grafana/.drone.yml
Andreas Christou dcbc3aa46a
Chore: Update grabpl to v3.0.50 (#82379)
Bump grabpl version
2024-02-13 15:39:41 +00:00

4806 lines
119 KiB
YAML

---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-verify-drone
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- ./bin/build verify-drone
depends_on:
- compile-build-cmd
image: byrnedo/alpine-curl:0.1.8
name: lint-drone
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- scripts/drone/**
- .drone.yml
- .drone.star
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-verify-starlark
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- go install github.com/bazelbuild/buildtools/buildifier@latest
- buildifier --lint=warn -mode=check -r .
depends_on:
- compile-build-cmd
image: golang:1.21.6-alpine
name: lint-starlark
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- scripts/drone/**
- .drone.star
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-test-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- apk add --update g++ make python3 && ln -sf /usr/bin/python3 /usr/bin/python
- yarn install --immutable
depends_on: []
image: node:20.9.0-alpine
name: yarn-install
- commands:
- apk add --update git bash
- yarn betterer ci
depends_on:
- yarn-install
image: node:20.9.0-alpine
name: betterer-frontend
- commands:
- apk add --update curl jq bash
- is_fork=$(curl "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST"
| jq .head.repo.fork)
- if [ "$is_fork" != false ]; then return 1; fi
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: alpine/git:2.40.1
name: clone-enterprise
- commands:
- yarn run ci:test-frontend
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: node:20.9.0-alpine
name: test-frontend
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
- pkg/**
- packaging/**
- go.sum
- go.mod
include: []
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-lint-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- apk add --update curl jq bash
- is_fork=$(curl "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST"
| jq .head.repo.fork)
- if [ "$is_fork" != false ]; then return 1; fi
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: alpine/git:2.40.1
name: clone-enterprise
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- apk add --update g++ make python3 && ln -sf /usr/bin/python3 /usr/bin/python
- yarn install --immutable
depends_on: []
image: node:20.9.0-alpine
name: yarn-install
- commands:
- yarn run prettier:check
- yarn run lint
- yarn run typecheck
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: node:20.9.0-alpine
name: lint-frontend
- commands:
- apk add --update git
- |-
yarn run i18n:extract || (echo "
Extraction failed. Make sure that you have no dynamic translation phrases, such as 't(\`preferences.theme.\$${themeID}\`, themeName)' and that no translation key is used twice. Search the output for '[warning]' to find the offending file." && false)
- "\n file_diff=$(git diff --dirstat public/locales)\n if
[ -n \"$file_diff\" ]; then\n echo $file_diff\n echo
\"\nTranslation extraction has not been committed. Please run 'yarn i18n:extract',
commit the changes and push again.\"\n exit 1\n fi\n
\ "
depends_on:
- yarn-install
failure: ignore
image: node:20.9.0-alpine
name: verify-i18n
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
- pkg/**
- packaging/**
- go.sum
- go.mod
include: []
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-test-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- apk add --update curl jq bash
- is_fork=$(curl "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST"
| jq .head.repo.fork)
- if [ "$is_fork" != false ]; then return 1; fi
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: alpine/git:2.40.1
name: clone-enterprise
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-jsonnet
- commands:
- apk add --update make
- make gen-go
depends_on:
- verify-gen-cue
image: golang:1.21.6-alpine
name: wire-install
- commands:
- apk add --update build-base shared-mime-info shared-mime-info-lang
- go test -tags requires_buildifer -short -covermode=atomic -timeout=5m ./pkg/...
depends_on:
- wire-install
image: golang:1.21.6-alpine
name: test-backend
- commands:
- apk add --update build-base
- go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
image: golang:1.21.6-alpine
name: test-backend-integration
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- pkg/**
- packaging/**
- .drone.yml
- conf/**
- go.sum
- go.mod
- public/app/plugins/**/plugin.json
- docs/sources/setup-grafana/configure-grafana/feature-toggles/**
- devenv/**
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-lint-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- apk add --update curl jq bash
- is_fork=$(curl "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST"
| jq .head.repo.fork)
- if [ "$is_fork" != false ]; then return 1; fi
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: alpine/git:2.40.1
name: clone-enterprise
- commands:
- apk add --update make
- make gen-go
depends_on: []
image: golang:1.21.6-alpine
name: wire-install
- commands:
- apk add --update make build-base
- make lint-go
depends_on:
- wire-install
environment:
CGO_ENABLED: "1"
image: golang:1.21.6-alpine
name: lint-backend
- commands:
- go run scripts/modowners/modowners.go check go.mod
image: golang:1.21.6-alpine
name: validate-modfile
- commands:
- apk add --update make
- make swagger-validate
image: golang:1.21.6-alpine
name: validate-openapi-spec
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- pkg/**
- packaging/**
- .drone.yml
- conf/**
- go.sum
- go.mod
- public/app/plugins/**/plugin.json
- devenv/**
- .bingo/**
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-build-e2e
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-jsonnet
- commands:
- apk add --update make
- make gen-go
depends_on:
- verify-gen-cue
image: golang:1.21.6-alpine
name: wire-install
- commands:
- apk add --update g++ make python3 && ln -sf /usr/bin/python3 /usr/bin/python
- yarn install --immutable
depends_on: []
image: node:20.9.0-alpine
name: yarn-install
- commands:
- apk add --update jq bash
- yarn packages:build
- yarn packages:pack
- ./scripts/validate-npm-packages.sh
depends_on:
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: node:20.9.0-alpine
name: build-frontend-packages
- failure: ignore
image: grafana/drone-downstream
name: trigger-enterprise-downstream
settings:
params:
- SOURCE_BUILD_NUMBER=${DRONE_COMMIT}
- SOURCE_COMMIT=${DRONE_COMMIT}
- OSS_PULL_REQUEST=${DRONE_PULL_REQUEST}
repositories:
- grafana/grafana-enterprise@${DRONE_SOURCE_BRANCH}
server: https://drone.grafana.net
token:
from_secret: drone_token
- commands:
- /src/grafana-build artifacts -a targz:grafana:linux/amd64 -a targz:grafana:linux/arm64
-a targz:grafana:linux/arm/v7 --go-version=1.21.6 --yarn-cache=$$YARN_CACHE_FOLDER
--build-id=$$DRONE_BUILD_NUMBER --grafana-dir=$$PWD > packages.txt
depends_on:
- yarn-install
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
image: grafana/grafana-build:main
name: rgm-package
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- apk add --update tar bash
- mkdir grafana
- tar --strip-components=1 -xvf ./dist/*amd64.tar.gz -C grafana
- cp -r devenv scripts tools grafana && cd grafana && ./scripts/grafana-server/start-server
depends_on:
- rgm-package
detach: true
environment:
GF_APP_MODE: development
GF_SERVER_HTTP_PORT: "3001"
GF_SERVER_ROUTER_LOGGING: "1"
image: alpine:3.18.5
name: grafana-server
- commands:
- ./bin/build e2e-tests --port 3001 --suite dashboards-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:13.1.0
name: end-to-end-tests-dashboards-suite
- commands:
- ./bin/build e2e-tests --port 3001 --suite smoke-tests-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:13.1.0
