grafana/.drone.yml
Kevin Minehart 6669d0a704
CI: Update secret refs to vault ones; update downstream repo origin (#72515)
Update secret refs to vault ones; update downstream repo origin
2023-07-28 20:36:31 +03:00

4562 lines
114 KiB
YAML

---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: pr-verify-drone
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- ./bin/build verify-drone
depends_on:
- compile-build-cmd
image: byrnedo/alpine-curl:0.1.8
name: lint-drone
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- scripts/drone/**
- .drone.yml
- .drone.star
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: pr-verify-starlark
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- ./bin/build verify-starlark .
depends_on:
- compile-build-cmd
image: grafana/build-container:1.7.5
name: lint-starlark
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- scripts/drone/**
- .drone.star
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: pr-test-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- yarn betterer ci
depends_on:
- yarn-install
image: grafana/build-container:1.7.5
name: betterer-frontend
- commands:
- is_fork=$(curl "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST"
| jq .head.repo.fork)
- if [ "$is_fork" != false ]; then return 1; fi
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: grafana/build-container:1.7.5
name: clone-enterprise
- commands:
- yarn run ci:test-frontend
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: grafana/build-container:1.7.5
name: test-frontend
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
- pkg/**
- packaging/**
- go.sum
- go.mod
include: []
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: pr-lint-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- is_fork=$(curl "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST"
| jq .head.repo.fork)
- if [ "$is_fork" != false ]; then return 1; fi
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: grafana/build-container:1.7.5
name: clone-enterprise
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- yarn run prettier:check
- yarn run lint
- yarn run typecheck
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: grafana/build-container:1.7.5
name: lint-frontend
- commands:
- |-
yarn run i18n:extract || (echo "
Extraction failed. Make sure that you have no dynamic translation phrases, such as 't(\`preferences.theme.\$${themeID}\`, themeName)' and that no translation key is used twice. Search the output for '[warning]' to find the offending file." && false)
- "\n file_diff=$(git diff --dirstat public/locales)\n if
[ -n \"$file_diff\" ]; then\n echo $file_diff\n echo
\"\nTranslation extraction has not been committed. Please run 'yarn i18n:extract',
commit the changes and push again.\"\n exit 1\n fi\n
\ "
- yarn run i18n:compile
depends_on:
- yarn-install
image: grafana/build-container:1.7.5
name: verify-i18n
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
- pkg/**
- packaging/**
- go.sum
- go.mod
include: []
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: pr-test-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- is_fork=$(curl "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST"
| jq .head.repo.fork)
- if [ "$is_fork" != false ]; then return 1; fi
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: grafana/build-container:1.7.5
name: clone-enterprise
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-jsonnet
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- go test -tags requires_buildifer -short -covermode=atomic -timeout=5m ./pkg/...
depends_on:
- wire-install
image: grafana/build-container:1.7.5
name: test-backend
- commands:
- go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
image: grafana/build-container:1.7.5
name: test-backend-integration
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- pkg/**
- packaging/**
- .drone.yml
- conf/**
- go.sum
- go.mod
- public/app/plugins/**/plugin.json
- devenv/**
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: pr-lint-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- is_fork=$(curl "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST"
| jq .head.repo.fork)
- if [ "$is_fork" != false ]; then return 1; fi
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: grafana/build-container:1.7.5
name: clone-enterprise
- commands:
- make gen-go
depends_on: []
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- apt-get update && apt-get install make
- make lint-go
depends_on:
- wire-install
environment:
CGO_ENABLED: "1"
image: golang:1.20.6
name: lint-backend
- commands:
- go run scripts/modowners/modowners.go check go.mod
image: golang:1.20.6
name: validate-modfile
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- pkg/**
- packaging/**
- .drone.yml
- conf/**
- go.sum
- go.mod
- public/app/plugins/**/plugin.json
- devenv/**
- .bingo/**
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: pr-build-e2e
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-jsonnet
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
--depth=1
- cd grafana-enterprise
- git fetch origin "refs/tags/*:refs/tags/*" --quiet
- if git show-ref --tags $${TEST_TAG} --quiet; then git tag -d $${TEST_TAG} && git
push --delete origin $${TEST_TAG}; fi
- git tag $${TEST_TAG} && git push origin $${TEST_TAG}
- cd -
- git fetch https://$${GITHUB_TOKEN}@github.com/grafana/grafana.git "refs/tags/*:refs/tags/*"
--quiet && git fetch --quiet
- if git show-ref --tags $${TEST_TAG} --quiet; then git tag -d $${TEST_TAG} && git
push --delete https://$${GITHUB_TOKEN}@github.com/grafana/grafana.git $${TEST_TAG};
fi
- git tag $${TEST_TAG} && git push https://$${GITHUB_TOKEN}@github.com/grafana/grafana.git
$${TEST_TAG}
environment:
GITHUB_TOKEN:
from_secret: github_token_pr
TEST_TAG: v0.0.0-test
failure: ignore
image: grafana/build-container:1.7.5
name: trigger-test-release
when:
branch: main
paths:
include:
- .drone.yml
- pkg/build/**
repo:
- grafana/grafana
- failure: ignore
image: grafana/drone-downstream
name: trigger-enterprise-downstream
settings:
params:
- SOURCE_BUILD_NUMBER=${DRONE_COMMIT}
- SOURCE_COMMIT=${DRONE_COMMIT}
- OSS_PULL_REQUEST=${DRONE_PULL_REQUEST}
repositories:
- grafana/grafana-enterprise@${DRONE_SOURCE_BRANCH}
server: https://drone.grafana.net
token:
from_secret: drone_token
- commands:
- ./bin/build build-backend --jobs 8 --edition oss --build-id ${DRONE_BUILD_NUMBER}
depends_on:
- wire-install
- compile-build-cmd
image: grafana/build-container:1.7.5
name: build-backend
- commands:
- ./bin/build build-frontend --jobs 8 --edition oss--build-id ${DRONE_BUILD_NUMBER}
depends_on:
- compile-build-cmd
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: grafana/build-container:1.7.5
name: build-frontend
- commands:
- ./bin/build build-frontend-packages --jobs 8 --edition oss--build-id ${DRONE_BUILD_NUMBER}
- yarn packages:pack
- ./scripts/validate-npm-packages.sh
depends_on:
- compile-build-cmd
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: grafana/build-container:1.7.5
name: build-frontend-packages
- commands:
- ./bin/build build-plugins --jobs 8 --edition oss
depends_on:
- compile-build-cmd
- yarn-install
environment: null
image: grafana/build-container:1.7.5
name: build-plugins
- commands:
- . scripts/build/gpg-test-vars.sh && ./bin/build package --jobs 8 --edition oss
--build-id ${DRONE_BUILD_NUMBER}
depends_on:
- build-plugins
- build-backend
- build-frontend
- build-frontend-packages
environment: null
image: grafana/build-container:1.7.5
name: package
- commands:
- ./scripts/grafana-server/start-server
depends_on:
- build-plugins
- build-backend
- build-frontend
- build-frontend-packages
detach: true
environment:
ARCH: linux-amd64
PORT: 3001
image: grafana/build-container:1.7.5
name: grafana-server
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite dashboards-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-dashboards-suite
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite smoke-tests-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-smoke-tests-suite
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite panels-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-panels-suite
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite various-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-various-suite
