grafana/.circleci/config.yml
Arve Knudsen b2745c3e23
CircleCI: Fix builds of forked PRs (#25272)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-06-01 20:32:18 +02:00

1334 lines
45 KiB
YAML

version: 2.1
aliases:
# Workflow filters
# filter-all triggers for all branches and version tags
- &filter-all
tags:
only: /^v[0-9]+(\.[0-9]+){2}(-.+|[^-.]*)$/
- &filter-only-release
branches:
only: chore/test-release-pipeline
tags:
only: /^v[0-9]+(\.[0-9]+){2}(-.+|[^-.]*)$/
- &filter-not-release-or-master
tags:
ignore: /^v[0-9]+(\.[0-9]+){2}(-.+|[^-.]*)$/
branches:
ignore:
- master
- chore/test-release-pipeline
- &filter-only-master
branches:
only: master
- &filter-master-or-release
branches:
only:
- master
- chore/test-release-pipeline
tags:
only: /^v[0-9]+(\.[0-9]+){2}(-.+|[^-.]*)$/
executors:
base:
docker:
- image: cimg/base:stable
node:
docker:
- image: cimg/node:12.16
go:
docker:
- image: cimg/go:1.14
grafana-build:
docker:
- image: grafana/build-container:1.2.19
grafana-publish:
docker:
- image: grafana/grafana-ci-deploy:1.2.5
windows-installer:
docker:
- image: grafana/wix-toolset-ci:v3
commands:
install-grabpl:
description: "Install Grafana build pipeline tool"
steps:
- run:
name: "Install Grafana build pipeline tool"
command: |
VERSION=0.4.11
curl -fLO https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v${VERSION}/grabpl
chmod +x grabpl
mv grabpl /tmp
jobs:
build-backend:
description: "Build a certain variant of Grafana back-end binaries"
parameters:
edition:
type: string
variant:
type: string
executor: grafana-build
steps:
- run:
name: Exit if enterprise and forked PR
command: |
if [[ "<< parameters.edition >>" == "enterprise" && -n "$CIRCLE_PR_NUMBER" ]]; then
echo "Nothing to do for forked PRs, so marking this step successful"
circleci step halt
fi
- checkout
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- install-grabpl
- run:
name: Build Grafana backend
command: |
if [[ -n $CIRCLE_TAG ]]; then
# A release build
/tmp/grabpl build-backend --github-token "${GITHUB_GRAFANABOT_TOKEN}" --edition << parameters.edition >> \
--variants << parameters.variant >> $CIRCLE_TAG
elif [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
# We're testing the release pipeline
/tmp/grabpl build-backend --github-token "${GITHUB_GRAFANABOT_TOKEN}" --edition << parameters.edition >> \
--variants << parameters.variant >> v7.0.0-test
else
# A master or PR build
/tmp/grabpl build-backend --github-token "${GITHUB_GRAFANABOT_TOKEN}" --edition << parameters.edition >> \
--variants << parameters.variant >> --build-id $CIRCLE_WORKFLOW_ID
fi
- run:
name: Move artifacts
command: mkdir -p << parameters.edition >> && mv bin << parameters.edition >>/
- persist_to_workspace:
root: .
paths:
- << parameters.edition >>/bin/*
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
build-frontend:
description: "Build Grafana front-end artifacts"
parameters:
edition:
type: string
resource_class: large
executor: grafana-build
steps:
- run:
name: Exit if enterprise and forked PR
command: |
if [[ "<< parameters.edition >>" == "enterprise" && -n "$CIRCLE_PR_NUMBER" ]]; then
echo "Nothing to do for forked PRs, so marking this step successful"
circleci step halt
fi
- checkout
- restore_cache:
keys:
# Use own cache for front-end builds, since for some reason it can't be unpacked for parts of the
# pipeline
- v1-yarn-build-{{ checksum "yarn.lock" }}
# Used if checksum fails
- v1-yarn-build-
- run:
name: Increase node memory
command: |
export NODE_OPTIONS=--max_old_space_size=4096
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- install-grabpl
- run:
name: Install dependencies
command: yarn install --frozen-lockfile --no-progress
- save_cache:
key: v1-yarn-build-{{ checksum "yarn.lock" }}
paths:
- node_modules
- run:
name: Build Grafana frontend
command: |
if [[ -n $CIRCLE_TAG ]]; then
# A release build
/tmp/grabpl build-frontend --github-token "${GITHUB_GRAFANABOT_TOKEN}" --edition << parameters.edition >> $CIRCLE_TAG
elif [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
# We're testing the release pipeline
/tmp/grabpl build-frontend --github-token "${GITHUB_GRAFANABOT_TOKEN}" --edition << parameters.edition >> 7.0.0-test
else
# A master or PR build
/tmp/grabpl build-frontend --github-token "${GITHUB_GRAFANABOT_TOKEN}" --edition << parameters.edition >> --build-id $CIRCLE_WORKFLOW_ID
fi
- run:
name: Move artifacts
command: mkdir << parameters.edition >> && cp -r public << parameters.edition >>/
- persist_to_workspace:
root: .