name: end-to-end-tests-smoke-tests-suite
- commands:
- ./bin/build e2e-tests --port 3001 --suite panels-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:13.1.0
name: end-to-end-tests-panels-suite
- commands:
- ./bin/build e2e-tests --port 3001 --suite various-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:13.1.0
name: end-to-end-tests-various-suite
- commands:
- cd /
- ./cpp-e2e/scripts/ci-run.sh azure ${DRONE_SOURCE_BRANCH}
depends_on:
- grafana-server
environment:
AZURE_SP_APP_ID:
from_secret: azure_sp_app_id
AZURE_SP_PASSWORD:
from_secret: azure_sp_app_pw
AZURE_TENANT:
from_secret: azure_tenant
CYPRESS_CI: "true"
GITHUB_TOKEN:
from_secret: github_token
HOST: grafana-server
image: us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e:3.0.0
name: end-to-end-tests-cloud-plugins-suite-azure
when:
paths:
include:
- pkg/tsdb/azuremonitor/**
- public/app/plugins/datasource/azuremonitor/**
- e2e/cloud-plugins-suite/azure-monitor.spec.ts
repo:
- grafana/grafana
- commands:
- apt-get update
- apt-get install -yq zip
- printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json
- gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json
- find ./e2e -type f -name "*spec.ts.mp4" | zip e2e/videos.zip -@
- gsutil cp e2e/videos.zip gs://$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- export E2E_ARTIFACTS_VIDEO_ZIP=https://storage.googleapis.com/$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- 'echo "E2E Test artifacts uploaded to: $${E2E_ARTIFACTS_VIDEO_ZIP}"'
- 'curl -X POST https://api.github.com/repos/${DRONE_REPO}/statuses/${DRONE_COMMIT_SHA}
-H "Authorization: token $${GITHUB_TOKEN}" -d "{\"state\":\"success\",\"target_url\":\"$${E2E_ARTIFACTS_VIDEO_ZIP}\",
\"description\": \"Click on the details to download e2e recording videos\", \"context\":
\"e2e_artifacts\"}"'
depends_on:
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
environment:
E2E_TEST_ARTIFACTS_BUCKET: releng-pipeline-artifacts-dev
GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY:
from_secret: gcp_upload_artifacts_key
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: google/cloud-sdk:431.0.0
name: e2e-tests-artifacts-upload
when:
status:
- success
- failure
- commands:
- yarn storybook:build
- ./bin/build verify-storybook
depends_on:
- rgm-package
- build-frontend-packages
environment:
NODE_OPTIONS: --max_old_space_size=4096
image: node:20.9.0-alpine
name: build-storybook
when:
paths:
include:
- packages/grafana-ui/**
- commands:
- npx wait-on@7.0.1 http://$HOST:$PORT
- pa11y-ci --config .pa11yci-pr.conf.js
depends_on:
- grafana-server
environment:
GRAFANA_MISC_STATS_API_KEY:
from_secret: grafana_misc_stats_api_key
HOST: grafana-server
PORT: 3001
failure: always
image: grafana/docker-puppeteer:1.1.0
name: test-a11y-frontend
- commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- /src/grafana-build artifacts -a docker:grafana:linux/amd64 -a docker:grafana:linux/amd64:ubuntu
-a docker:grafana:linux/arm64 -a docker:grafana:linux/arm64:ubuntu -a docker:grafana:linux/arm/v7
-a docker:grafana:linux/arm/v7:ubuntu --yarn-cache=$$YARN_CACHE_FOLDER --build-id=$$DRONE_BUILD_NUMBER
--go-version=1.21.6 --ubuntu-base=ubuntu:22.04 --alpine-base=alpine:3.18.5 --tag-format='{{
.version_base }}-{{ .buildID }}-{{ .arch }}' --grafana-dir=$$PWD --ubuntu-tag-format='{{
.version_base }}-{{ .buildID }}-ubuntu-{{ .arch }}' > docker.txt
- find ./dist -name '*docker*.tar.gz' -type f | xargs -n1 docker load -i
depends_on:
- yarn-install
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
image: grafana/grafana-build:main
name: rgm-build-docker
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana
depends_on:
- rgm-build-docker
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
failure: ignore
image: google/cloud-sdk:431.0.0
name: publish-images-grafana
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
event:
- pull_request
paths:
exclude:
- '*.md'
- docs/**
- latest.json
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-integration-tests
node:
type: no-parallel
platform:
arch: amd64
os: linux
services:
- environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_DB: grafanatest
POSTGRES_PASSWORD: grafanatest
POSTGRES_USER: grafanatest
image: postgres:12.3-alpine
name: postgres
volumes:
- name: postgres
path: /var/lib/postgresql/data/pgdata
- commands:
- docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:5.7.39
name: mysql57
volumes:
- name: mysql57
path: /var/lib/mysql
- commands:
- docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:8.0.32
name: mysql80
volumes:
- name: mysql80
path: /var/lib/mysql
- commands:
- /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled
environment: {}
image: grafana/mimir:r274-1780c50
name: mimir_backend
- environment: {}
image: redis:6.2.11-alpine
name: redis
- environment: {}
image: memcached:1.6.9-alpine
name: memcached
steps:
- commands:
- apk add --update curl jq bash
- is_fork=$(curl "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST"
| jq .head.repo.fork)
- if [ "$is_fork" != false ]; then return 1; fi
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: alpine/git:2.40.1
name: clone-enterprise
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-jsonnet
- commands:
- apk add --update make
- make gen-go
depends_on:
- verify-gen-cue
image: golang:1.21.6-alpine
name: wire-install
- commands:
- dockerize -wait tcp://postgres:5432 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-postgres
- commands:
- apk add --update build-base
- apk add --update postgresql-client
- psql -p 5432 -h postgres -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
- wait-for-postgres
environment:
GRAFANA_TEST_DB: postgres
PGPASSWORD: grafanatest
POSTGRES_HOST: postgres
image: golang:1.21.6-alpine
name: postgres-integration-tests
- commands:
- dockerize -wait tcp://mysql57:3306 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-mysql-5.7
- commands:
- apk add --update build-base
- apk add --update mysql-client
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql57 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
- wait-for-mysql-5.7
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql57
image: golang:1.21.6-alpine
name: mysql-5.7-integration-tests
- commands:
- dockerize -wait tcp://mysql80:3306 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-mysql-8.0
- commands:
- apk add --update build-base
- apk add --update mysql-client
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql80 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
- wait-for-mysql-8.0
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql80
image: golang:1.21.6-alpine
name: mysql-8.0-integration-tests
- commands:
- dockerize -wait tcp://redis:6379 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-redis
- commands:
- apk add --update build-base
- go clean -testcache
- go test -run IntegrationRedis -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
- wait-for-redis
environment:
REDIS_URL: redis://redis:6379/0
image: golang:1.21.6-alpine
name: redis-integration-tests
- commands:
- dockerize -wait tcp://memcached:11211 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-memcached
- commands:
- apk add --update build-base
- go clean -testcache
- go test -run IntegrationMemcached -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
- wait-for-memcached
environment:
MEMCACHED_HOSTS: memcached:11211
image: golang:1.21.6-alpine
name: memcached-integration-tests
- commands:
- dockerize -wait tcp://mimir_backend:8080 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-remote-alertmanager
- commands:
- apk add --update build-base
- go clean -testcache
- go test -run TestIntegrationRemoteAlertmanager -covermode=atomic -timeout=2m ./pkg/services/ngalert/...
