grafana/.circleci/config.yml

version: 2.1

aliases:
  # Workflow filters
  # filter-all triggers for all branches and version tags
  - &filter-all
    tags:
      only: /^v[0-9]+(\.[0-9]+){2}(-.+|[^-.]*)$/
  - &filter-only-release
    branches:
      only: chore/test-release-pipeline
    tags:
      only: /^v[0-9]+(\.[0-9]+){2}(-.+|[^-.]*)$/
  - &filter-not-release-or-master
    tags:
      ignore: /^v[0-9]+(\.[0-9]+){2}(-.+|[^-.]*)$/
    branches:
      ignore: master
  - &filter-only-master
    branches:
      only: master
  - &filter-master-or-release
    branches:
      only:
        - master
        - chore/test-release-pipeline
    tags:
      only: /^v[0-9]+(\.[0-9]+){2}(-.+|[^-.]*)$/

executors:
  base:
    docker:
      - image: cimg/base:stable
  node:
    docker:
      - image: cimg/node:12.16
  go:
    docker:
      - image: cimg/go:1.14
  grafana-build:
    docker:
      - image: grafana/build-container:1.2.16
  grafana-publish:
    docker:
      - image: grafana/grafana-ci-deploy:1.2.5
  windows-installer:
    docker:
      - image: grafana/wix-toolset-ci:v3

commands:
  install-grabpl:
    description: "Install Grafana build pipeline tool"
    steps:
      - run:
          name: "Install Grafana build pipeline tool"
          command: |
            VERSION=0.4.4
            curl -fLO https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v${VERSION}/grabpl
            chmod +x grabpl
            mv grabpl /tmp