paths:
- << parameters.edition >>/public/*
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
build-plugins:
description: "Build internal Grafana plug-ins"
parameters:
edition:
type: string
executor: grafana-build
steps:
- run:
name: Exit if enterprise and forked PR
command: |
if [[ "<< parameters.edition >>" == "enterprise" && -n "$CIRCLE_PR_NUMBER" ]]; then
echo "Nothing to do for forked PRs, so marking this step successful"
circleci step halt
fi
- checkout
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- install-grabpl
- run:
name: Build internal Grafana plug-ins
command: |
if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
# This is a forked PR, so don't sign as it requires an API secret
/tmp/grabpl build-plugins --jobs 2 --edition << parameters.edition >>
else
export GRAFANA_API_KEY=$GRAFANA_COM_API_KEY
/tmp/grabpl build-plugins --jobs 2 --edition << parameters.edition >> --sign --signing-admin
fi
- run:
name: Move artifacts
command: |
mkdir -p << parameters.edition >>/plugins-bundled
mv plugins-bundled/dist << parameters.edition >>/plugins-bundled/
- persist_to_workspace:
root: .
paths:
- << parameters.edition >>/plugins-bundled/dist/*
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
build-release-publisher:
description: "Build release-publisher"
executor: go
steps:
- checkout
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- run:
name: Test and build Grafana.com release publisher
command: |
cd scripts/build/release_publisher
go test .
go build -o release_publisher .
- persist_to_workspace:
root: .
paths:
- scripts/build/release_publisher/release_publisher
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
shellcheck:
executor: base
steps:
- checkout
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- install-grabpl
- run:
name: Install ShellCheck
command: |
VERSION=0.7.1
CHKSUM=beca3d7819a6bdcfbd044576df4fc284053b48f468b2f03428fe66f4ceb2c05d9b5411357fa15003cb0311406c255084cf7283a3b8fce644c340c2f6aa910b9f
curl -fLO http://storage.googleapis.com/grafana-downloads/ci-dependencies/shellcheck-v${VERSION}.linux.x86_64.tar.xz
echo $CHKSUM shellcheck-v${VERSION}.linux.x86_64.tar.xz | sha512sum --check --strict --status
tar xf shellcheck-v${VERSION}.linux.x86_64.tar.xz
sudo mv shellcheck-v${VERSION}/shellcheck /usr/local/bin/
- run:
name: ShellCheck
command: |
/tmp/grabpl shellcheck
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
build-oss-windows-installer:
executor: windows-installer
steps:
- attach_workspace:
at: /tmp/workspace
- checkout
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- run:
name: Copy artifacts from workspace
command: cp -r /tmp/workspace/oss/dist .
- run:
name: Build Windows installer
command: ./scripts/build/ci-msi-build/ci-msi-build-oss.sh
- run:
name: Move artifacts
command: mkdir oss && mv dist oss/
- persist_to_workspace:
root: .
paths:
- oss/dist/grafana-*.msi
- oss/dist/grafana-*.msi.sha256
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
build-enterprise-windows-installer:
executor: windows-installer
steps:
- run:
name: Exit if forked PR
command: |
if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
echo "Nothing to do for forked PRs, so marking this step successful"
circleci step halt
fi
- attach_workspace:
at: /tmp/workspace
- checkout
- run:
name: CI job started
command: "./scripts/ci-job-started.sh"
- run:
name: Copy artifacts from workspace
command: cp -r /tmp/workspace/enterprise/dist enterprise-dist
- run:
name: Build Windows installer
command: ./scripts/build/ci-msi-build/ci-msi-build-ee.sh
- run:
name: Move artifacts
command: mkdir enterprise && mv enterprise-dist enterprise/dist
- persist_to_workspace:
root: .