depends_on:
- wire-install
- wait-for-remote-alertmanager
environment:
AM_TENANT_ID: test
AM_URL: http://mimir_backend:8080
image: golang:1.21.6-alpine
name: remote-alertmanager-integration-tests
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- pkg/**
- packaging/**
- .drone.yml
- conf/**
- go.sum
- go.mod
- public/app/plugins/**/plugin.json
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: postgres
temp:
medium: memory
- name: mysql57
temp:
medium: memory
- name: mysql80
temp:
medium: memory
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-docs
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- apk add --update g++ make python3 && ln -sf /usr/bin/python3 /usr/bin/python
- yarn install --immutable
depends_on: []
image: node:20.9.0-alpine
name: yarn-install
- commands:
- pip3 install codespell
- codespell -I .codespellignore docs/
image: python:3.8
name: codespell
- commands:
- yarn run prettier:checkDocs
depends_on:
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: node:20.9.0-alpine
name: lint-docs
- commands:
- mkdir -p /hugo/content/docs/grafana/latest
- 'echo -e ''---\nredirectURL: /docs/grafana/latest/\ntype: redirect\nversioned:
true\n---\n'' > /hugo/content/docs/grafana/_index.md'
- cp -r docs/sources/* /hugo/content/docs/grafana/latest/
- cd /hugo && make prod
image: grafana/docs-base:latest
name: build-docs-website
pull: always
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-cue
trigger:
event:
- pull_request
paths:
include:
- '*.md'
- docs/**
- packages/**/*.md
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-shellcheck
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- apt-get update -yq && apt-get install shellcheck
- shellcheck -e SC1071 -e SC2162 scripts/**/*.sh
image: ubuntu:22.04
name: shellcheck
trigger:
event:
- pull_request
paths:
exclude:
- '*.md'
- docs/**
- latest.json
include:
- scripts/**/*.sh
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-swagger-gen
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- apk add --update curl jq bash
- is_fork=$(curl "https://$GITHUB_TOKEN@api.github.com/repos/grafana/grafana/pulls/$DRONE_PULL_REQUEST"
| jq .head.repo.fork)
- if [ "$is_fork" != false ]; then return 1; fi
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
grafana-enterprise
- cd grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout main; then echo "git checkout main"; else git checkout main;
fi
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: alpine/git:2.40.1
name: clone-enterprise
- commands:
- apk add --update git make
- make swagger-clean && make openapi3-gen
- for f in public/api-merged.json public/openapi3.json; do git add $f; done
- if [ -z "$(git diff --name-only --cached)" ]; then echo "Everything seems up to
date!"; else echo "Please ensure the branch is up-to-date, then regenerate the
specification by running make swagger-clean && make openapi3-gen" && return 1;
fi
depends_on:
- clone-enterprise
environment:
GITHUB_TOKEN:
from_secret: github_token
image: golang:1.21.6-alpine
name: swagger-gen
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- pkg/**
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-integration-benchmarks
node:
type: no-parallel
platform:
arch: amd64
os: linux
services:
- environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_DB: grafanatest
POSTGRES_PASSWORD: grafanatest
POSTGRES_USER: grafanatest
image: postgres:12.3-alpine
name: postgres
volumes:
- name: postgres
path: /var/lib/postgresql/data/pgdata
- commands:
- docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:5.7.39
name: mysql57
volumes:
- name: mysql57
path: /var/lib/mysql
- commands:
- docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:8.0.32
name: mysql80
volumes:
- name: mysql80
path: /var/lib/mysql
- commands:
- /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled
environment: {}
image: grafana/mimir:r274-1780c50
name: mimir_backend
- environment: {}
image: redis:6.2.11-alpine
name: redis
- environment: {}
image: memcached:1.6.9-alpine
name: memcached
steps:
- commands:
- apk add --update curl jq bash
- git clone "https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git"
../grafana-enterprise
- cd ../grafana-enterprise
- if git checkout ${DRONE_SOURCE_BRANCH}; then echo "checked out ${DRONE_SOURCE_BRANCH}";
elif git checkout ${DRONE_TARGET_BRANCH}; then echo "git checkout ${DRONE_TARGET_BRANCH}";
else git checkout main; fi
- cd ../
- ln -s src grafana
- cd ./grafana-enterprise
- ./build.sh
environment:
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: alpine/git:2.40.1
name: clone-enterprise
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on:
- clone-enterprise
image: golang:1.21.6-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on:
- clone-enterprise
image: golang:1.21.6-alpine
name: verify-gen-jsonnet
- commands:
- apk add --update make
- make gen-go
depends_on:
- verify-gen-cue
image: golang:1.21.6-alpine
name: wire-install
- commands:
- apk add --update build-base
- if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi
- go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES}
depends_on:
- wire-install
image: golang:1.21.6-alpine
name: sqlite-benchmark-integration-tests
- commands:
- apk add --update build-base
- if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi
- go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES}
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: postgres
PGPASSWORD: grafanatest
POSTGRES_HOST: postgres
image: golang:1.21.6-alpine
name: postgres-benchmark-integration-tests
- commands:
- apk add --update build-base
- if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi
- go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES}
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql57
image: golang:1.21.6-alpine
name: mysql-5.7-benchmark-integration-tests
- commands:
- apk add --update build-base
- if [ -z ${GO_PACKAGES} ]; then echo 'missing GO_PACKAGES'; false; fi
- go test -v -run=^$ -benchmem -timeout=1h -count=8 -bench=. ${GO_PACKAGES}
depends_on:
- wire-install
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql80
image: golang:1.21.6-alpine
name: mysql-8.0-benchmark-integration-tests
trigger:
event:
- promote
target:
- gobenchmarks
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: postgres
temp:
medium: memory
- name: mysql57
temp:
medium: memory
- name: mysql80
temp:
medium: memory
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-docs
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- apk add --update g++ make python3 && ln -sf /usr/bin/python3 /usr/bin/python
- yarn install --immutable
depends_on: []
image: node:20.9.0-alpine
name: yarn-install
- commands:
- pip3 install codespell
- codespell -I .codespellignore docs/
image: python:3.8
name: codespell
- commands:
- yarn run prettier:checkDocs
depends_on:
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: node:20.9.0-alpine
name: lint-docs
- commands:
- mkdir -p /hugo/content/docs/grafana/latest
- 'echo -e ''---\nredirectURL: /docs/grafana/latest/\ntype: redirect\nversioned:
true\n---\n'' > /hugo/content/docs/grafana/_index.md'
- cp -r docs/sources/* /hugo/content/docs/grafana/latest/
- cd /hugo && make prod
image: grafana/docs-base:latest
name: build-docs-website
pull: always
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-cue
trigger:
branch: main
event:
- push
paths:
include:
- '*.md'
- docs/**
- packages/**/*.md
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-test-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- apk add --update g++ make python3 && ln -sf /usr/bin/python3 /usr/bin/python
- yarn install --immutable
depends_on: []
image: node:20.9.0-alpine
name: yarn-install
- commands:
- apk add --update git bash
- yarn betterer ci
depends_on:
- yarn-install
image: node:20.9.0-alpine
name: betterer-frontend
- commands:
- yarn run ci:test-frontend
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: node:20.9.0-alpine
name: test-frontend
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-lint-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- apk add --update g++ make python3 && ln -sf /usr/bin/python3 /usr/bin/python
- yarn install --immutable
depends_on: []
image: node:20.9.0-alpine
name: yarn-install
- commands:
- yarn run prettier:check
- yarn run lint
- yarn run typecheck
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: node:20.9.0-alpine
name: lint-frontend
- commands:
- apk add --update git
- |-
yarn run i18n:extract || (echo "
Extraction failed. Make sure that you have no dynamic translation phrases, such as 't(\`preferences.theme.\$${themeID}\`, themeName)' and that no translation key is used twice. Search the output for '[warning]' to find the offending file." && false)
- "\n file_diff=$(git diff --dirstat public/locales)\n if
[ -n \"$file_diff\" ]; then\n echo $file_diff\n echo
\"\nTranslation extraction has not been committed. Please run 'yarn i18n:extract',
commit the changes and push again.\"\n exit 1\n fi\n
\ "
depends_on:
- yarn-install
failure: ignore
image: node:20.9.0-alpine
name: verify-i18n
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-test-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-jsonnet
- commands:
- apk add --update make
- make gen-go
depends_on:
- verify-gen-cue
image: golang:1.21.6-alpine
name: wire-install
- commands:
- apk add --update build-base shared-mime-info shared-mime-info-lang
- go test -tags requires_buildifer -short -covermode=atomic -timeout=5m ./pkg/...