- commands:
- cd /
- ./cpp-e2e/scripts/ci-run.sh azure ${DRONE_SOURCE_BRANCH}
depends_on:
- grafana-server
environment:
AZURE_SP_APP_ID:
from_secret: azure_sp_app_id
AZURE_SP_PASSWORD:
from_secret: azure_sp_app_pw
AZURE_TENANT:
from_secret: azure_tenant
CYPRESS_CI: "true"
GITHUB_TOKEN:
from_secret: github_token_pr
HOST: grafana-server
image: us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e:latest
name: end-to-end-tests-cloud-plugins-suite-azure
when:
paths:
include:
- pkg/tsdb/azuremonitor/**
- public/app/plugins/datasource/azuremonitor/**
- e2e/cloud-plugins-suite/azure-monitor.spec.ts
repo:
- grafana/grafana
- commands:
- apt-get update
- apt-get install -yq zip
- printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json
- gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json
- find ./e2e -type f -name "*spec.ts.mp4" | zip e2e/videos.zip -@
- gsutil cp e2e/videos.zip gs://$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- export E2E_ARTIFACTS_VIDEO_ZIP=https://storage.googleapis.com/$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- 'echo "E2E Test artifacts uploaded to: $${E2E_ARTIFACTS_VIDEO_ZIP}"'
- 'curl -X POST https://api.github.com/repos/${DRONE_REPO}/statuses/${DRONE_COMMIT_SHA}
-H "Authorization: token $${GITHUB_TOKEN}" -d "{\"state\":\"success\",\"target_url\":\"$${E2E_ARTIFACTS_VIDEO_ZIP}\",
\"description\": \"Click on the details to download e2e recording videos\", \"context\":
\"e2e_artifacts\"}"'
depends_on:
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
environment:
E2E_TEST_ARTIFACTS_BUCKET: releng-pipeline-artifacts-dev
GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY:
from_secret: gcp_upload_artifacts_key
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: google/cloud-sdk:431.0.0
name: e2e-tests-artifacts-upload
when:
status:
- success
- failure
- commands:
- yarn storybook:build
- ./bin/build verify-storybook
depends_on:
- build-frontend
- build-frontend-packages
environment:
NODE_OPTIONS: --max_old_space_size=4096
image: grafana/build-container:1.7.5
name: build-storybook
when:
paths:
include:
- packages/grafana-ui/**
- commands:
- ls dist/*.tar.gz*
- cp dist/*.tar.gz* packaging/docker/
depends_on:
- package
image: grafana/build-container:1.7.5
name: copy-packages-for-docker
- commands:
- yarn wait-on http://$HOST:$PORT
- pa11y-ci --config .pa11yci-pr.conf.js
depends_on:
- grafana-server
environment:
GRAFANA_MISC_STATS_API_KEY:
from_secret: grafana_misc_stats_api_key
HOST: grafana-server
PORT: 3001
failure: always
image: grafana/docker-puppeteer:1.1.0
name: test-a11y-frontend
- commands:
- ./bin/build build-docker --edition oss -archs amd64
depends_on:
- copy-packages-for-docker
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
image: google/cloud-sdk:431.0.0
name: build-docker-images
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/build build-docker --edition oss --ubuntu -archs amd64
depends_on:
- copy-packages-for-docker
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
image: google/cloud-sdk:431.0.0
name: build-docker-images-ubuntu
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana
depends_on:
- build-docker-images
- build-docker-images-ubuntu
environment:
DOCKER_PASSWORD:
from_secret: docker_password_pr
DOCKER_USER:
from_secret: docker_username_pr
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
failure: ignore
image: google/cloud-sdk:431.0.0
name: publish-images-grafana
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
event:
- pull_request
paths:
exclude:
- '*.md'
- docs/**
- latest.json
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: pr-integration-tests
node:
type: no-parallel
platform:
arch: amd64
os: linux
services:
- environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_DB: grafanatest
POSTGRES_PASSWORD: grafanatest
POSTGRES_USER: grafanatest
image: postgres:12.3-alpine
name: postgres
volumes:
- name: postgres
path: /var/lib/postgresql/data/pgdata
- commands:
- docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:5.7.39
name: mysql57
volumes:
- name: mysql57
path: /var/lib/mysql
- commands:
- docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:8.0.32
name: mysql80
volumes:
- name: mysql80
path: /var/lib/mysql
- environment: {}
image: redis:6.2.11-alpine
name: redis
- environment: {}
image: memcached:1.6.9-alpine
name: memcached
steps:
- commands:
- is_fork=$(curl "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST"
| jq .head.repo.fork)
- if [ "$is_fork" != false ]; then return 1; fi
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: grafana/build-container:1.7.5
name: clone-enterprise
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-jsonnet
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- apt-get update
- apt-get install -yq postgresql-client
- dockerize -wait tcp://postgres:5432 -timeout 120s
- psql -p 5432 -h postgres -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: postgres
PGPASSWORD: grafanatest
POSTGRES_HOST: postgres
image: grafana/build-container:1.7.5
name: postgres-integration-tests
- commands:
- apt-get update
- apt-get install -yq default-mysql-client
- dockerize -wait tcp://mysql57:3306 -timeout 120s
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql57 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql57
image: grafana/build-container:1.7.5
name: mysql-5.7-integration-tests
- commands:
- apt-get update
- apt-get install -yq default-mysql-client
- dockerize -wait tcp://mysql80:3306 -timeout 120s
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql80 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql80
image: grafana/build-container:1.7.5
name: mysql-8.0-integration-tests
- commands:
- dockerize -wait tcp://redis:6379/0 -timeout 120s
- go clean -testcache
- go test -run IntegrationRedis -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
environment:
REDIS_URL: redis://redis:6379/0
image: grafana/build-container:1.7.5
name: redis-integration-tests
- commands:
- dockerize -wait tcp://memcached:11211 -timeout 120s
- go clean -testcache
- go test -run IntegrationMemcached -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
environment:
MEMCACHED_HOSTS: memcached:11211
image: grafana/build-container:1.7.5
name: memcached-integration-tests
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- pkg/**
- packaging/**
- .drone.yml
- conf/**
- go.sum
- go.mod
- public/app/plugins/**/plugin.json
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: postgres
temp:
medium: memory
- name: mysql57
temp:
medium: memory
- name: mysql80
temp:
medium: memory
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: pr-docs
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- |-
echo -e "unknwon
referer
errorstring
eror
iam
wan" > words_to_ignore.txt
- codespell -I words_to_ignore.txt docs/
- rm words_to_ignore.txt
image: grafana/build-container:1.7.5
name: codespell
- commands:
- yarn run prettier:checkDocs
depends_on:
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: grafana/build-container:1.7.5
name: lint-docs
- commands:
- mkdir -p /hugo/content/docs/grafana/latest
- cp -r docs/sources/* /hugo/content/docs/grafana/latest/
- cd /hugo && make prod
image: grafana/docs-base:dbd975af06
name: build-docs-website
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
trigger:
event:
- pull_request
paths:
include:
- '*.md'
- docs/**
- packages/**/*.md
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: pr-shellcheck
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- ./bin/build shellcheck
depends_on:
- compile-build-cmd
image: grafana/build-container:1.7.5
name: shellcheck
trigger:
event:
- pull_request
paths:
exclude:
- '*.md'
- docs/**
- latest.json
include:
- scripts/**/*.sh
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: pr-integration-benchmarks
node:
type: no-parallel
platform:
arch: amd64
os: linux
services:
- environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_DB: grafanatest
POSTGRES_PASSWORD: grafanatest
POSTGRES_USER: grafanatest
image: postgres:12.3-alpine
name: postgres
volumes:
- name: postgres
path: /var/lib/postgresql/data/pgdata
- commands:
- docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:5.7.39
name: mysql57
volumes:
- name: mysql57
path: /var/lib/mysql
- commands:
- docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:8.0.32
name: mysql80
volumes:
- name: mysql80
path: /var/lib/mysql
- environment: {}
image: redis:6.2.11-alpine
name: redis
- environment: {}
image: memcached:1.6.9-alpine
name: memcached
steps:
- commands:
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: grafana/build-container:1.7.5
name: clone-enterprise
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on:
- clone-enterprise
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on:
- clone-enterprise
image: grafana/build-container:1.7.5
name: verify-gen-jsonnet
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi
- go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES}
depends_on:
- wire-install
image: grafana/build-container:1.7.5
name: sqlite-benchmark-integration-tests
- commands:
- if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi
- go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES}
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: postgres
PGPASSWORD: grafanatest
POSTGRES_HOST: postgres
image: grafana/build-container:1.7.5
name: postgres-benchmark-integration-tests
- commands:
- if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi
- go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES}
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql57
image: grafana/build-container:1.7.5
name: mysql-5.7-benchmark-integration-tests
- commands:
- if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi
- go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES}
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql80
image: grafana/build-container:1.7.5
name: mysql-8.0-benchmark-integration-tests
trigger:
event:
- promote
target:
- gobenchmarks
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: postgres
temp:
medium: memory
- name: mysql57
temp:
medium: memory
- name: mysql80
temp:
medium: memory
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: main-docs
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- |-
echo -e "unknwon
referer
errorstring
eror
iam
wan" > words_to_ignore.txt
- codespell -I words_to_ignore.txt docs/
- rm words_to_ignore.txt
image: grafana/build-container:1.7.5
name: codespell
- commands:
- yarn run prettier:checkDocs
depends_on:
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: grafana/build-container:1.7.5
name: lint-docs
- commands:
- mkdir -p /hugo/content/docs/grafana/latest
- cp -r docs/sources/* /hugo/content/docs/grafana/latest/
- cd /hugo && make prod
image: grafana/docs-base:dbd975af06
name: build-docs-website
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
trigger:
branch: main
event:
- push
paths:
include:
- '*.md'
- docs/**
- packages/**/*.md
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: main-test-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- yarn betterer ci
depends_on:
- yarn-install
image: grafana/build-container:1.7.5
name: betterer-frontend
- commands:
- yarn run ci:test-frontend
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: grafana/build-container:1.7.5
name: test-frontend
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: main-lint-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- yarn run prettier:check
- yarn run lint
- yarn run typecheck
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: grafana/build-container:1.7.5
name: lint-frontend
- commands:
- |-
yarn run i18n:extract || (echo "
Extraction failed. Make sure that you have no dynamic translation phrases, such as 't(\`preferences.theme.\$${themeID}\`, themeName)' and that no translation key is used twice. Search the output for '[warning]' to find the offending file." && false)
- "\n file_diff=$(git diff --dirstat public/locales)\n if
[ -n \"$file_diff\" ]; then\n echo $file_diff\n echo
\"\nTranslation extraction has not been committed. Please run 'yarn i18n:extract',
commit the changes and push again.\"\n exit 1\n fi\n
\ "
- yarn run i18n:compile
depends_on:
- yarn-install
image: grafana/build-container:1.7.5
name: verify-i18n
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: main-test-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-jsonnet
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- go test -tags requires_buildifer -short -covermode=atomic -timeout=5m ./pkg/...
depends_on:
- wire-install
image: grafana/build-container:1.7.5
name: test-backend
- commands:
- go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
image: grafana/build-container:1.7.5
name: test-backend-integration
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: main-lint-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- make gen-go
depends_on: []
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- apt-get update && apt-get install make
- make lint-go
depends_on:
- wire-install
environment:
CGO_ENABLED: "1"
image: golang:1.20.6
name: lint-backend
- commands:
- go run scripts/modowners/modowners.go check go.mod
image: golang:1.20.6
name: validate-modfile
- commands:
- ./bin/build verify-drone
depends_on:
- compile-build-cmd
image: byrnedo/alpine-curl:0.1.8
name: lint-drone
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: main-build-e2e-publish
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-jsonnet
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- ./bin/build build-backend --jobs 8 --edition oss --build-id ${DRONE_BUILD_NUMBER}
depends_on:
- wire-install
- compile-build-cmd
image: grafana/build-container:1.7.5
name: build-backend
- commands:
- ./bin/build build-frontend --jobs 8 --edition oss--build-id ${DRONE_BUILD_NUMBER}
depends_on:
- compile-build-cmd
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: grafana/build-container:1.7.5
name: build-frontend
- commands:
- ./bin/build build-frontend-packages --jobs 8 --edition oss--build-id ${DRONE_BUILD_NUMBER}
- yarn packages:pack
- ./scripts/validate-npm-packages.sh
depends_on:
- compile-build-cmd
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: grafana/build-container:1.7.5
name: build-frontend-packages
- commands:
- ./bin/build build-plugins --jobs 8 --edition oss
depends_on:
- compile-build-cmd
- yarn-install
environment:
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.7.5
name: build-plugins
- commands:
- ./bin/build package --jobs 8 --edition oss --build-id ${DRONE_BUILD_NUMBER} --sign
depends_on:
- build-plugins
- build-backend
- build-frontend
- build-frontend-packages
environment:
GPG_KEY_PASSWORD:
from_secret: packages_gpg_passphrase
GPG_PRIV_KEY:
from_secret: packages_gpg_private_key
GPG_PUB_KEY:
from_secret: packages_gpg_public_key
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.7.5
name: package
- commands:
- ./scripts/grafana-server/start-server
depends_on:
- build-plugins
- build-backend
- build-frontend
- build-frontend-packages
detach: true
environment:
ARCH: linux-amd64
PORT: 3001
image: grafana/build-container:1.7.5
name: grafana-server
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite dashboards-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-dashboards-suite
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite smoke-tests-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-smoke-tests-suite
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite panels-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-panels-suite
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite various-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-various-suite
- commands:
- cd /
- ./cpp-e2e/scripts/ci-run.sh azure ${DRONE_SOURCE_BRANCH}
depends_on:
- grafana-server
environment:
AZURE_SP_APP_ID:
from_secret: azure_sp_app_id
AZURE_SP_PASSWORD:
from_secret: azure_sp_app_pw
AZURE_TENANT:
from_secret: azure_tenant
CYPRESS_CI: "true"
GITHUB_TOKEN:
from_secret: github_token_pr
HOST: grafana-server
image: us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e:latest
name: end-to-end-tests-cloud-plugins-suite-azure
when:
paths:
include:
- pkg/tsdb/azuremonitor/**
- public/app/plugins/datasource/azuremonitor/**
- e2e/cloud-plugins-suite/azure-monitor.spec.ts
repo:
- grafana/grafana
- commands:
- apt-get update
- apt-get install -yq zip
- printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json
- gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json
- find ./e2e -type f -name "*spec.ts.mp4" | zip e2e/videos.zip -@