paths:
- enterprise/dist/grafana-*.msi
- enterprise/dist/grafana-*.msi.sha256
- run:
name: CI job failed
command: "./scripts/ci-job-failed.sh"
when: on_fail
- run:
name: CI job succeeded
command: "./scripts/ci-job-succeeded.sh"
when: on_success
release-next-packages:
executor: grafana-build
steps:
- run:
name: Exit if forked PR
command: |
if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
echo "Nothing to do for forked PRs, so marking this step successful"
circleci step halt
fi
- checkout
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- run:
name: Bootstrap lerna
command: npx lerna bootstrap
- run:
name: npm - Prepare auth token
command: "echo //registry.npmjs.org/:_authToken=$NPM_TOKEN >> ~/.npmrc"
- run:
name: Release next packages
command: ./scripts/circle-release-next-packages.sh
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
package-oss:
executor: grafana-build
steps:
- attach_workspace:
at: /tmp/workspace
- checkout
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- install-grabpl
- run:
name: Copy artifacts from workspace
command: cp -r /tmp/workspace/oss/* .
- run:
name: Package Grafana
command: |
if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
echo Using test GPG key pair since building a forked PR
source scripts/build/gpg-test-vars.sh
fi
# Necessary for signing bundled plugins
export GRAFANA_API_KEY=$GRAFANA_COM_API_KEY
if [[ -n $CIRCLE_TAG ]]; then
# A release build
/tmp/grabpl package --github-token "${GITHUB_GRAFANABOT_TOKEN}" --jobs 2 --edition oss --sign $CIRCLE_TAG
elif [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
# We're testing the release pipeline
/tmp/grabpl package --github-token "${GITHUB_GRAFANABOT_TOKEN}" --jobs 2 --edition oss --sign v7.0.0-test
elif [[ $CIRCLE_BRANCH == "master" ]]; then
# A master build
/tmp/grabpl package --github-token "${GITHUB_GRAFANABOT_TOKEN}" --jobs 2 --edition oss --sign --build-id $CIRCLE_WORKFLOW_ID
elif [[ -n "$CIRCLE_PR_NUMBER" ]]; then
# A forked PR build, don't sign as it requires an API secret
/tmp/grabpl package --github-token "${GITHUB_GRAFANABOT_TOKEN}" --jobs 2 --edition oss --build-id $CIRCLE_WORKFLOW_ID --variants \
linux-x64,linux-x64-musl,osx64,win64
else
# A non-forked PR build
/tmp/grabpl package --github-token "${GITHUB_GRAFANABOT_TOKEN}" --jobs 2 --edition oss --sign --build-id $CIRCLE_WORKFLOW_ID --variants \
linux-x64,linux-x64-musl,osx64,win64
fi
- run:
name: Move artifacts
command: |
mkdir -p oss
mv dist oss/
- persist_to_workspace:
root: .
paths:
- oss/dist/*
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
package-enterprise:
executor: grafana-build
steps:
- run:
name: Exit if forked PR
command: |
if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
echo "Nothing to do for forked PRs, so marking this step successful"
circleci step halt
fi
- attach_workspace:
at: /tmp/workspace
- checkout
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- install-grabpl
- run:
name: Copy artifacts from workspace
command: cp -r /tmp/workspace/enterprise/* .
- run:
name: Package Grafana
command: |
# Necessary for signing bundled plugins
export GRAFANA_API_KEY=$GRAFANA_COM_API_KEY
if [[ -n $CIRCLE_TAG ]]; then
# A release build
/tmp/grabpl package --github-token "${GITHUB_GRAFANABOT_TOKEN}" --jobs 2 --edition enterprise --sign $CIRCLE_TAG
elif [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
# We're testing the release pipeline
/tmp/grabpl package --github-token "${GITHUB_GRAFANABOT_TOKEN}" --jobs 2 --edition enterprise --sign v7.0.0-test
elif [[ $CIRCLE_BRANCH == "master" ]]; then
# A master build
/tmp/grabpl package --github-token "${GITHUB_GRAFANABOT_TOKEN}" --jobs 2 --edition enterprise --sign --build-id $CIRCLE_WORKFLOW_ID
elif [[ -n "$CIRCLE_PR_NUMBER" ]]; then
# A forked PR build, don't sign as it requires an API secret
/tmp/grabpl package --github-token "${GITHUB_GRAFANABOT_TOKEN}" --jobs 2 --edition enterprise --build-id $CIRCLE_WORKFLOW_ID --variants \
linux-x64,linux-x64-musl,osx64,win64
else
# A PR build
/tmp/grabpl package --github-token "${GITHUB_GRAFANABOT_TOKEN}" --jobs 2 --edition enterprise --sign --build-id $CIRCLE_WORKFLOW_ID --variants \
linux-x64,linux-x64-musl,osx64,win64
fi
- run:
name: Move artifacts
command: |
mkdir -p enterprise
mv dist enterprise/
- persist_to_workspace:
root: .