depends_on:
- wire-install
image: golang:1.21.6-alpine
name: test-backend
- commands:
- apk add --update build-base
- go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
image: golang:1.21.6-alpine
name: test-backend-integration
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-lint-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- apk add --update make
- make gen-go
depends_on: []
image: golang:1.21.6-alpine
name: wire-install
- commands:
- apk add --update make build-base
- make lint-go
depends_on:
- wire-install
environment:
CGO_ENABLED: "1"
image: golang:1.21.6-alpine
name: lint-backend
- commands:
- go run scripts/modowners/modowners.go check go.mod
image: golang:1.21.6-alpine
name: validate-modfile
- commands:
- apk add --update make
- make swagger-validate
image: golang:1.21.6-alpine
name: validate-openapi-spec
- commands:
- ./bin/build verify-drone
depends_on:
- compile-build-cmd
image: byrnedo/alpine-curl:0.1.8
name: lint-drone
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-build-e2e-publish
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-jsonnet
- commands:
- apk add --update make
- make gen-go
depends_on:
- verify-gen-cue
image: golang:1.21.6-alpine
name: wire-install
- commands:
- apk add --update g++ make python3 && ln -sf /usr/bin/python3 /usr/bin/python
- yarn install --immutable
depends_on: []
image: node:20.9.0-alpine
name: yarn-install
- commands:
- apk add --update jq
- new_version=$(cat package.json | jq .version | sed s/pre/${DRONE_BUILD_NUMBER}/g)
- 'echo "New version: $new_version"'
- yarn run lerna version $new_version --exact --no-git-tag-version --no-push --force-publish
-y
- yarn install --mode=update-lockfile
depends_on:
- yarn-install
image: node:20.9.0-alpine
name: update-package-json-version
- commands:
- apk add --update jq bash
- yarn packages:build
- yarn packages:pack
- ./scripts/validate-npm-packages.sh
depends_on:
- yarn-install
- update-package-json-version
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: node:20.9.0-alpine
name: build-frontend-packages
- commands:
- /src/grafana-build artifacts -a targz:grafana:linux/amd64 -a targz:grafana:linux/arm64
-a targz:grafana:linux/arm/v7 --go-version=1.21.6 --yarn-cache=$$YARN_CACHE_FOLDER
--build-id=$$DRONE_BUILD_NUMBER --grafana-dir=$$PWD > packages.txt
depends_on:
- update-package-json-version
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
image: grafana/grafana-build:main
name: rgm-package
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- apk add --update tar bash
- mkdir grafana
- tar --strip-components=1 -xvf ./dist/*amd64.tar.gz -C grafana
- cp -r devenv scripts tools grafana && cd grafana && ./scripts/grafana-server/start-server
depends_on:
- rgm-package
detach: true
environment:
GF_APP_MODE: development
GF_SERVER_HTTP_PORT: "3001"
GF_SERVER_ROUTER_LOGGING: "1"
image: alpine:3.18.5
name: grafana-server
- commands:
- ./bin/build e2e-tests --port 3001 --suite dashboards-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:13.1.0
name: end-to-end-tests-dashboards-suite
- commands:
- ./bin/build e2e-tests --port 3001 --suite smoke-tests-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:13.1.0
name: end-to-end-tests-smoke-tests-suite
- commands:
- ./bin/build e2e-tests --port 3001 --suite panels-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:13.1.0
name: end-to-end-tests-panels-suite
- commands:
- ./bin/build e2e-tests --port 3001 --suite various-suite
depends_on:
- grafana-server
environment:
HOST: grafana-server
image: cypress/included:13.1.0
name: end-to-end-tests-various-suite
- commands:
- cd /
- ./cpp-e2e/scripts/ci-run.sh azure ${DRONE_SOURCE_BRANCH}
depends_on:
- grafana-server
environment:
AZURE_SP_APP_ID:
from_secret: azure_sp_app_id
AZURE_SP_PASSWORD:
from_secret: azure_sp_app_pw
AZURE_TENANT:
from_secret: azure_tenant
CYPRESS_CI: "true"
GITHUB_TOKEN:
from_secret: github_token
HOST: grafana-server
image: us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e:3.0.0
name: end-to-end-tests-cloud-plugins-suite-azure
when:
paths:
include:
- pkg/tsdb/azuremonitor/**
- public/app/plugins/datasource/azuremonitor/**
- e2e/cloud-plugins-suite/azure-monitor.spec.ts
repo:
- grafana/grafana
- commands:
- apt-get update
- apt-get install -yq zip
- printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json
- gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json
- find ./e2e -type f -name "*spec.ts.mp4" | zip e2e/videos.zip -@
- gsutil cp e2e/videos.zip gs://$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- export E2E_ARTIFACTS_VIDEO_ZIP=https://storage.googleapis.com/$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- 'echo "E2E Test artifacts uploaded to: $${E2E_ARTIFACTS_VIDEO_ZIP}"'
- 'curl -X POST https://api.github.com/repos/${DRONE_REPO}/statuses/${DRONE_COMMIT_SHA}
-H "Authorization: token $${GITHUB_TOKEN}" -d "{\"state\":\"success\",\"target_url\":\"$${E2E_ARTIFACTS_VIDEO_ZIP}\",
\"description\": \"Click on the details to download e2e recording videos\", \"context\":
\"e2e_artifacts\"}"'
depends_on:
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
environment:
E2E_TEST_ARTIFACTS_BUCKET: releng-pipeline-artifacts-dev
GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY:
from_secret: gcp_upload_artifacts_key
GITHUB_TOKEN:
from_secret: github_token
failure: ignore
image: google/cloud-sdk:431.0.0
name: e2e-tests-artifacts-upload
when:
status:
- success
- failure
- commands:
- yarn storybook:build
- ./bin/build verify-storybook
depends_on:
- rgm-package
- build-frontend-packages
environment:
NODE_OPTIONS: --max_old_space_size=4096
image: node:20.9.0-alpine
name: build-storybook
when:
paths:
include:
- packages/grafana-ui/**
- commands:
- npx wait-on@7.0.1 http://$HOST:$PORT
- pa11y-ci --config .pa11yci.conf.js --json > pa11y-ci-results.json
depends_on:
- grafana-server
environment:
GRAFANA_MISC_STATS_API_KEY:
from_secret: grafana_misc_stats_api_key
HOST: grafana-server
PORT: 3001
failure: ignore
image: grafana/docker-puppeteer:1.1.0
name: test-a11y-frontend
- commands:
- ./bin/build store-storybook --deployment canary
depends_on:
- build-storybook
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: store-storybook
when:
paths:
include:
- packages/grafana-ui/**
repo:
- grafana/grafana
- commands:
- apk add --update bash grep git
- ./scripts/ci-frontend-metrics.sh ./grafana/public/build | ./bin/build publish-metrics
$$GRAFANA_MISC_STATS_API_KEY
depends_on:
- test-a11y-frontend
environment:
GRAFANA_MISC_STATS_API_KEY:
from_secret: grafana_misc_stats_api_key
failure: ignore
image: node:20.9.0-alpine
name: publish-frontend-metrics
when:
repo:
- grafana/grafana
- commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- /src/grafana-build artifacts -a docker:grafana:linux/amd64 -a docker:grafana:linux/amd64:ubuntu
-a docker:grafana:linux/arm64 -a docker:grafana:linux/arm64:ubuntu -a docker:grafana:linux/arm/v7
-a docker:grafana:linux/arm/v7:ubuntu --yarn-cache=$$YARN_CACHE_FOLDER --build-id=$$DRONE_BUILD_NUMBER
--go-version=1.21.6 --ubuntu-base=ubuntu:22.04 --alpine-base=alpine:3.18.5 --tag-format='{{
.version_base }}-{{ .buildID }}-{{ .arch }}' --grafana-dir=$$PWD --ubuntu-tag-format='{{
.version_base }}-{{ .buildID }}-ubuntu-{{ .arch }}' > docker.txt
- find ./dist -name '*docker*.tar.gz' -type f | xargs -n1 docker load -i
depends_on:
- update-package-json-version
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
image: grafana/grafana-build:main
name: rgm-build-docker
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana
depends_on:
- rgm-build-docker
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0
name: publish-images-grafana
volumes:
- name: docker
path: /var/run/docker.sock
when:
repo:
- grafana/grafana
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana-oss
depends_on:
- rgm-build-docker
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0
name: publish-images-grafana-oss
volumes:
- name: docker
path: /var/run/docker.sock
when:
repo:
- grafana/grafana
- commands:
- apk add --update bash
- ./scripts/publish-npm-packages.sh --dist-tag 'canary' --registry 'https://registry.npmjs.org'
depends_on:
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
- build-frontend-packages
environment:
NPM_TOKEN:
from_secret: npm_token
image: node:20.9.0-alpine
name: release-canary-npm-packages
when:
paths:
include:
- packages/**
repo:
- grafana/grafana
- commands:
- ./bin/build upload-packages --edition oss
depends_on:
- end-to-end-tests-dashboards-suite
- end-to-end-tests-panels-suite
- end-to-end-tests-smoke-tests-suite
- end-to-end-tests-various-suite
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: upload-packages
when:
repo:
- grafana/grafana
- commands:
- ./bin/build upload-cdn --edition oss
depends_on:
- grafana-server
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: upload-cdn-assets
when:
repo:
- grafana/grafana
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-integration-tests
node:
type: no-parallel
platform:
arch: amd64
os: linux
services:
- environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_DB: grafanatest
POSTGRES_PASSWORD: grafanatest
POSTGRES_USER: grafanatest
image: postgres:12.3-alpine
name: postgres
volumes:
- name: postgres
path: /var/lib/postgresql/data/pgdata
- commands:
- docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:5.7.39
name: mysql57
volumes:
- name: mysql57
path: /var/lib/mysql
- commands:
- docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:8.0.32
name: mysql80
volumes:
- name: mysql80
path: /var/lib/mysql
- commands:
- /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled
environment: {}
image: grafana/mimir:r274-1780c50
name: mimir_backend
- environment: {}
image: redis:6.2.11-alpine
name: redis
- environment: {}
image: memcached:1.6.9-alpine
name: memcached
steps:
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-jsonnet
- commands:
- apk add --update make
- make gen-go
depends_on:
- verify-gen-cue
image: golang:1.21.6-alpine
name: wire-install
- commands:
- dockerize -wait tcp://postgres:5432 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-postgres
- commands:
- apk add --update build-base
- apk add --update postgresql-client
- psql -p 5432 -h postgres -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
- wait-for-postgres