- gsutil cp e2e/videos.zip gs://$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- export E2E_ARTIFACTS_VIDEO_ZIP=https://storage.googleapis.com/$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- 'echo "E2E Test artifacts uploaded to: $${E2E_ARTIFACTS_VIDEO_ZIP}"'
- 'curl -X POST https://api.github.com/repos/${DRONE_REPO}/statuses/${DRONE_COMMIT_SHA}
-H "Authorization: token $${GITHUB_TOKEN}" -d "{\"state\":\"success\",\"target_url\":\"$${E2E_ARTIFACTS_VIDEO_ZIP}\",
\"description\": \"Click on the details to download e2e recording videos\", \"context\":
\"e2e_artifacts\"}"'
depends_on:
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
environment:
E2E_TEST_ARTIFACTS_BUCKET: releng-pipeline-artifacts-dev
GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY:
from_secret: gcp_upload_artifacts_key
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: google/cloud-sdk:431.0.0
name: e2e-tests-artifacts-upload
when:
status:
- success
- failure
- commands:
- yarn storybook:build
- ./bin/build verify-storybook
depends_on:
- build-frontend
- build-frontend-packages
environment:
NODE_OPTIONS: --max_old_space_size=4096
image: grafana/build-container:1.7.5
name: build-storybook
when:
paths:
include:
- packages/grafana-ui/**
- commands:
- ls dist/*.tar.gz*
- cp dist/*.tar.gz* packaging/docker/
depends_on:
- package
image: grafana/build-container:1.7.5
name: copy-packages-for-docker
- commands:
- yarn wait-on http://$HOST:$PORT
- pa11y-ci --config .pa11yci.conf.js --json > pa11y-ci-results.json
depends_on:
- grafana-server
environment:
GRAFANA_MISC_STATS_API_KEY:
from_secret: grafana_misc_stats_api_key
HOST: grafana-server
PORT: 3001
failure: ignore
image: grafana/docker-puppeteer:1.1.0
name: test-a11y-frontend
- commands:
- ./bin/build store-storybook --deployment canary
depends_on:
- build-storybook
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: store-storybook
when:
paths:
include:
- packages/grafana-ui/**
repo:
- grafana/grafana
- commands:
- ./scripts/ci-frontend-metrics.sh | ./bin/build publish-metrics $${GRAFANA_MISC_STATS_API_KEY}
depends_on:
- test-a11y-frontend
environment:
GRAFANA_MISC_STATS_API_KEY:
from_secret: grafana_misc_stats_api_key
failure: ignore
image: grafana/build-container:1.7.5
name: publish-frontend-metrics
when:
repo:
- grafana/grafana
- commands:
- ./bin/build build-docker --edition oss
depends_on:
- copy-packages-for-docker
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
image: google/cloud-sdk:431.0.0
name: build-docker-images
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/build build-docker --edition oss --ubuntu
depends_on:
- copy-packages-for-docker
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
image: google/cloud-sdk:431.0.0
name: build-docker-images-ubuntu
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana
depends_on:
- build-docker-images
- build-docker-images-ubuntu
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0
name: publish-images-grafana
volumes:
- name: docker
path: /var/run/docker.sock
when:
repo:
- grafana/grafana
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana-oss
depends_on:
- build-docker-images
- build-docker-images-ubuntu
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0
name: publish-images-grafana-oss
volumes:
- name: docker
path: /var/run/docker.sock
when:
repo:
- grafana/grafana
- commands:
- ./scripts/publish-npm-packages.sh --dist-tag 'canary' --registry 'https://registry.npmjs.org'
depends_on:
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
environment:
NPM_TOKEN:
from_secret: npm_token
image: grafana/build-container:1.7.5
name: release-canary-npm-packages
when:
paths:
include:
- packages/**
repo:
- grafana/grafana
- commands:
- ./bin/build upload-packages --edition oss
depends_on:
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: upload-packages
when:
repo:
- grafana/grafana
- commands:
- ./bin/build upload-cdn --edition oss
depends_on:
- grafana-server
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: upload-cdn-assets
when:
repo:
- grafana/grafana
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: main-integration-tests
node:
type: no-parallel
platform:
arch: amd64
os: linux
services:
- environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_DB: grafanatest
POSTGRES_PASSWORD: grafanatest
POSTGRES_USER: grafanatest
image: postgres:12.3-alpine
name: postgres
volumes:
- name: postgres
path: /var/lib/postgresql/data/pgdata
- commands:
- docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:5.7.39
name: mysql57
volumes:
- name: mysql57
path: /var/lib/mysql
- commands:
- docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:8.0.32
name: mysql80
volumes:
- name: mysql80
path: /var/lib/mysql
- environment: {}
image: redis:6.2.11-alpine
name: redis
- environment: {}
image: memcached:1.6.9-alpine
name: memcached
steps:
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-jsonnet
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- apt-get update
- apt-get install -yq postgresql-client
- dockerize -wait tcp://postgres:5432 -timeout 120s
- psql -p 5432 -h postgres -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: postgres
PGPASSWORD: grafanatest
POSTGRES_HOST: postgres
image: grafana/build-container:1.7.5
name: postgres-integration-tests
- commands:
- apt-get update
- apt-get install -yq default-mysql-client
- dockerize -wait tcp://mysql57:3306 -timeout 120s
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql57 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql57
image: grafana/build-container:1.7.5
name: mysql-5.7-integration-tests
- commands:
- apt-get update
- apt-get install -yq default-mysql-client
- dockerize -wait tcp://mysql80:3306 -timeout 120s
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql80 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql80
image: grafana/build-container:1.7.5
name: mysql-8.0-integration-tests
- commands:
- dockerize -wait tcp://redis:6379/0 -timeout 120s
- go clean -testcache
- go test -run IntegrationRedis -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
environment:
REDIS_URL: redis://redis:6379/0
image: grafana/build-container:1.7.5
name: redis-integration-tests
- commands:
- dockerize -wait tcp://memcached:11211 -timeout 120s
- go clean -testcache
- go test -run IntegrationMemcached -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
environment:
MEMCACHED_HOSTS: memcached:11211
image: grafana/build-container:1.7.5
name: memcached-integration-tests
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: postgres
temp:
medium: memory
- name: mysql57
temp:
medium: memory
- name: mysql80
temp:
medium: memory
---
clone:
retries: 3
depends_on:
- main-test-frontend
- main-test-backend
- main-build-e2e-publish
- main-integration-tests
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: main-windows
platform:
arch: amd64
os: windows
version: "1809"
services: []
steps:
- commands:
- echo $env:DRONE_RUNNER_NAME
image: mcr.microsoft.com/windows:1809
name: identify-runner
- commands:
- $$ProgressPreference = "SilentlyContinue"
- Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/windows/grabpl.exe
-OutFile grabpl.exe
image: grafana/ci-wix:0.1.1
name: windows-init
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: //./pipe/docker_engine/
name: docker
---
clone:
retries: 3
depends_on: []
kind: pipeline
name: notify-drone-changes
platform:
arch: amd64
os: linux
steps:
- image: plugins/slack
name: slack
settings:
channel: slack-webhooks-test
template: "`.drone.yml` and `starlark` files have been changed on the OSS repo,
by: {{build.author}}. \nBranch: <https://github.com/{{ repo.owner }}/{{ repo.name
}}/commits/{{ build.branch }}|{{ build.branch }}>\nCommit hash: <https://github.com/{{repo.owner}}/{{repo.name}}/commit/{{build.commit}}|{{
truncate build.commit 8 }}>"
webhook:
from_secret: drone-changes-webhook
trigger:
branch: main
event:
- push
paths:
exclude:
- exclude
include:
- .drone.yml
repo:
- grafana/grafana
type: docker
---
clone:
retries: 3
depends_on:
- main-build-e2e-publish
- main-integration-tests
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: main-trigger-downstream
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- image: grafana/drone-downstream
name: trigger-enterprise-downstream
settings:
params:
- SOURCE_BUILD_NUMBER=${DRONE_COMMIT}
- SOURCE_COMMIT=${DRONE_COMMIT}
repositories:
- grafana/grafana-enterprise@main
server: https://drone.grafana.net
token:
from_secret: drone_token
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana-security-mirror
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- main-test-frontend
- main-test-backend
- main-build-e2e-publish
- main-integration-tests
- main-windows
kind: pipeline
name: main-notify
platform:
arch: amd64
os: linux
steps:
- image: plugins/slack
name: slack
settings:
channel: grafana-ci-notifications
template: |-
Build {{build.number}} failed for commit: <https://github.com/{{repo.owner}}/{{repo.name}}/commit/{{build.commit}}|{{ truncate build.commit 8 }}>: {{build.link}}
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>
Author: {{build.author}}
webhook:
from_secret: slack_webhook
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
status:
- failure
type: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: publish-docker-public
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- ./bin/build artifacts docker fetch --edition oss
depends_on:
- compile-build-cmd
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
image: google/cloud-sdk:431.0.0
name: fetch-images
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana --version-tag
${DRONE_TAG}
depends_on:
- fetch-images
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0
name: publish-images-grafana
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana-oss --version-tag
${DRONE_TAG}
depends_on:
- fetch-images
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0
name: publish-images-grafana-oss
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: publish-artifacts-public
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- ./bin/build artifacts packages --tag $${DRONE_TAG} --src-bucket $${PRERELEASE_BUCKET}
depends_on:
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_upload_artifacts_key
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: publish-artifacts
- commands:
- ./bin/build artifacts static-assets --tag ${DRONE_TAG} --static-asset-editions=grafana-oss
depends_on:
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_upload_artifacts_key
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
STATIC_ASSET_EDITIONS:
from_secret: static_asset_editions
image: grafana/grafana-ci-deploy:1.3.3
name: publish-static-assets
- commands:
- ./bin/build artifacts storybook --tag ${DRONE_TAG}
depends_on:
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_upload_artifacts_key
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: publish-storybook
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: publish-npm-packages-public
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- ./bin/build artifacts npm retrieve --tag ${DRONE_TAG}
depends_on:
- compile-build-cmd
- yarn-install
environment:
GCP_KEY:
from_secret: gcp_upload_artifacts_key
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
failure: ignore
image: grafana/grafana-ci-deploy:1.3.3
name: retrieve-npm-packages
- commands:
- ./bin/build artifacts npm release --tag ${DRONE_TAG}
depends_on:
- compile-build-cmd
- retrieve-npm-packages
environment:
NPM_TOKEN:
from_secret: npm_token
failure: ignore
image: grafana/build-container:1.7.5
name: release-npm-packages
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- publish-artifacts-public
- publish-docker-public
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: publish-packages
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- depends_on:
- compile-build-cmd
image: us.gcr.io/kubernetes-dev/package-publish:latest
name: publish-linux-packages-deb
privileged: true
settings:
access_key_id:
from_secret: packages_access_key_id
deb_distribution: auto
gpg_passphrase:
from_secret: packages_gpg_passphrase
gpg_private_key:
from_secret: packages_gpg_private_key
gpg_public_key:
from_secret: packages_gpg_public_key
package_path: gs://grafana-prerelease/artifacts/downloads/*${DRONE_TAG}/oss/**.deb
secret_access_key:
from_secret: packages_secret_access_key
service_account_json:
from_secret: packages_service_account
target_bucket: grafana-packages
- depends_on:
- compile-build-cmd
image: us.gcr.io/kubernetes-dev/package-publish:latest
name: publish-linux-packages-rpm
privileged: true
settings:
access_key_id:
from_secret: packages_access_key_id
deb_distribution: auto
gpg_passphrase:
from_secret: packages_gpg_passphrase
gpg_private_key:
from_secret: packages_gpg_private_key
gpg_public_key:
from_secret: packages_gpg_public_key
package_path: gs://grafana-prerelease/artifacts/downloads/*${DRONE_TAG}/oss/**.rpm
secret_access_key:
from_secret: packages_secret_access_key
service_account_json:
from_secret: packages_service_account
target_bucket: grafana-packages
- commands:
- ./bin/build publish grafana-com --edition oss ${DRONE_TAG}
depends_on:
- publish-linux-packages-deb
- publish-linux-packages-rpm
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
GRAFANA_COM_API_KEY:
from_secret: grafana_api_key
image: grafana/grafana-ci-deploy:1.3.3
name: publish-grafanacom
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: release-whatsnew-checker
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- ./bin/build whatsnew-checker
depends_on:
- compile-build-cmd
image: golang:1.20.6
name: whats-new-checker
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: release-test-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- yarn betterer ci
depends_on:
- yarn-install
image: grafana/build-container:1.7.5
name: betterer-frontend
- commands:
- yarn run ci:test-frontend
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: grafana/build-container:1.7.5
name: test-frontend
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: release-test-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-jsonnet
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- go test -tags requires_buildifer -short -covermode=atomic -timeout=5m ./pkg/...
depends_on:
- wire-install
image: grafana/build-container:1.7.5
name: test-backend
- commands:
- go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
image: grafana/build-container:1.7.5
name: test-backend-integration
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- main-test-backend
- main-test-frontend
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: rgm-main-prerelease
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- export GRAFANA_DIR=$$(pwd)
- cd /src && ./scripts/drone_publish_main.sh
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
DESTINATION:
from_secret: destination
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GITHUB_TOKEN:
from_secret: github_token
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
failure: ignore
image: grafana/grafana-build:main
name: rgm-build
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- packages/**/*.md
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- release-test-backend
- release-test-frontend
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: rgm-tag-prerelease
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- export GRAFANA_DIR=$$(pwd)
- cd /src && ./scripts/drone_publish_tag_grafana.sh
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
DESTINATION:
from_secret: destination
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GITHUB_TOKEN:
from_secret: github_token
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
failure: ignore
image: grafana/grafana-build:main
name: rgm-build
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- rgm-tag-prerelease
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: rgm-tag-prerelease-windows
platform:
arch: amd64
os: windows
version: "1809"
services: []
steps:
- commands:
- echo $env:DRONE_RUNNER_NAME
failure: ignore
image: mcr.microsoft.com/windows:1809
name: identify-runner
- commands:
- $$ProgressPreference = "SilentlyContinue"
- Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/windows/grabpl.exe
-OutFile grabpl.exe
failure: ignore
image: grafana/ci-wix:0.1.1
name: windows-init
- commands:
- $$gcpKey = $$env:GCP_KEY
- '[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($$gcpKey))
> gcpkey.json'
- dos2unix gcpkey.json
- gcloud auth activate-service-account --key-file=gcpkey.json
- rm gcpkey.json
- cp C:\App\nssm-2.24.zip .