paths:
- enterprise/dist/*
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
publish-packages:
description: "Publish packages"
parameters:
edition:
type: string
executor: grafana-publish
steps:
- run:
name: Exit if forked PR
command: |
if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
echo "Nothing to do for forked PRs, so marking this step successful"
circleci step halt
fi
- attach_workspace:
at: /tmp/workspace
- checkout
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- install-grabpl
- run:
name: Publish packages
command: |
cp -r /tmp/workspace/<< parameters.edition >>/dist .
if [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
# We're testing the release pipeline
/tmp/grabpl publish-packages --edition << parameters.edition >> \
--deb-db-bucket grafana-testing-aptly-db --deb-repo-bucket grafana-testing-repo --packages-bucket \
grafana-downloads-test --rpm-repo-bucket grafana-testing-repo --simulate-release
else
/tmp/grabpl publish-packages --edition << parameters.edition >>
fi
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
publish-storybook:
description: "Publish Storybook"
executor: grafana-publish
steps:
- checkout
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- run:
name: Publish Storybook
command: |
yarn install --frozen-lockfile --no-progress
yarn storybook:build
if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
echo "Nothing to do for forked PRs, so marking this step successful"
circleci step halt
fi
if [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
# We're testing the release pipeline
echo Testing release
elif [[ $CIRCLE_BRANCH == "master" ]]; then
echo $GCP_GRAFANA_UPLOAD_KEY > /tmp/gcpkey.json
gcloud auth activate-service-account --key-file=/tmp/gcpkey.json
gsutil -m rsync -d -r ./packages/grafana-ui/dist/storybook gs://grafana-storybook/canary
elif [[ -n $CIRCLE_TAG ]]; then
echo $GCP_GRAFANA_UPLOAD_KEY > /tmp/gcpkey.json
gcloud auth activate-service-account --key-file=/tmp/gcpkey.json
gsutil -m rsync -d -r ./packages/grafana-ui/dist/storybook gs://grafana-storybook/latest
gsutil -m rsync -d -r ./packages/grafana-ui/dist/storybook gs://grafana-storybook/$CIRCLE_TAG
fi
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
build-docker-images:
description: "Build/publish Docker images"
parameters:
edition:
type: string
ubuntu:
type: boolean
executor: base
environment:
# Required for building cross-platform images
DOCKER_BUILDKIT: 1
steps:
- run:
name: Exit if enterprise and forked PR
command: |
if [[ "<< parameters.edition >>" == "enterprise" && -n "$CIRCLE_PR_NUMBER" ]]; then
echo "Nothing to do for forked PRs, so marking this step successful"
circleci step halt
fi
- attach_workspace:
at: /tmp/workspace
- checkout
- run:
name: CI job started
command: ./scripts/ci-job-started.sh
- setup_remote_docker:
# This version is necessary for building cross-platform images
version: 18.09.3
- install-grabpl
- run:
name: Install gcloud SDK
command: |
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | \
sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | \
sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
sudo apt-get update && sudo apt-get install google-cloud-sdk
# XXX: Is this necessary?
- run: docker run --privileged linuxkit/binfmt:v0.6
- run:
name: Copy Grafana archives
command: |
cp -r /tmp/workspace/<< parameters.edition >>/dist .
- run:
name: Build Docker images
command: |
if [[ -n $CIRCLE_TAG || $CIRCLE_BRANCH == "chore/test-release-pipeline" || $CIRCLE_BRANCH == "master" ]]; then
# It's a full build
/tmp/grabpl build-docker --jobs 4 --edition << parameters.edition >> \
--ubuntu=<< parameters.ubuntu >>
else
# We're testing a branch
/tmp/grabpl build-docker --jobs 4 --edition << parameters.edition >> \
--ubuntu=<< parameters.ubuntu >> --archs amd64
fi
- run:
name: Exit if PR
command: |
if [[ -z $CIRCLE_TAG && $CIRCLE_BRANCH != "chore/test-release-pipeline" && $CIRCLE_BRANCH != "master" ]]; then
echo "Nothing to do for PRs, so marking this step successful"
circleci step halt
fi
- run:
name: Publish Docker images
command: |
if [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
# We're testing the release pipeline
/tmp/grabpl publish-docker --jobs 4 --edition << parameters.edition >> --ubuntu=<< parameters.ubuntu >> --dry-run
elif [[ -n $CIRCLE_TAG ]]; then
# This is a release
/tmp/grabpl publish-docker --jobs 4 --edition << parameters.edition >> --ubuntu=<< parameters.ubuntu >>
else
# TODO: Don't ignore errors, temporary workaround until we fix #22955
/tmp/grabpl publish-docker --jobs 4 --edition << parameters.edition >> --ubuntu=<< parameters.ubuntu >> || echo Publishing failed!