environment:
GRAFANA_TEST_DB: postgres
PGPASSWORD: grafanatest
POSTGRES_HOST: postgres
image: golang:1.21.6-alpine
name: postgres-integration-tests
- commands:
- dockerize -wait tcp://mysql57:3306 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-mysql-5.7
- commands:
- apk add --update build-base
- apk add --update mysql-client
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql57 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
- wait-for-mysql-5.7
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql57
image: golang:1.21.6-alpine
name: mysql-5.7-integration-tests
- commands:
- dockerize -wait tcp://mysql80:3306 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-mysql-8.0
- commands:
- apk add --update build-base
- apk add --update mysql-client
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql80 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
- wait-for-mysql-8.0
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql80
image: golang:1.21.6-alpine
name: mysql-8.0-integration-tests
- commands:
- dockerize -wait tcp://redis:6379 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-redis
- commands:
- apk add --update build-base
- go clean -testcache
- go test -run IntegrationRedis -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
- wait-for-redis
environment:
REDIS_URL: redis://redis:6379/0
image: golang:1.21.6-alpine
name: redis-integration-tests
- commands:
- dockerize -wait tcp://memcached:11211 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-memcached
- commands:
- apk add --update build-base
- go clean -testcache
- go test -run IntegrationMemcached -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
- wait-for-memcached
environment:
MEMCACHED_HOSTS: memcached:11211
image: golang:1.21.6-alpine
name: memcached-integration-tests
- commands:
- dockerize -wait tcp://mimir_backend:8080 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-remote-alertmanager
- commands:
- apk add --update build-base
- go clean -testcache
- go test -run TestIntegrationRemoteAlertmanager -covermode=atomic -timeout=2m ./pkg/services/ngalert/...
depends_on:
- wire-install
- wait-for-remote-alertmanager
environment:
AM_TENANT_ID: test
AM_URL: http://mimir_backend:8080
image: golang:1.21.6-alpine
name: remote-alertmanager-integration-tests
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: postgres
temp:
medium: memory
- name: mysql57
temp:
medium: memory
- name: mysql80
temp:
medium: memory
---
clone:
retries: 3
depends_on:
- main-test-frontend
- main-test-backend
- main-build-e2e-publish
- main-integration-tests
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-windows
platform:
arch: amd64
os: windows
version: "1809"
services: []
steps:
- commands:
- echo $env:DRONE_RUNNER_NAME
image: mcr.microsoft.com/windows:1809
name: identify-runner
- commands:
- $$ProgressPreference = "SilentlyContinue"
- Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/windows/grabpl.exe
-OutFile grabpl.exe
image: grafana/ci-wix:0.1.1
name: windows-init
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: //./pipe/docker_engine/
name: docker
---
clone:
retries: 3
depends_on:
- main-build-e2e-publish
- main-integration-tests
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-trigger-downstream
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- image: grafana/drone-downstream
name: trigger-enterprise-downstream
settings:
params:
- SOURCE_BUILD_NUMBER=${DRONE_COMMIT}
- SOURCE_COMMIT=${DRONE_COMMIT}
repositories:
- grafana/grafana-enterprise@main
server: https://drone.grafana.net
token:
from_secret: drone_token
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana-security-mirror
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- main-test-frontend
- main-test-backend
- main-build-e2e-publish
- main-integration-tests
- main-windows
kind: pipeline
name: main-notify
platform:
arch: amd64
os: linux
steps:
- image: plugins/slack
name: slack
settings:
channel: grafana-ci-notifications
template: |-
Build {{build.number}} failed for commit: <https://github.com/{{repo.owner}}/{{repo.name}}/commit/{{build.commit}}|{{ truncate build.commit 8 }}>: {{build.link}}
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>
Author: {{build.author}}
webhook:
from_secret: slack_webhook
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
status:
- failure
type: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: publish-docker-public
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- ./bin/build artifacts docker fetch --edition oss
depends_on:
- compile-build-cmd
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
image: google/cloud-sdk:431.0.0
name: fetch-images
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana --version-tag
${DRONE_TAG}
depends_on:
- fetch-images
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0
name: publish-images-grafana
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana-oss --version-tag
${DRONE_TAG}
depends_on:
- fetch-images
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0
name: publish-images-grafana-oss
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: publish-artifacts-public
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- ./bin/build artifacts packages --tag $${DRONE_TAG} --src-bucket $${PRERELEASE_BUCKET}
depends_on:
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: publish-artifacts
- commands:
- ./bin/build artifacts static-assets --tag ${DRONE_TAG} --static-asset-editions=grafana-oss
depends_on:
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
STATIC_ASSET_EDITIONS:
from_secret: static_asset_editions
image: grafana/grafana-ci-deploy:1.3.3
name: publish-static-assets
- commands:
- ./bin/build artifacts storybook --tag ${DRONE_TAG}
depends_on:
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: publish-storybook
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: publish-npm-packages-public
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- apk add --update g++ make python3 && ln -sf /usr/bin/python3 /usr/bin/python
- yarn install --immutable
depends_on: []
image: node:20.9.0-alpine
name: yarn-install
- commands:
- ./bin/build artifacts npm retrieve --tag ${DRONE_TAG}
depends_on:
- compile-build-cmd
- yarn-install
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
failure: ignore
image: grafana/grafana-ci-deploy:1.3.3
name: retrieve-npm-packages
- commands:
- ./bin/build artifacts npm release --tag ${DRONE_TAG}
depends_on:
- compile-build-cmd
- retrieve-npm-packages
environment:
NPM_TOKEN:
from_secret: npm_token
failure: ignore
image: node:20.9.0-alpine
name: release-npm-packages
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- publish-artifacts-public
- publish-docker-public
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: publish-packages
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- depends_on:
- compile-build-cmd
image: us.gcr.io/kubernetes-dev/package-publish:latest
name: publish-linux-packages-deb
privileged: true
settings:
access_key_id:
from_secret: packages_access_key_id
deb_distribution: auto
gpg_passphrase:
from_secret: packages_gpg_passphrase
gpg_private_key:
from_secret: packages_gpg_private_key
gpg_public_key:
from_secret: packages_gpg_public_key
package_path: gs://grafana-prerelease/artifacts/downloads/*${DRONE_TAG}/oss/**.deb
secret_access_key:
from_secret: packages_secret_access_key
service_account_json:
from_secret: packages_service_account
target_bucket: grafana-packages
- depends_on:
- compile-build-cmd
image: us.gcr.io/kubernetes-dev/package-publish:latest
name: publish-linux-packages-rpm
privileged: true
settings:
access_key_id:
from_secret: packages_access_key_id
deb_distribution: auto
gpg_passphrase:
from_secret: packages_gpg_passphrase
gpg_private_key:
from_secret: packages_gpg_private_key
gpg_public_key:
from_secret: packages_gpg_public_key
package_path: gs://grafana-prerelease/artifacts/downloads/*${DRONE_TAG}/oss/**.rpm
secret_access_key:
from_secret: packages_secret_access_key
service_account_json:
from_secret: packages_service_account
target_bucket: grafana-packages
- commands:
- ./bin/build publish grafana-com --edition oss ${DRONE_TAG}
depends_on:
- publish-linux-packages-deb
- publish-linux-packages-rpm
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
GRAFANA_COM_API_KEY:
from_secret: grafana_api_key
image: grafana/grafana-ci-deploy:1.3.3
name: publish-grafanacom
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- main-test-backend
- main-test-frontend
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-main-prerelease
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- export GRAFANA_DIR=$$(pwd)
- cd /src && ./scripts/drone_build_main.sh
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.18.5
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GITHUB_TOKEN:
from_secret: github_token
GO_VERSION: 1.21.6
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: grafana/grafana-build:main
name: rgm-build
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- packages/**/*.md
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: release-whatsnew-checker
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.21.6-alpine
name: compile-build-cmd
- commands:
- ./bin/build whatsnew-checker
depends_on:
- compile-build-cmd
image: golang:1.21.6-alpine
name: whats-new-checker
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: release-test-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- apk add --update g++ make python3 && ln -sf /usr/bin/python3 /usr/bin/python
- yarn install --immutable
depends_on: []
image: node:20.9.0-alpine
name: yarn-install
- commands:
- apk add --update git bash
- yarn betterer ci
depends_on:
- yarn-install
image: node:20.9.0-alpine
name: betterer-frontend
- commands:
- yarn run ci:test-frontend
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: node:20.9.0-alpine
name: test-frontend
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: release-test-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-jsonnet
- commands:
- apk add --update make
- make gen-go
depends_on:
- verify-gen-cue
image: golang:1.21.6-alpine
name: wire-install
- commands:
- apk add --update build-base shared-mime-info shared-mime-info-lang
- go test -tags requires_buildifer -short -covermode=atomic -timeout=5m ./pkg/...