- .\grabpl.exe windows-installer --target gs://grafana-prerelease/artifacts/downloads/${DRONE_TAG}/oss/release/grafana-${DRONE_TAG:1}.windows-amd64.zip
--edition oss ${DRONE_TAG}
- $$fname = ((Get-Childitem grafana*.msi -name) -split "`n")[0]
- gsutil cp $$fname gs://grafana-prerelease/artifacts/downloads/${DRONE_TAG}/oss/release/
- gsutil cp "$$fname.sha256" gs://grafana-prerelease/artifacts/downloads/${DRONE_TAG}/oss/release/
depends_on:
- windows-init
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
GITHUB_TOKEN:
from_secret: github_token
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
failure: ignore
image: grafana/ci-wix:0.1.1
name: build-windows-installer
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: //./pipe/docker_engine/
name: docker
---
clone:
retries: 3
depends_on:
- rgm-tag-prerelease
- rgm-tag-prerelease-windows
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: rgm-tag-verify-prerelease-assets
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- apt-get update && apt-get install -yq gettext
- printenv GCP_KEY | base64 -d > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- ./scripts/list-release-artifacts.sh ${DRONE_TAG} | xargs -n1 gsutil stat >> /tmp/stat.log
- '! cat /tmp/stat.log | grep "No URLs matched"'
depends_on:
- clone
environment:
BUCKET: grafana-prerelease
GCP_KEY:
from_secret: gcp_upload_artifacts_key
failure: ignore
image: google/cloud-sdk:431.0.0
name: gsutil-stat
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
disable: true
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: testing-test-backend-windows
platform:
arch: amd64
os: windows
version: "1809"
services: []
steps:
- commands:
- git clone "https://$$env:GITHUB_TOKEN@github.com/$$env:DRONE_REPO.git" .
- git checkout -f $$env:DRONE_COMMIT
environment:
GITHUB_TOKEN:
from_secret: github_token
image: grafana/ci-wix:0.1.1
name: clone
- commands: []
depends_on:
- clone
image: grafana/grafana-ci-windows-test:0.1.0
name: windows-init
- commands:
- go install github.com/google/wire/cmd/wire@v0.5.0
- wire gen -tags oss ./pkg/server
depends_on:
- windows-init
image: grafana/grafana-ci-windows-test:0.1.0
name: wire-install
- commands:
- go test -tags requires_buildifer -short -covermode=atomic -timeout=5m ./pkg/...
depends_on:
- wire-install
image: grafana/grafana-ci-windows-test:0.1.0
name: test-backend
trigger:
event:
- promote
target:
- test-windows
type: docker
volumes:
- host:
path: //./pipe/docker_engine/
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: release-branch-build-e2e-publish
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- ./bin/build build-backend --jobs 8 --edition oss --build-id ${DRONE_BUILD_NUMBER}
depends_on:
- wire-install
- compile-build-cmd
image: grafana/build-container:1.7.5
name: build-backend
- commands:
- ./bin/build build-frontend --jobs 8 --edition oss--build-id ${DRONE_BUILD_NUMBER}
depends_on:
- compile-build-cmd
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: grafana/build-container:1.7.5
name: build-frontend
- commands:
- ./bin/build build-frontend-packages --jobs 8 --edition oss--build-id ${DRONE_BUILD_NUMBER}
- yarn packages:pack
- ./scripts/validate-npm-packages.sh
depends_on:
- compile-build-cmd
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: grafana/build-container:1.7.5
name: build-frontend-packages
- commands:
- ./bin/build build-plugins --jobs 8 --edition oss
depends_on:
- compile-build-cmd
- yarn-install
environment:
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.7.5
name: build-plugins
- commands:
- ./bin/build package --jobs 8 --edition oss --build-id ${DRONE_BUILD_NUMBER} --sign
depends_on:
- build-plugins
- build-backend
- build-frontend
- build-frontend-packages
environment:
GPG_KEY_PASSWORD:
from_secret: packages_gpg_passphrase
GPG_PRIV_KEY:
from_secret: packages_gpg_private_key
GPG_PUB_KEY:
from_secret: packages_gpg_public_key
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.7.5
name: package
- commands:
- ls dist/*.tar.gz*
- cp dist/*.tar.gz* packaging/docker/
depends_on:
- package
image: grafana/build-container:1.7.5
name: copy-packages-for-docker
- commands:
- ./bin/build build-docker --edition oss --shouldSave
depends_on:
- copy-packages-for-docker
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
image: google/cloud-sdk:431.0.0
name: build-docker-images
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/build build-docker --edition oss --shouldSave --ubuntu
depends_on:
- copy-packages-for-docker
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
image: google/cloud-sdk:431.0.0
name: build-docker-images-ubuntu
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./scripts/grafana-server/start-server
depends_on:
- build-plugins
- build-backend
- build-frontend
- build-frontend-packages
detach: true
environment:
ARCH: linux-amd64
PORT: 3001
image: grafana/build-container:1.7.5
name: grafana-server
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite dashboards-suite --tries 3
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-dashboards-suite
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite smoke-tests-suite --tries 3
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-smoke-tests-suite
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite panels-suite --tries 3
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-panels-suite
- commands:
- apt-get install -y netcat
- ./bin/build e2e-tests --port 3001 --suite various-suite --tries 3
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
name: end-to-end-tests-various-suite
- commands:
- apt-get update
- apt-get install -yq zip
- printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json
- gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json
- find ./e2e -type f -name "*spec.ts.mp4" | zip e2e/videos.zip -@
- gsutil cp e2e/videos.zip gs://$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- export E2E_ARTIFACTS_VIDEO_ZIP=https://storage.googleapis.com/$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- 'echo "E2E Test artifacts uploaded to: $${E2E_ARTIFACTS_VIDEO_ZIP}"'
- 'curl -X POST https://api.github.com/repos/${DRONE_REPO}/statuses/${DRONE_COMMIT_SHA}
-H "Authorization: token $${GITHUB_TOKEN}" -d "{\"state\":\"success\",\"target_url\":\"$${E2E_ARTIFACTS_VIDEO_ZIP}\",
\"description\": \"Click on the details to download e2e recording videos\", \"context\":
\"e2e_artifacts\"}"'
depends_on:
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
environment:
E2E_TEST_ARTIFACTS_BUCKET: releng-pipeline-artifacts-dev
GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY:
from_secret: gcp_upload_artifacts_key
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: google/cloud-sdk:431.0.0
name: e2e-tests-artifacts-upload
when:
status:
- success
- failure
- commands:
- yarn storybook:build
- ./bin/build verify-storybook
depends_on:
- build-frontend
- build-frontend-packages
environment:
NODE_OPTIONS: --max_old_space_size=4096
image: grafana/build-container:1.7.5
name: build-storybook
when:
paths:
include:
- packages/grafana-ui/**
- commands:
- ./bin/build upload-cdn --edition oss
depends_on:
- grafana-server
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: upload-cdn-assets
when:
repo:
- grafana/grafana
- commands:
- ./bin/build upload-packages --edition oss
depends_on:
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: upload-packages
when:
repo:
- grafana/grafana
trigger:
ref:
- refs/heads/v[0-9]*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: postgres
temp:
medium: memory
- name: mysql57
temp:
medium: memory
- name: mysql80
temp:
medium: memory
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: release-branch-test-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- yarn install --immutable
depends_on: []
image: grafana/build-container:1.7.5
name: yarn-install
- commands:
- yarn betterer ci
depends_on:
- yarn-install
image: grafana/build-container:1.7.5
name: betterer-frontend
- commands:
- yarn run ci:test-frontend
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: grafana/build-container:1.7.5
name: test-frontend
trigger:
ref:
- refs/heads/v[0-9]*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: release-branch-test-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-jsonnet
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- go test -tags requires_buildifer -short -covermode=atomic -timeout=5m ./pkg/...