fi
- run:
name: CI job failed
command: ./scripts/ci-job-failed.sh
when: on_fail
- run:
name: CI job succeeded
command: ./scripts/ci-job-succeeded.sh
when: on_success
end-to-end-tests:
docker:
- image: circleci/node:12-browsers
steps:
- attach_workspace:
at: /tmp/workspace
- checkout
- restore_cache:
keys:
- v2-yarn-{{ checksum "yarn.lock" }}
# Used if checksum fails
- v2-yarn-
- run:
name: yarn install
command: yarn install --frozen-lockfile --no-progress
no_output_timeout: 5m
- save_cache:
key: v2-yarn-{{ checksum "yarn.lock" }}
paths:
- node_modules
- run:
name: Copy artifacts from workspace
command: |
mkdir -p dist
cp -r /tmp/workspace/oss/dist/*.tar.gz dist/
- run:
name: Start grafana-server
command: ./e2e/start-server
background: true
- run:
name: "Wait for Grafana to start"
command: './e2e/wait-for-grafana'
- run:
name: Run end-to-end tests
command: ./e2e/run-suite
no_output_timeout: 5m
- store_artifacts:
path: e2e/suite1/screenshots
destination: screenshots
- store_artifacts:
path: e2e/suite1/videos
destination: output-videos
- store_artifacts:
path: e2e/tmp/data/log
destination: logs
mysql-integration-test:
docker:
- image: cimg/go:1.14
- image: circleci/mysql:5.6-ram
environment:
MYSQL_ROOT_PASSWORD: rootpass
MYSQL_DATABASE: grafana_tests
MYSQL_USER: grafana
MYSQL_PASSWORD: password
steps:
- checkout
- run:
name: ci job started
command: "./scripts/ci-job-started.sh"
- run: sudo apt update
- run: sudo apt install -y default-mysql-client
- run: dockerize -wait tcp://127.0.0.1:3306 -timeout 120s
- run: cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h 127.0.0.1 -P 3306 -u root -prootpass
- run:
name: mysql integration tests
command: "./scripts/circle-test-mysql.sh"
- run:
name: ci job failed
command: "./scripts/ci-job-failed.sh"
when: on_fail
- run:
name: ci job succeeded
command: "./scripts/ci-job-succeeded.sh"
when: on_success
postgres-integration-test:
docker:
- image: cimg/go:1.14
- image: circleci/postgres:9.3-ram
environment:
POSTGRES_USER: grafanatest
POSTGRES_PASSWORD: grafanatest
POSTGRES_DB: grafanatest
steps:
- checkout
- run:
name: ci job started
command: "./scripts/ci-job-started.sh"
- run: sudo apt update
- run: sudo apt install -y postgresql-client
- run: dockerize -wait tcp://127.0.0.1:5432 -timeout 120s
- run: "PGPASSWORD=grafanatest psql -p 5432 -h 127.0.0.1 -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql"
- run:
name: postgres integration tests
command: "./scripts/circle-test-postgres.sh"
- run:
name: ci job failed
command: "./scripts/ci-job-failed.sh"
when: on_fail
- run:
name: ci job succeeded
command: "./scripts/ci-job-succeeded.sh"
when: on_success
codespell:
docker:
- image: cimg/python:3.8
steps:
- checkout
- run:
name: Install codespell
command: "pip install codespell"
- run:
# Important: all words have to be in lowercase, and separated by "\n".
name: exclude known exceptions
command: 'echo -e "unknwon\nreferer\nerrorstring\neror\niam" > words_to_ignore.txt'
- run:
name: check documentation spelling errors
command: "codespell -I ./words_to_ignore.txt docs/"
lint-go:
executor: go
environment:
# we need CGO because of go-sqlite3
CGO_ENABLED: 1
# Reduce golangci-lint memory usage (default is 100)
GOGC: 20
steps:
- checkout
- run:
name: Install Go linters
command: |
pushd /tmp
curl -fLO https://github.com/golangci/golangci-lint/releases/download/v1.24.0/golangci-lint-1.24.0-linux-amd64.tar.gz
echo 241ca454102e909de04957ff8a5754c757cefa255758b3e1fba8a4533d19d179 \
golangci-lint-1.24.0-linux-amd64.tar.gz | sha256sum --check --strict --status
tar -xf golangci-lint-1.24.0-linux-amd64.tar.gz
sudo mv golangci-lint-1.24.0-linux-amd64/golangci-lint /usr/local/bin/
popd
make scripts/go/bin/revive scripts/go/bin/gosec
- run:
name: Lint Go
command: |
go vet ./pkg/...
golangci-lint run -v -j 4 --config scripts/go/configs/ci/.golangci.yml -E deadcode -E gofmt \
-E gosimple -E ineffassign -E structcheck -E typecheck ./pkg/...
golangci-lint run -v -j 4 --config scripts/go/configs/ci/.golangci.yml -E unconvert -E unused \
-E varcheck -E goconst -E errcheck -E staticcheck ./pkg/...
./scripts/go/bin/revive -formatter stylish -config ./scripts/go/configs/revive.toml ./pkg/...
./scripts/go/bin/revive -formatter stylish -config ./scripts/go/configs/revive-strict.toml \
./pkg/services/alerting/... \
./pkg/services/provisioning/datasources/... \
./pkg/services/provisioning/dashboards/...
./scripts/go/bin/gosec -quiet -exclude=G104,G107,G108,G201,G202,G204,G301,G304,G401,G402,G501 \
-conf=./scripts/go/configs/gosec.json ./pkg/...
test-frontend:
executor: node
steps:
- checkout
- run:
name: CI job started
command: "./scripts/ci-job-started.sh"
- restore_cache:
keys:
- v2-yarn-{{ checksum "yarn.lock" }}
# Used if checksum fails
- v2-yarn-
- run:
name: yarn install
command: "yarn install --frozen-lockfile --no-progress"
no_output_timeout: 15m
- save_cache:
key: v2-yarn-{{ checksum "yarn.lock" }}
paths:
- node_modules
- run:
name: frontend tests
command: "./scripts/circle-test-frontend.sh"
- store_test_results:
path: reports/junit
- run:
name: CI job failed
command: "./scripts/ci-job-failed.sh"
when: on_fail
- run:
name: CI job succeeded
command: "./scripts/ci-job-succeeded.sh"
when: on_success
test-backend:
executor: go
steps:
- checkout
- run:
name: CI job started
command: "./scripts/ci-job-started.sh"
- run:
name: build backend and run go tests
command: "./scripts/circle-test-backend.sh"
- run:
name: CI job failed
command: "./scripts/ci-job-failed.sh"
when: on_fail
- run:
name: CI job succeeded
command: "./scripts/ci-job-succeeded.sh"
when: on_success
build-docs-website:
executor: base
steps:
- checkout
- setup_remote_docker
- run:
name: CI job started
command: "./scripts/ci-job-started.sh"
- run:
name: Build Grafana docs website
command: |
# Use latest revision here, since we want to catch if it breaks
IMAGE=grafana/docs-base:latest
# In order to copy sources into the remote container, we need to employ a trick of creating a container
# with a volume, that we copy the sources into. Then, we launch the build container, with the volume
# from the other container
docker create -v /hugo/content/docs/grafana --name docs alpine:3.11 /bin/true
docker cp ${PWD}/docs/sources docs:/hugo/content/docs/grafana/latest
docker run --volumes-from docs $IMAGE /bin/bash -c 'make prod'
- run:
name: CI job failed
command: "./scripts/ci-job-failed.sh"
when: on_fail
- run:
name: CI job succeeded
command: "./scripts/ci-job-succeeded.sh"
when: on_success
deploy-to-kubernetes:
description: "Deploy Grafana master Docker image to Kubernetes"
executor: base
steps:
- install-grabpl
- run:
name: Deploy to Kubernetes
command: |
/tmp/grabpl deploy-to-k8s $CIRCLE_WORKFLOW_ID
release-packages:
executor: node
steps:
- run:
name: Exit if forked PR
command: |
if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
echo "Nothing to do for forked PRs, so marking this step successful"
circleci step halt
fi
- checkout
- run:
name: CI job started