depends_on:
- wire-install
image: golang:1.21.6-alpine
name: test-backend
- commands:
- apk add --update build-base
- go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
image: golang:1.21.6-alpine
name: test-backend-integration
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- release-test-backend
- release-test-frontend
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-tag-prerelease
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- export GRAFANA_DIR=$$(pwd)
- cd /src && ./scripts/drone_build_tag_grafana.sh
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.18.5
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GITHUB_TOKEN:
from_secret: github_token
GO_VERSION: 1.21.6
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: grafana/grafana-build:main
name: rgm-build
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- rgm-tag-prerelease
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-tag-prerelease-windows
platform:
arch: amd64
os: windows
version: "1809"
services: []
steps:
- commands:
- echo $env:DRONE_RUNNER_NAME
image: mcr.microsoft.com/windows:1809
name: identify-runner
- commands:
- $$ProgressPreference = "SilentlyContinue"
- Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/windows/grabpl.exe
-OutFile grabpl.exe
image: grafana/ci-wix:0.1.1
name: windows-init
- commands:
- $$gcpKey = $$env:GCP_KEY
- '[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($$gcpKey))
> gcpkey.json'
- dos2unix gcpkey.json
- gcloud auth activate-service-account --key-file=gcpkey.json
- rm gcpkey.json
- cp C:\App\nssm-2.24.zip .
- .\grabpl.exe windows-installer --target gs://grafana-prerelease/artifacts/downloads/${DRONE_TAG}/oss/release/grafana-${DRONE_TAG:1}.windows-amd64.zip
--edition oss ${DRONE_TAG}
- $$fname = ((Get-Childitem grafana*.msi -name) -split "`n")[0]
- gsutil cp $$fname gs://grafana-prerelease/artifacts/downloads/${DRONE_TAG}/oss/release/
- gsutil cp "$$fname.sha256" gs://grafana-prerelease/artifacts/downloads/${DRONE_TAG}/oss/release/
depends_on:
- windows-init
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
GITHUB_TOKEN:
from_secret: github_token
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/ci-wix:0.1.1
name: build-windows-installer
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: //./pipe/docker_engine/
name: docker
---
clone:
retries: 3
depends_on:
- rgm-tag-prerelease
- rgm-tag-prerelease-windows
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-tag-verify-prerelease-assets
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- apt-get update && apt-get install -yq gettext
- printenv GCP_KEY | base64 -d > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- ./scripts/list-release-artifacts.sh ${DRONE_TAG} | xargs -n1 gsutil stat >> /tmp/stat.log
- '! cat /tmp/stat.log | grep "No URLs matched"'
depends_on:
- clone
environment:
BUCKET: grafana-prerelease
GCP_KEY:
from_secret: gcp_key_base64
image: google/cloud-sdk:431.0.0
name: gsutil-stat
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- release-test-backend
- release-test-frontend
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-version-branch-prerelease
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- export GRAFANA_DIR=$$(pwd)
- cd /src && ./scripts/drone_build_tag_grafana.sh
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.18.5
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GITHUB_TOKEN:
from_secret: github_token
GO_VERSION: 1.21.6
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: grafana/grafana-build:main
name: rgm-build
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
ref:
- refs/heads/v[0-9]*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- rgm-version-branch-prerelease
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-prerelease-verify-prerelease-assets
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- apt-get update && apt-get install -yq gettext
- printenv GCP_KEY | base64 -d > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- ./scripts/list-release-artifacts.sh ${DRONE_TAG} | xargs -n1 gsutil stat >> /tmp/stat.log
- '! cat /tmp/stat.log | grep "No URLs matched"'
depends_on:
- clone
environment:
BUCKET: grafana-prerelease
GCP_KEY:
from_secret: gcp_key_base64
image: google/cloud-sdk:431.0.0
name: gsutil-stat
trigger:
ref:
- refs/heads/v[0-9]*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: nightly-test-frontend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- apk add --update g++ make python3 && ln -sf /usr/bin/python3 /usr/bin/python
- yarn install --immutable
depends_on: []
image: node:20.9.0-alpine
name: yarn-install
- commands:
- apk add --update git bash
- yarn betterer ci
depends_on:
- yarn-install
image: node:20.9.0-alpine
name: betterer-frontend
- commands:
- yarn run ci:test-frontend
depends_on:
- yarn-install
environment:
TEST_MAX_WORKERS: 50%
image: node:20.9.0-alpine
name: test-frontend
trigger:
cron:
include:
- nightly-release
event:
include:
- cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: nightly-test-backend
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-jsonnet
- commands:
- apk add --update make
- make gen-go
depends_on:
- verify-gen-cue
image: golang:1.21.6-alpine
name: wire-install
- commands:
- apk add --update build-base shared-mime-info shared-mime-info-lang
- go test -tags requires_buildifer -short -covermode=atomic -timeout=5m ./pkg/...
