafana/grafana/.github/workflows/remove-milestone.yml@main uses: grafana/grafana/.github/workflows/remove-milestone.yml@main
with: with:
version_call: ${{ github.event.inputs.version_input }} version_call: ${{ github.event.inputs.version_input }}
secrets: inherit secrets: inherit
call-close-milestone: call-close-milestone:
if: needs.config.outputs.has-secrets
uses: grafana/grafana/.github/workflows/close-milestone.yml@main uses: grafana/grafana/.github/workflows/close-milestone.yml@main
with: with:
version_call: ${{ github.event.inputs.version_input }} version_call: ${{ github.event.inputs.version_input }}

5
.github/workflows/pr-checks.yml vendored
View File

@ -15,8 +15,13 @@ on:
- demilestoned - demilestoned
concurrency: concurrency:
group: pr-checks-${{ github.event.number }} group: pr-checks-${{ github.event.number }}
permissions:
contents: write
jobs: jobs:
main: main:
permissions:
actions: write
contents: read
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.event.pull_request.draft == false if: github.event.pull_request.draft == false
steps: steps:

3
.github/workflows/pr-codeql-analysis-go.yml vendored
View File

@ -7,6 +7,9 @@ on:
paths: paths:
- '**/*.go' - '**/*.go'
permissions:
security-events: write
jobs: jobs:
analyze: analyze:
name: Analyze name: Analyze

3
.github/workflows/pr-codeql-analysis-javascript.yml vendored
View File

@ -9,6 +9,9 @@ on:
- '**/*.ts' - '**/*.ts'
- '**/*.tsx' - '**/*.tsx'
permissions:
security-events: write
jobs: jobs:
analyze: analyze:
name: Analyze name: Analyze

3
.github/workflows/pr-codeql-analysis-python.yml vendored
View File

@ -7,6 +7,9 @@ on:
paths: paths:
- '**/*.py' - '**/*.py'
permissions:
security-events: write
jobs: jobs:
analyze: analyze:
name: Analyze name: Analyze

6
.github/workflows/pr-commands-closed.yml vendored
View File

@ -2,11 +2,13 @@ name: Run when PRs are closed
on: on:
pull_request: pull_request:
types: types:
- closed - closed
concurrency: concurrency:
group: pr-commands-closed-${{ github.event.number }} group: pr-commands-closed-${{ github.event.number }}
jobs: jobs:
close_job: close_job:
permissions:
pull-requests: write
# this job will only run if the PR has been closed without being merged # this job will only run if the PR has been closed without being merged
if: github.event.pull_request.merged == false if: github.event.pull_request.merged == false
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -15,4 +17,4 @@ jobs:
echo PR #${{ github.event.number }} has been closed without being merged, removing milestone. echo PR #${{ github.event.number }} has been closed without being merged, removing milestone.
gh pr edit ${{ github.event.number }} --milestone "" --repo $GITHUB_REPOSITORY gh pr edit ${{ github.event.number }} --milestone "" --repo $GITHUB_REPOSITORY
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

15
.github/workflows/pr-commands.yml vendored
View File

@ -8,7 +8,22 @@ on:
concurrency: concurrency:
group: pr-commands-${{ github.event.number }} group: pr-commands-${{ github.event.number }}
jobs: jobs:
config:
runs-on: "ubuntu-latest"
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.GRAFANA_MISC_STATS_API_KEY != '' && secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
fi
main: main:
needs: config
if: needs.config.outputs.has-secrets
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Actions - name: Checkout Actions

2
.github/workflows/publish-technical-documentation-next.yml vendored
View File

@ -9,7 +9,7 @@ on:
workflow_dispatch: workflow_dispatch:
jobs: jobs:
sync: sync:
if: "github.repository == 'grafana/grafana'" if: github.repository == 'grafana/grafana'
runs-on: "ubuntu-latest" runs-on: "ubuntu-latest"
steps: steps:
- name: "Checkout Grafana repo" - name: "Checkout Grafana repo"

2
.github/workflows/publish-technical-documentation-release.yml vendored
View File

@ -11,7 +11,7 @@ on:
workflow_dispatch: workflow_dispatch:
jobs: jobs:
sync: sync:
if: "github.repository == 'grafana/grafana'" if: github.repository == 'grafana/grafana'
runs-on: "ubuntu-latest" runs-on: "ubuntu-latest"
steps: steps:
- name: "Checkout Grafana repo" - name: "Checkout Grafana repo"

17
.github/workflows/remove-milestone.yml vendored
View File

@ -13,7 +13,24 @@ on:
type: string type: string
jobs: jobs:
config:
runs-on: "ubuntu-latest"
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
fi
main: main:
needs: config
if: needs.config.outputs.has-secrets
permissions:
issues: write
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Actions - name: Checkout Actions

15
.github/workflows/stale.yml vendored
View File

@ -7,7 +7,22 @@ permissions:
pull-requests: write pull-requests: write
jobs: jobs:
config:
runs-on: "ubuntu-latest"
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
fi
stale: stale:
needs: config
if: needs.config.outputs.has-secrets
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/stale@v8 - uses: actions/stale@v8