command: "./scripts/ci-job-started.sh"
- run:
name: Bootstrap lerna
command: "npx lerna bootstrap"
- run:
name: npm - Prepare auth token
command: "echo //registry.npmjs.org/:_authToken=$NPM_TOKEN >> ~/.npmrc"
- run:
name: Exit if release pipeline test
command: |
if [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
# We're testing the release pipeline
echo "We're testing the release pipeline, so stopping before publishing"
circleci step halt
fi
- run:
name: Release packages
command: ./scripts/build/release-packages.sh "${CIRCLE_TAG}"
- run:
name: CI job failed
command: "./scripts/ci-job-failed.sh"
when: on_fail
- run:
name: CI job succeeded
command: "./scripts/ci-job-succeeded.sh"
when: on_success
scan-docker-image:
description: "Scans a docker image for vulnerabilities using trivy"
parameters:
image:
type: string
tag:
type: string
docker:
- image: circleci/buildpack-deps:stretch
steps:
- setup_remote_docker
- restore_cache:
key: vulnerability-db
- run:
name: Install trivy
command: |
VERSION=$(
curl --silent "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | \
grep '"tag_name":' | \
sed -E 's/.*"v([^"]+)".*/\1/'
)
wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz
tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz
sudo mv trivy /usr/local/bin
- run:
name: Clear trivy cache
command: trivy --clear-cache
- run:
name: Scan Docker image for unkown/low/medium vulnerabilities
command: trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM << parameters.image >>:<< parameters.tag >>
- run:
name: Scan Docker image for high/critical vulnerabilities
command: trivy --exit-code 1 --severity HIGH,CRITICAL << parameters.image >>:<< parameters.tag >>
- save_cache:
key: vulnerability-db
paths:
- $HOME/.cache/trivy
workflows:
build-pipeline:
jobs:
- build-backend:
filters: *filter-master-or-release
edition: oss
variant: armv6
name: build-oss-backend-armv6
requires:
- lint-go
- build-backend:
filters: *filter-master-or-release
edition: oss
variant: armv7
name: build-oss-backend-armv7
requires:
- lint-go
- build-backend:
filters: *filter-master-or-release
edition: oss
variant: armv7-musl
name: build-oss-backend-armv7-musl
requires:
- lint-go
- build-backend:
filters: *filter-master-or-release
edition: oss
variant: arm64
name: build-oss-backend-arm64
requires:
- lint-go
- build-backend:
filters: *filter-master-or-release
edition: oss
variant: arm64-musl
name: build-oss-backend-arm64-musl
requires:
- lint-go
- build-backend:
filters: *filter-all
edition: oss
variant: osx64
name: build-oss-backend-osx64
requires:
- lint-go
- build-backend:
filters: *filter-all
edition: oss
variant: win64
name: build-oss-backend-win64
requires:
- lint-go
- build-backend:
filters: *filter-all
edition: oss
variant: linux-x64
name: build-oss-backend-linux-x64
requires:
- lint-go
- build-backend:
filters: *filter-all
edition: oss
variant: linux-x64-musl
name: build-oss-backend-linux-x64-musl
requires:
- lint-go
- build-frontend:
filters: *filter-all
name: build-oss-frontend
edition: oss
- build-plugins:
filters: *filter-all
name: build-oss-plugins
edition: oss
requires:
- lint-go
- build-backend:
filters: *filter-master-or-release
name: build-enterprise-backend-armv6
edition: enterprise
variant: armv6
requires:
- lint-go
- build-backend:
filters: *filter-master-or-release
name: build-enterprise-backend-armv7
edition: enterprise
variant: armv7
requires:
- lint-go
- build-backend:
filters: *filter-master-or-release
name: build-enterprise-backend-armv7-musl
edition: enterprise
variant: armv7-musl
requires:
- lint-go
- build-backend:
filters: *filter-master-or-release
name: build-enterprise-backend-arm64
edition: enterprise
variant: arm64
requires:
- lint-go
- build-backend:
filters: *filter-master-or-release
name: build-enterprise-backend-arm64-musl
edition: enterprise
variant: arm64-musl
requires:
- lint-go
- build-backend:
filters: *filter-all
name: build-enterprise-backend-osx64
edition: enterprise
variant: osx64
requires:
- lint-go
- build-backend:
filters: *filter-all
name: build-enterprise-backend-win64
edition: enterprise
variant: win64
requires:
- lint-go
- build-backend:
filters: *filter-all
name: build-enterprise-backend-linux-x64
edition: enterprise