depends_on:
- wire-install
image: golang:1.21.6-alpine
name: test-backend
- commands:
- apk add --update build-base
- go test -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
image: golang:1.21.6-alpine
name: test-backend-integration
trigger:
cron:
include:
- nightly-release
event:
include:
- cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- nightly-test-backend
- nightly-test-frontend
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-nightly-build
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- export GRAFANA_DIR=$$(pwd)
- cd /src && ./scripts/drone_build_nightly_grafana.sh
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.18.5
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GITHUB_TOKEN:
from_secret: github_token
GO_VERSION: 1.21.6
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: grafana/grafana-build:main
name: rgm-build
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- mkdir -p $${DESTINATION}/$${DRONE_BUILD_EVENT}
- printenv GCP_KEY_BASE64 | base64 -d > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- gcloud storage cp -r $${DRONE_WORKSPACE}/dist/* $${DESTINATION}/$${DRONE_BUILD_EVENT}
depends_on:
- rgm-build
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GITHUB_TOKEN:
from_secret: github_token
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
image: google/cloud-sdk:alpine
name: rgm-copy
trigger:
cron:
include:
- nightly-release
event:
include:
- cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- rgm-nightly-build
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-nightly-publish
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- mkdir -p $${DRONE_WORKSPACE}/dist
- printenv GCP_KEY_BASE64 | base64 -d > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- gcloud storage cp -r $${DESTINATION}/$${DRONE_BUILD_EVENT}/*_$${DRONE_BUILD_NUMBER}_*
$${DRONE_WORKSPACE}/dist
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GITHUB_TOKEN:
from_secret: github_token
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
image: google/cloud-sdk:alpine
name: rgm-copy
- commands:
- export GRAFANA_DIR=$$(pwd)
- cd /src && ./scripts/drone_publish_nightly_grafana.sh
depends_on:
- rgm-copy
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.18.5
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GITHUB_TOKEN:
from_secret: github_token
GO_VERSION: 1.21.6
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: grafana/grafana-build:main
name: rgm-publish
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- depends_on:
- rgm-publish
image: us.gcr.io/kubernetes-dev/package-publish:latest
name: publish-deb
privileged: true
settings:
access_key_id:
from_secret: packages_access_key_id
gpg_passphrase:
from_secret: packages_gpg_passphrase
gpg_private_key:
from_secret: packages_gpg_private_key
gpg_public_key:
from_secret: packages_gpg_public_key
package_path: file:///drone/src/dist/*.deb
secret_access_key:
from_secret: packages_secret_access_key
service_account_json:
from_secret: packages_service_account
target_bucket: grafana-packages
- depends_on:
- rgm-publish
image: us.gcr.io/kubernetes-dev/package-publish:latest
name: publish-rpm
privileged: true
settings:
access_key_id:
from_secret: packages_access_key_id
gpg_passphrase:
from_secret: packages_gpg_passphrase
gpg_private_key:
from_secret: packages_gpg_private_key
gpg_public_key:
from_secret: packages_gpg_public_key
package_path: file:///drone/src/dist/*.rpm
secret_access_key:
from_secret: packages_secret_access_key
service_account_json:
from_secret: packages_service_account
target_bucket: grafana-packages
trigger:
cron:
include:
- nightly-release
event:
include:
- cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-promotion
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- 'dagger run --silent /src/grafana-build artifacts -a $${ARTIFACTS} --grafana-ref=$${GRAFANA_REF}
--enterprise-ref=$${ENTERPRISE_REF} --grafana-repo=$${GRAFANA_REPO} --version=$${VERSION} '
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.18.5
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GITHUB_TOKEN:
from_secret: github_token
GO_VERSION: 1.21.6
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: grafana/grafana-build:main
name: rgm-build
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- printenv GCP_KEY_BASE64 | base64 -d > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- gcloud storage cp -r dist/* $${UPLOAD_TO}
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GITHUB_TOKEN:
from_secret: github_token
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
image: google/cloud-sdk:alpine
name: rgm-copy
trigger:
event:
- promote
target: upload-packages
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
disable: true
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: testing-test-backend-windows
platform:
arch: amd64
os: windows
version: "1809"
services: []
steps:
- commands:
- git clone "https://$$env:GITHUB_TOKEN@github.com/$$env:DRONE_REPO.git" .
- git checkout -f $$env:DRONE_COMMIT
environment:
GITHUB_TOKEN:
from_secret: github_token
image: grafana/ci-wix:0.1.1
name: clone
- commands: []
depends_on:
- clone
image: golang:1.21.6-windowsservercore-1809
name: windows-init
- commands:
- go install github.com/google/wire/cmd/wire@v0.5.0
- wire gen -tags oss ./pkg/server
depends_on:
- windows-init
image: golang:1.21.6-windowsservercore-1809
name: wire-install
- commands:
- go test -tags requires_buildifer -short -covermode=atomic -timeout=5m ./pkg/...
depends_on:
- wire-install
image: golang:1.21.6-windowsservercore-1809
name: test-backend
trigger:
event:
- promote
target:
- test-windows
type: docker
volumes:
- host:
path: //./pipe/docker_engine/
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: integration-tests
node:
type: no-parallel
platform:
arch: amd64
os: linux
services:
- environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_DB: grafanatest
POSTGRES_PASSWORD: grafanatest
POSTGRES_USER: grafanatest
image: postgres:12.3-alpine
name: postgres
volumes:
- name: postgres
path: /var/lib/postgresql/data/pgdata
- commands:
- docker-entrypoint.sh mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:5.7.39
name: mysql57
volumes:
- name: mysql57
path: /var/lib/mysql
- commands:
- docker-entrypoint.sh mysqld --default-authentication-plugin=mysql_native_password
environment:
MYSQL_DATABASE: grafana_tests
MYSQL_PASSWORD: password
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_USER: grafana
image: mysql:8.0.32
name: mysql80
volumes:
- name: mysql80
path: /var/lib/mysql
- commands:
- /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled
environment: {}
image: grafana/mimir:r274-1780c50
name: mimir_backend
- environment: {}
image: redis:6.2.11-alpine
name: redis
- environment: {}
image: memcached:1.6.9-alpine
name: memcached
steps:
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.50/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.18.5
name: identify-runner
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: golang:1.21.6-alpine
name: verify-gen-jsonnet
- commands:
- apk add --update make
- make gen-go
depends_on:
- verify-gen-cue
image: golang:1.21.6-alpine
name: wire-install
- commands:
- dockerize -wait tcp://postgres:5432 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-postgres
- commands:
- apk add --update build-base
- apk add --update postgresql-client
- psql -p 5432 -h postgres -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
- wait-for-postgres
environment:
GRAFANA_TEST_DB: postgres
PGPASSWORD: grafanatest
POSTGRES_HOST: postgres
image: golang:1.21.6-alpine
name: postgres-integration-tests
- commands:
- dockerize -wait tcp://mysql57:3306 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-mysql-5.7
- commands:
- apk add --update build-base
- apk add --update mysql-client
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql57 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
- wait-for-mysql-5.7
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql57
image: golang:1.21.6-alpine
name: mysql-5.7-integration-tests
- commands:
- dockerize -wait tcp://mysql80:3306 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-mysql-8.0
- commands:
- apk add --update build-base
- apk add --update mysql-client
- cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h mysql80 -P 3306 -u root
-prootpass
- go clean -testcache
- go test -p=1 -count=1 -covermode=atomic -timeout=5m -run '^TestIntegration' $(find
./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+'
| grep -o '\(.*\)/' | sort -u)
depends_on:
- wire-install
- wait-for-mysql-8.0
environment:
GRAFANA_TEST_DB: mysql
MYSQL_HOST: mysql80
image: golang:1.21.6-alpine
name: mysql-8.0-integration-tests
- commands:
- dockerize -wait tcp://redis:6379 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-redis
- commands:
- apk add --update build-base
- go clean -testcache
- go test -run IntegrationRedis -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
- wait-for-redis
environment:
REDIS_URL: redis://redis:6379/0
image: golang:1.21.6-alpine
name: redis-integration-tests
- commands:
- dockerize -wait tcp://memcached:11211 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-memcached
- commands:
- apk add --update build-base
- go clean -testcache
- go test -run IntegrationMemcached -covermode=atomic -timeout=2m ./pkg/...
depends_on:
- wire-install
- wait-for-memcached
environment:
MEMCACHED_HOSTS: memcached:11211
image: golang:1.21.6-alpine
name: memcached-integration-tests
- commands:
- dockerize -wait tcp://mimir_backend:8080 -timeout 120s
image: jwilder/dockerize:0.6.1
name: wait-for-remote-alertmanager
- commands:
- apk add --update build-base
- go clean -testcache
- go test -run TestIntegrationRemoteAlertmanager -covermode=atomic -timeout=2m ./pkg/services/ngalert/...
depends_on:
- wire-install
- wait-for-remote-alertmanager
environment:
AM_TENANT_ID: test
AM_URL: http://mimir_backend:8080
image: golang:1.21.6-alpine
name: remote-alertmanager-integration-tests
trigger:
event:
- promote
target: integration-tests
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: postgres
temp:
medium: memory
- name: mysql57
temp:
medium: memory
- name: mysql80
temp:
medium: memory
---
clone:
disable: true
depends_on: []
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: publish-ci-windows-test-image
platform:
arch: amd64
os: windows
version: "1809"
services: []
steps:
- commands:
- git clone "https://$$env:GITHUB_TOKEN@github.com/grafana/grafana-ci-sandbox.git"
.
- git checkout -f $$env:DRONE_COMMIT
environment:
GITHUB_TOKEN:
from_secret: github_token
image: grafana/ci-wix:0.1.1
name: clone
- commands:
- cd scripts\build\ci-windows-test
- docker login -u $$env:DOCKER_USERNAME -p $$env:DOCKER_PASSWORD
- docker build -t grafana/grafana-ci-windows-test:$$env:TAG .