depends_on:
- wire-install
image: grafana/build-container:1.7.5
name: test-backend
- commands:
- go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
image: grafana/build-container:1.7.5
name: test-backend-integration
trigger:
ref:
- refs/heads/v[0-9]*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: release-branch-integration-tests
node:
type: no-parallel
platform:
arch: amd64
os: linux
services:
- environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_DB: grafanatest
POSTGRES_PASSWORD: grafanatest
POSTGRES_USER: grafanatest
image: postgres:12.3-alpine
name: postgres
volumes:
- name: postgres
path: /var/lib/postgresql/data/pgdata
- commands:
- docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:5.7.39
name: mysql57
volumes:
- name: mysql57
path: /var/lib/mysql
- commands:
- docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:8.0.32
name: mysql80
volumes:
- name: mysql80
path: /var/lib/mysql
- environment: {}
image: redis:6.2.11-alpine
name: redis
- environment: {}
image: memcached:1.6.9-alpine
name: memcached
steps:
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-jsonnet
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- apt-get update
- apt-get install -yq postgresql-client
- dockerize -wait tcp://postgres:5432 -timeout 120s
- psql -p 5432 -h postgres -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: postgres
PGPASSWORD: grafanatest
POSTGRES_HOST: postgres
image: grafana/build-container:1.7.5
name: postgres-integration-tests
- commands:
- apt-get update
- apt-get install -yq default-mysql-client
- dockerize -wait tcp://mysql57:3306 -timeout 120s
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql57 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql57
image: grafana/build-container:1.7.5
name: mysql-5.7-integration-tests
- commands:
- apt-get update
- apt-get install -yq default-mysql-client
- dockerize -wait tcp://mysql80:3306 -timeout 120s
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql80 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql80
image: grafana/build-container:1.7.5
name: mysql-8.0-integration-tests
- commands:
- dockerize -wait tcp://redis:6379/0 -timeout 120s
- go clean -testcache
- go test -run IntegrationRedis -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
environment:
REDIS_URL: redis://redis:6379/0
image: grafana/build-container:1.7.5
name: redis-integration-tests
- commands:
- dockerize -wait tcp://memcached:11211 -timeout 120s
- go clean -testcache
- go test -run IntegrationMemcached -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
environment:
MEMCACHED_HOSTS: memcached:11211
image: grafana/build-container:1.7.5
name: memcached-integration-tests
trigger:
ref:
- refs/heads/v[0-9]*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: postgres
temp:
medium: memory
- name: mysql57
temp:
medium: memory
- name: mysql80
temp:
medium: memory
---
clone:
retries: 3
depends_on:
- release-branch-build-e2e-publish
- release-branch-test-frontend
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: release-branch-windows
platform:
arch: amd64
os: windows
version: "1809"
services: []
steps:
- commands:
- echo $env:DRONE_RUNNER_NAME
image: mcr.microsoft.com/windows:1809
name: identify-runner
- commands:
- $$ProgressPreference = "SilentlyContinue"
- Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/windows/grabpl.exe
-OutFile grabpl.exe
image: grafana/ci-wix:0.1.1
name: windows-init
- commands:
- $$gcpKey = $$env:GCP_KEY
- '[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($$gcpKey))
> gcpkey.json'
- dos2unix gcpkey.json
- gcloud auth activate-service-account --key-file=gcpkey.json
- rm gcpkey.json
- cp C:\App\nssm-2.24.zip .
depends_on:
- windows-init
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
GITHUB_TOKEN:
from_secret: github_token
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/ci-wix:0.1.1
name: build-windows-installer
trigger:
ref:
- refs/heads/v[0-9]*
type: docker
volumes:
- host:
path: //./pipe/docker_engine/
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: integration-tests
node:
type: no-parallel
platform:
arch: amd64
os: linux
services:
- environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_DB: grafanatest
POSTGRES_PASSWORD: grafanatest
POSTGRES_USER: grafanatest
image: postgres:12.3-alpine
name: postgres
volumes:
- name: postgres
path: /var/lib/postgresql/data/pgdata
- commands:
- docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:5.7.39
name: mysql57
volumes:
- name: mysql57
path: /var/lib/mysql
- commands:
- docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:8.0.32
name: mysql80
volumes:
- name: mysql80
path: /var/lib/mysql
- environment: {}
image: redis:6.2.11-alpine
name: redis
- environment: {}
image: memcached:1.6.9-alpine
name: memcached
steps:
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.40/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.17.1
name: identify-runner
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: grafana/build-container:1.7.5
name: verify-gen-jsonnet
- commands:
- make gen-go
depends_on:
- verify-gen-cue
image: grafana/build-container:1.7.5
name: wire-install
- commands:
- apt-get update
- apt-get install -yq postgresql-client
- dockerize -wait tcp://postgres:5432 -timeout 120s
- psql -p 5432 -h postgres -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: postgres
PGPASSWORD: grafanatest
POSTGRES_HOST: postgres
image: grafana/build-container:1.7.5
name: postgres-integration-tests
- commands:
- apt-get update
- apt-get install -yq default-mysql-client
- dockerize -wait tcp://mysql57:3306 -timeout 120s
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql57 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql57
image: grafana/build-container:1.7.5
name: mysql-5.7-integration-tests
- commands:
- apt-get update
- apt-get install -yq default-mysql-client
- dockerize -wait tcp://mysql80:3306 -timeout 120s
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql80 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql80
image: grafana/build-container:1.7.5
name: mysql-8.0-integration-tests
- commands:
- dockerize -wait tcp://redis:6379/0 -timeout 120s
- go clean -testcache
- go test -run IntegrationRedis -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
environment:
REDIS_URL: redis://redis:6379/0
image: grafana/build-container:1.7.5
name: redis-integration-tests
- commands:
- dockerize -wait tcp://memcached:11211 -timeout 120s
- go clean -testcache
- go test -run IntegrationMemcached -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
environment:
MEMCACHED_HOSTS: memcached:11211
image: grafana/build-container:1.7.5
name: memcached-integration-tests
trigger:
event:
- promote
target: integration-tests
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: postgres
temp:
medium: memory
- name: mysql57
temp:
medium: memory
- name: mysql80
temp:
medium: memory
---
clone:
disable: true
depends_on: []
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: publish-ci-windows-test-image
platform:
arch: amd64
os: windows
version: "1809"
services: []
steps:
- commands:
- git clone "https://$$env:GITHUB_TOKEN@github.com/grafana/grafana-ci-sandbox.git"
.
- git checkout -f $$env:DRONE_COMMIT
environment:
GITHUB_TOKEN:
from_secret: github_token
image: grafana/ci-wix:0.1.1
name: clone
- commands:
- cd scripts\build\ci-windows-test
- docker login -u $$env:DOCKER_USERNAME -p $$env:DOCKER_PASSWORD
- docker build -t grafana/grafana-ci-windows-test:$$env:TAG .