variant: linux-x64
requires:
- lint-go
- build-backend:
filters: *filter-all
name: build-enterprise-backend-linux-x64-musl
edition: enterprise
variant: linux-x64-musl
requires:
- lint-go
- build-frontend:
filters: *filter-all
name: build-enterprise-frontend
edition: enterprise
- build-plugins:
filters: *filter-all
name: build-enterprise-plugins
edition: enterprise
requires:
- lint-go
- build-release-publisher:
filters: *filter-master-or-release
- codespell:
filters: *filter-all
- lint-go:
filters: *filter-all
- shellcheck:
filters: *filter-all
- test-backend:
filters: *filter-all
requires:
- lint-go
- test-frontend:
filters: *filter-all
- mysql-integration-test:
filters: *filter-all
requires:
- lint-go
- test-backend
- test-frontend
- postgres-integration-test:
filters: *filter-all
requires:
- lint-go
- test-backend
- test-frontend
- package-oss:
filters: *filter-all
requires:
- build-oss-backend-armv6
- build-oss-backend-armv7
- build-oss-backend-armv7-musl
- build-oss-backend-arm64
- build-oss-backend-arm64-musl
- build-oss-backend-osx64
- build-oss-backend-win64
- build-oss-backend-linux-x64
- build-oss-backend-linux-x64-musl
- build-oss-frontend
- test-backend
- test-frontend
- codespell
- shellcheck
- build-oss-plugins
- package-enterprise:
filters: *filter-all
requires:
- build-enterprise-backend-armv6
- build-enterprise-backend-armv7
- build-enterprise-backend-armv7-musl
- build-enterprise-backend-arm64
- build-enterprise-backend-arm64-musl
- build-enterprise-backend-osx64
- build-enterprise-backend-win64
- build-enterprise-backend-linux-x64
- build-enterprise-backend-linux-x64-musl
- build-enterprise-frontend
- test-backend
- test-frontend
- codespell
- shellcheck
- build-enterprise-plugins
- build-oss-windows-installer:
filters: *filter-all
requires:
- package-oss
- build-enterprise-windows-installer:
filters: *filter-all
requires:
- package-enterprise
- release-next-packages:
filters: *filter-only-master
requires:
- end-to-end-tests
- release-packages:
filters: *filter-only-release
requires:
- end-to-end-tests
- mysql-integration-test
- postgres-integration-test
- publish-packages:
filters: *filter-master-or-release
name: publish-oss-packages
edition: oss
requires:
- package-oss
- build-oss-windows-installer
- end-to-end-tests
- mysql-integration-test
- postgres-integration-test
- build-release-publisher
- publish-packages:
filters: *filter-master-or-release
name: publish-enterprise-packages
edition: enterprise
requires:
- package-enterprise
- build-enterprise-windows-installer
- end-to-end-tests
- mysql-integration-test
- postgres-integration-test
- build-release-publisher
- publish-storybook:
filters: *filter-all
requires:
- test-backend
- test-frontend
- build-docker-images:
filters: *filter-all
name: build-oss-docker-images
edition: oss
ubuntu: false
requires:
- end-to-end-tests
- mysql-integration-test
- postgres-integration-test
- package-oss
- build-oss-windows-installer
- build-docker-images:
filters: *filter-all
name: build-oss-ubuntu-docker-images
edition: oss
ubuntu: true
requires:
- end-to-end-tests
- mysql-integration-test
- postgres-integration-test
- package-oss
- build-oss-windows-installer
- build-docker-images:
filters: *filter-all
name: build-enterprise-docker-images
edition: enterprise
ubuntu: false
requires:
- end-to-end-tests
- mysql-integration-test
- postgres-integration-test
- package-enterprise
- build-enterprise-windows-installer
- build-docker-images:
filters: *filter-all
name: build-enterprise-ubuntu-docker-images
edition: enterprise
ubuntu: true
requires:
- end-to-end-tests
- mysql-integration-test
- postgres-integration-test
- package-enterprise
- build-enterprise-windows-installer
- end-to-end-tests:
filters: *filter-all
requires:
- package-oss
- build-docs-website:
filters: *filter-not-release-or-master
requires:
- mysql-integration-test
- postgres-integration-test
- deploy-to-kubernetes:
filters: *filter-only-master
requires:
- build-enterprise-docker-images
nightly:
triggers:
- schedule:
cron: "0 0 * * *"
filters: *filter-only-master
jobs:
- scan-docker-image:
matrix:
parameters:
image: [grafana/grafana, grafana/grafana-enterprise]
tag: [latest, master, latest-ubuntu, master-ubuntu]