- docker push grafana/grafana-ci-windows-test:$$env:TAG
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
image: docker:windowsservercore-1809
name: build-and-publish
volumes:
- name: docker
path: //./pipe/docker_engine/
trigger:
event:
- promote
target:
- ci-windows-test-image
type: docker
volumes:
- host:
path: //./pipe/docker_engine/
name: docker
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:latest-image
platform:
arch: amd64
os: linux
steps:
- commands:
- echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
environment:
GCR_CREDENTIALS:
from_secret: gcr_credentials
image: docker:dind
name: authenticate-gcr
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:latest failed: {{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:main-image
platform:
arch: amd64
os: linux
steps:
- commands:
- echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
environment:
GCR_CREDENTIALS:
from_secret: gcr_credentials
image: docker:dind
name: authenticate-gcr
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:main failed: {{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:latest-ubuntu-image
platform:
arch: amd64
os: linux
steps:
- commands:
- echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
environment:
GCR_CREDENTIALS:
from_secret: gcr_credentials
image: docker:dind
name: authenticate-gcr
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest-ubuntu
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest-ubuntu
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:latest-ubuntu failed:
{{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:main-ubuntu-image
platform:
arch: amd64
os: linux
steps:
- commands:
- echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
environment:
GCR_CREDENTIALS:
from_secret: gcr_credentials
image: docker:dind
name: authenticate-gcr
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main-ubuntu
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main-ubuntu
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:main-ubuntu failed:
{{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
kind: pipeline
name: scan-build-test-and-publish-docker-images
platform:
arch: amd64
os: linux
steps:
- commands:
- echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
environment:
GCR_CREDENTIALS:
from_secret: gcr_credentials
image: docker:dind
name: authenticate-gcr
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM alpine/git:2.40.1
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM golang:1.21.6-alpine
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM node:20.9.0-alpine
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM google/cloud-sdk:431.0.0
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana-ci-deploy:1.3.3
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM alpine:3.18.5
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM ubuntu:22.04
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM byrnedo/alpine-curl:0.1.8
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM plugins/slack
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM python:3.8
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM postgres:12.3-alpine
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/mimir:r274-1780c50
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM mysql:5.7.39
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM mysql:8.0.32
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM redis:6.2.11-alpine
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM memcached:1.6.9-alpine
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM us.gcr.io/kubernetes-dev/package-publish:latest
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM osixia/openldap:1.4.0
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/drone-downstream
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/docker-puppeteer:1.1.0
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/docs-base:latest
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM cypress/included:13.1.0
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM jwilder/dockerize:0.6.1
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM koalaman/shellcheck:stable
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL alpine/git:2.40.1
- trivy --exit-code 1 --severity HIGH,CRITICAL golang:1.21.6-alpine
- trivy --exit-code 1 --severity HIGH,CRITICAL node:20.9.0-alpine
- trivy --exit-code 1 --severity HIGH,CRITICAL google/cloud-sdk:431.0.0
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana-ci-deploy:1.3.3
- trivy --exit-code 1 --severity HIGH,CRITICAL alpine:3.18.5
- trivy --exit-code 1 --severity HIGH,CRITICAL ubuntu:22.04
- trivy --exit-code 1 --severity HIGH,CRITICAL byrnedo/alpine-curl:0.1.8
- trivy --exit-code 1 --severity HIGH,CRITICAL plugins/slack
- trivy --exit-code 1 --severity HIGH,CRITICAL python:3.8
- trivy --exit-code 1 --severity HIGH,CRITICAL postgres:12.3-alpine
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/mimir:r274-1780c50
- trivy --exit-code 1 --severity HIGH,CRITICAL mysql:5.7.39
- trivy --exit-code 1 --severity HIGH,CRITICAL mysql:8.0.32
- trivy --exit-code 1 --severity HIGH,CRITICAL redis:6.2.11-alpine
- trivy --exit-code 1 --severity HIGH,CRITICAL memcached:1.6.9-alpine
- trivy --exit-code 1 --severity HIGH,CRITICAL us.gcr.io/kubernetes-dev/package-publish:latest
- trivy --exit-code 1 --severity HIGH,CRITICAL osixia/openldap:1.4.0
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/drone-downstream
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/docker-puppeteer:1.1.0
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/docs-base:latest
- trivy --exit-code 1 --severity HIGH,CRITICAL cypress/included:13.1.0
- trivy --exit-code 1 --severity HIGH,CRITICAL jwilder/dockerize:0.6.1
- trivy --exit-code 1 --severity HIGH,CRITICAL koalaman/shellcheck:stable
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for build-images failed: {{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
get:
name: credentials.json
path: infra/data/ci/grafana-release-eng/grafanauploads
kind: secret
name: gcp_grafanauploads
---
get:
name: credentials_base64
path: infra/data/ci/grafana-release-eng/grafanauploads
kind: secret
name: gcp_grafanauploads_base64
---
get:
name: api_key
path: infra/data/ci/grafana-release-eng/grafanacom
kind: secret
name: grafana_api_key
---
get:
name: .dockerconfigjson
path: secret/data/common/gcr
kind: secret
name: gcr
---
get:
name: .dockerconfigjson
path: secret/data/common/gar
kind: secret
name: gar
---
get:
name: pat
path: infra/data/ci/github/grafanabot
kind: secret
name: github_token
---
get:
name: machine-user-token
path: infra/data/ci/drone
kind: secret
name: drone_token
---
get:
name: bucket
path: infra/data/ci/grafana/prerelease
kind: secret
name: prerelease_bucket
---
get:
name: username
path: infra/data/ci/grafanaci-docker-hub
kind: secret
name: docker_username
---
get:
name: password
path: infra/data/ci/grafanaci-docker-hub
kind: secret
name: docker_password
---
get:
name: credentials.json
path: infra/data/ci/grafana/releng/artifacts-uploader-service-account
kind: secret
name: gcp_upload_artifacts_key
---
get:
name: credentials.json
path: infra/data/ci/grafana/assets-downloader-build-container-service-account
kind: secret
name: gcp_download_build_container_assets_key
---
get:
name: application_id
path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials
kind: secret
name: azure_sp_app_id
---
get:
name: application_secret
path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials
kind: secret
name: azure_sp_app_pw
---
get:
name: tenant_id
path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials
kind: secret
name: azure_tenant
---
get:
name: token
path: infra/data/ci/grafana-release-eng/npm
kind: secret
name: npm_token
---
get:
name: public-key-b64
path: infra/data/ci/packages-publish/gpg
kind: secret
name: packages_gpg_public_key
---
get:
name: private-key-b64
path: infra/data/ci/packages-publish/gpg
kind: secret
name: packages_gpg_private_key
---
get:
name: passphrase
path: infra/data/ci/packages-publish/gpg
kind: secret
name: packages_gpg_passphrase
---
get:
name: credentials.json
path: infra/data/ci/packages-publish/service-account
kind: secret
name: packages_service_account
---
get:
name: AccessID
path: infra/data/ci/packages-publish/bucket-credentials
kind: secret
name: packages_access_key_id
---
get:
name: Secret
path: infra/data/ci/packages-publish/bucket-credentials
kind: secret
name: packages_secret_access_key
---
get:
name: static_asset_editions
path: infra/data/ci/grafana-release-eng/artifact-publishing
kind: secret
name: static_asset_editions
---
get:
name: gcp_service_account_prod_base64
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: gcp_key_base64
---
get:
name: destination_prod
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: destination
---
get:
name: storybook_destination
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: rgm_storybook_destination
---
get:
name: cdn_destination
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: rgm_cdn_destination
---
get:
name: downloads_destination
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: rgm_downloads_destination
---
get:
name: dagger_token
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: dagger_token
---
get:
name: app-id
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
kind: secret
name: delivery-bot-app-id
---
get:
name: app-installation-id
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
kind: secret
name: delivery-bot-app-installation-id
---
get:
name: app-private-key
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
kind: secret
name: delivery-bot-app-private-key
---
get:
name: service-account
path: secret/data/common/gcr
kind: secret
name: gcr_credentials
---
kind: signature
hmac: c5243aaa05fbb21c64d03465f079ad710c9dcddb81db19b89ebb61cc9b60bc72
...