- docker push grafana/grafana-ci-windows-test:$$env:TAG
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
image: docker:windowsservercore-1809
name: build-and-publish
volumes:
- name: docker
path: //./pipe/docker_engine/
trigger:
event:
- promote
target:
- ci-windows-test-image
type: docker
volumes:
- host:
path: //./pipe/docker_engine/
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: publish-ci-build-container-image
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- if [ -z "${BUILD_CONTAINER_VERSION}" ]; then echo Missing BUILD_CONTAINER_VERSION;
false; fi
image: alpine:3.17.1
name: validate-version
- commands:
- printenv GCP_KEY > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- gsutil cp gs://grafana-private-downloads/MacOSX10.15.sdk.tar.xz ./scripts/build/ci-build/MacOSX10.15.sdk.tar.xz
environment:
GCP_KEY:
from_secret: gcp_download_build_container_assets_key
image: google/cloud-sdk:431.0.0
name: download-macos-sdk
- commands:
- printenv DOCKER_PASSWORD | docker login -u "$DOCKER_USERNAME" --password-stdin
- docker build -t "grafana/build-container:${BUILD_CONTAINER_VERSION}" ./scripts/build/ci-build
- docker push "grafana/build-container:${BUILD_CONTAINER_VERSION}"
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
image: google/cloud-sdk:431.0.0
name: build-and-publish
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
event:
- promote
target:
- ci-build-container-image
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:latest-image
platform:
arch: amd64
os: linux
steps:
- commands:
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:latest failed: {{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:main-image
platform:
arch: amd64
os: linux
steps:
- commands:
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:main failed: {{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:latest-ubuntu-image
platform:
arch: amd64
os: linux
steps:
- commands:
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest-ubuntu
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest-ubuntu
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:latest-ubuntu failed:
{{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:main-ubuntu-image
platform:
arch: amd64
os: linux
steps:
- commands:
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main-ubuntu
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main-ubuntu
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:main-ubuntu failed:
{{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
---
clone:
retries: 3
kind: pipeline
name: scan-build-test-and-publish-docker-images
platform:
arch: amd64
os: linux
steps:
- commands:
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM google/cloud-sdk:431.0.0
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/build-container:1.7.5
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana-ci-deploy:1.3.3
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM alpine:3.17.1
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM byrnedo/alpine-curl:0.1.8
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM golang:1.20.6
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM plugins/slack
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM postgres:12.3-alpine
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM mysql:5.7.39
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM mysql:8.0.32
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM redis:6.2.11-alpine
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM memcached:1.6.9-alpine
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM us.gcr.io/kubernetes-dev/package-publish:latest
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM osixia/openldap:1.4.0
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/drone-downstream
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/docker-puppeteer:1.1.0
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/docs-base:dbd975af06
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e:latest
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL google/cloud-sdk:431.0.0
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/build-container:1.7.5
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana-ci-deploy:1.3.3
- trivy --exit-code 1 --severity HIGH,CRITICAL alpine:3.17.1
- trivy --exit-code 1 --severity HIGH,CRITICAL byrnedo/alpine-curl:0.1.8
- trivy --exit-code 1 --severity HIGH,CRITICAL golang:1.20.6
- trivy --exit-code 1 --severity HIGH,CRITICAL plugins/slack
- trivy --exit-code 1 --severity HIGH,CRITICAL postgres:12.3-alpine
- trivy --exit-code 1 --severity HIGH,CRITICAL mysql:5.7.39
- trivy --exit-code 1 --severity HIGH,CRITICAL mysql:8.0.32
- trivy --exit-code 1 --severity HIGH,CRITICAL redis:6.2.11-alpine
- trivy --exit-code 1 --severity HIGH,CRITICAL memcached:1.6.9-alpine
- trivy --exit-code 1 --severity HIGH,CRITICAL us.gcr.io/kubernetes-dev/package-publish:latest
- trivy --exit-code 1 --severity HIGH,CRITICAL osixia/openldap:1.4.0
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/drone-downstream
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/docker-puppeteer:1.1.0
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/docs-base:dbd975af06
- trivy --exit-code 1 --severity HIGH,CRITICAL cypress/included:9.5.1-node16.14.0-slim-chrome99-ff97
- trivy --exit-code 1 --severity HIGH,CRITICAL us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e:latest
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for build-images failed: {{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
---
clone:
retries: 3
kind: pipeline
name: grafana-com-nightly
platform:
arch: amd64
os: linux
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.20.6
name: compile-build-cmd
- commands:
- ./bin/build publish grafana-com --edition oss
depends_on:
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_key
GRAFANA_COM_API_KEY:
from_secret: grafana_api_key
image: grafana/grafana-ci-deploy:1.3.3
name: post-to-grafana-com
trigger:
cron: grafana-com-nightly
event: cron
type: docker
---
get:
name: credentials.json
path: infra/data/ci/grafana-release-eng/grafanauploads
kind: secret
name: gcp_grafanauploads
---
get:
name: credentials_base64
path: infra/data/ci/grafana-release-eng/grafanauploads
kind: secret
name: gcp_grafanauploads_base64
---
get:
name: grafana_api_key
path: infra/data/ci/drone-plugins
kind: secret
name: grafana_api_key
---
get:
name: .dockerconfigjson
path: secret/data/common/gcr
kind: secret
name: dockerconfigjson
---
get:
name: pat
path: infra/data/ci/github/grafanabot
kind: secret
name: github_token
---
get:
name: machine-user-token
path: infra/data/ci/drone
kind: secret
name: drone_token
---
get:
name: bucket
path: infra/data/ci/grafana/prerelease
kind: secret
name: prerelease_bucket
---
get:
name: credentials.json
path: infra/data/ci/grafana/releng/artifacts-uploader-service-account
kind: secret
name: gcp_upload_artifacts_key
---
get:
name: credentials.json
path: infra/data/ci/grafana/assets-downloader-build-container-service-account
kind: secret
name: gcp_download_build_container_assets_key
---
get:
name: application_id
path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials
kind: secret
name: azure_sp_app_id
---
get:
name: application_secret
path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials
kind: secret
name: azure_sp_app_pw
---
get:
name: tenant_id
path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials
kind: secret
name: azure_tenant
---
get:
name: public-key-b64
path: infra/data/ci/packages-publish/gpg
kind: secret
name: packages_gpg_public_key
---
get:
name: private-key-b64
path: infra/data/ci/packages-publish/gpg
kind: secret
name: packages_gpg_private_key
---
get:
name: passphrase
path: infra/data/ci/packages-publish/gpg
kind: secret
name: packages_gpg_passphrase
---
get:
name: credentials.json
path: infra/data/ci/packages-publish/service-account
kind: secret
name: packages_service_account
---
get:
name: AccessID
path: infra/data/ci/packages-publish/bucket-credentials
kind: secret
name: packages_access_key_id
---
get:
name: Secret
path: infra/data/ci/packages-publish/bucket-credentials
kind: secret
name: packages_secret_access_key
---
get:
name: static_asset_editions
path: infra/data/ci/grafana-release-eng/artifact-publishing
kind: secret
name: static_asset_editions
---
get:
name: cdn_path
path: infra/data/ci/grafana-release-eng/enterprise2
kind: secret
name: enterprise2-cdn-path
---
get:
name: gcp_service_account_prod_base64
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: gcp_key_base64
---
get:
name: destination_prod
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: destination
---
get:
name: dagger_token
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: dagger_token
---
get:
name: pat
path: infra/data/ci/github/grafanabot
kind: secret
name: github_token
---
get:
name: app-id
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
kind: secret
name: delivery-bot-app-id
---
get:
name: app-installation-id
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
kind: secret
name: delivery-bot-app-installation-id
---
get:
name: app-private-key
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
kind: secret
name: delivery-bot-app-private-key
---
kind: signature
hmac: 4351462792d68218e3f95264ffa4d5f87d56290b2bbe1ed6d93401d6ca194c34
...