jobs:
  build-backend:
    description: "Build a certain variant of Grafana back-end binaries"
    parameters:
      edition:
        type: string
      variant:
        type: string
    executor: grafana-build
    steps:
      - run:
          name: Exit if enterprise and forked PR
          command: |
            if [[ "<< parameters.edition >>" == "enterprise"  && -n "$CIRCLE_PR_NUMBER" ]]; then
              echo "Nothing to do for forked PRs, so marking this step successful"
              circleci step halt
            fi
      - checkout
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - install-grabpl
      - run:
          name: Build Grafana backend
          command: |
            if [[ -n $CIRCLE_TAG ]]; then
              # A release build
              /tmp/grabpl build-backend --edition << parameters.edition >> \
                --variants << parameters.variant >> $CIRCLE_TAG
            elif [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
              # We're testing the release pipeline
              /tmp/grabpl build-backend --edition << parameters.edition >> \
                --variants << parameters.variant >> v6.7.0-beta1
            else
              # A master or PR build
              /tmp/grabpl build-backend --edition << parameters.edition >> \
                --variants << parameters.variant >> --build-id $CIRCLE_WORKFLOW_ID
            fi
      - run:
          name: Move artifacts
          command: mkdir -p << parameters.edition >> && mv bin << parameters.edition >>/
      - persist_to_workspace:
          root: .
          paths:
            - << parameters.edition >>/bin/*
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  build-frontend:
    description: "Build Grafana front-end artifacts"
    parameters:
      edition:
        type: string
    resource_class: large
    executor: grafana-build
    steps:
      - run:
          name: Exit if enterprise and forked PR
          command: |
            if [[ "<< parameters.edition >>" == "enterprise"  && -n "$CIRCLE_PR_NUMBER" ]]; then
              echo "Nothing to do for forked PRs, so marking this step successful"
              circleci step halt
            fi
      - checkout
      - restore_cache:
          keys:
            # Use own cache for front-end builds, since for some reason it can't be unpacked for parts of the
            # pipeline
            - v1-yarn-build-{{ checksum "yarn.lock" }}
            # Used if checksum fails
            - v1-yarn-build-
      - run:
          name: Increase node memory
          command: |
            export NODE_OPTIONS=--max_old_space_size=4096
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - install-grabpl
      - run:
          name: Install dependencies
          command: yarn install --frozen-lockfile --no-progress
      - save_cache:
          key: v1-yarn-build-{{ checksum "yarn.lock" }}
          paths:
            - node_modules
      - run:
          name: Build Grafana frontend
          command: /tmp/grabpl build-frontend --edition << parameters.edition >>
      - run:
          name: Move artifacts
          command: mkdir << parameters.edition >> && cp -r public << parameters.edition >>/
      - persist_to_workspace:
          root: .
          paths:
            - << parameters.edition >>/public/*
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  build-plugins:
    description: "Build internal Grafana plug-ins"
    parameters:
      edition:
        type: string
    executor: grafana-build
    steps:
      - run:
          name: Exit if enterprise and forked PR
          command: |
            if [[ "<< parameters.edition >>" == "enterprise"  && -n "$CIRCLE_PR_NUMBER" ]]; then
              echo "Nothing to do for forked PRs, so marking this step successful"
              circleci step halt
            fi
      - checkout
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - install-grabpl
      - run:
          name: Build internal Grafana plug-ins
          command: |
            if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
              # This is a forked PR, so don't sign as it requires an API secret
              /tmp/grabpl build-plugins --jobs 2 --edition << parameters.edition >>
            else
              export GRAFANA_API_KEY=$GRAFANA_COM_API_KEY
              /tmp/grabpl build-plugins --jobs 2 --edition << parameters.edition >> --sign --signing-admin
            fi
      - run:
          name: Move artifacts
          command: |
            mkdir -p << parameters.edition >>/plugins-bundled
            mv plugins-bundled/dist << parameters.edition >>/plugins-bundled/
      - persist_to_workspace:
          root: .
          paths:
            - << parameters.edition >>/plugins-bundled/dist/*
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  build-release-publisher:
    description: "Build release-publisher"
    executor: go
    steps:
      - checkout
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - run:
          name: Test and build Grafana.com release publisher
          command: |
            cd scripts/build/release_publisher
            go test .
            go build -o release_publisher .
      - persist_to_workspace:
          root: .
          paths:
            - scripts/build/release_publisher/release_publisher
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  shellcheck:
    executor: base
    steps:
      - checkout
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - install-grabpl
      - run:
          name: Install ShellCheck
          command: |
            VERSION=0.7.1
            CHKSUM=beca3d7819a6bdcfbd044576df4fc284053b48f468b2f03428fe66f4ceb2c05d9b5411357fa15003cb0311406c255084cf7283a3b8fce644c340c2f6aa910b9f
            curl -fLO http://storage.googleapis.com/grafana-downloads/ci-dependencies/shellcheck-v${VERSION}.linux.x86_64.tar.xz
            echo $CHKSUM shellcheck-v${VERSION}.linux.x86_64.tar.xz | sha512sum --check --strict --status
            tar xf shellcheck-v${VERSION}.linux.x86_64.tar.xz
            sudo mv shellcheck-v${VERSION}/shellcheck /usr/local/bin/
      - run:
          name: ShellCheck
          command: |
            /tmp/grabpl shellcheck
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  build-oss-windows-installer:
    executor: windows-installer
    steps:
      - attach_workspace:
          at: /tmp/workspace
      - checkout
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - run:
          name: Copy artifacts from workspace
          command: cp -r /tmp/workspace/oss/dist .
      - run:
          name: Build Windows installer
          command: ./scripts/build/ci-msi-build/ci-msi-build-oss.sh
      - run:
          name: Move artifacts
          command: mkdir oss && mv dist oss/
      - persist_to_workspace:
          root: .
          paths:
            - oss/dist/grafana-*.msi
            - oss/dist/grafana-*.msi.sha256
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  build-enterprise-windows-installer:
    executor: windows-installer
    steps:
      - run:
          name: Exit if forked PR
          command: |
            if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
              echo "Nothing to do for forked PRs, so marking this step successful"
              circleci step halt
            fi
      - attach_workspace:
          at: /tmp/workspace
      - checkout
      - run:
          name: CI job started
          command: "./scripts/ci-job-started.sh"
      - run:
          name: Copy artifacts from workspace
          command: cp -r /tmp/workspace/enterprise/dist enterprise-dist
      - run:
          name: Build Windows installer
          command: ./scripts/build/ci-msi-build/ci-msi-build-ee.sh
      - run:
          name: Move artifacts
          command: mkdir enterprise && mv enterprise-dist enterprise/dist
      - persist_to_workspace:
          root: .
          paths:
            - enterprise/dist/grafana-*.msi
            - enterprise/dist/grafana-*.msi.sha256
      - run:
          name: CI job failed
          command: "./scripts/ci-job-failed.sh"
          when: on_fail
      - run:
          name: CI job succeeded
          command: "./scripts/ci-job-succeeded.sh"
          when: on_success

  release-next-packages:
    executor: grafana-build
    steps:
      - run:
          name: Exit if forked PR
          command: |
            if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
              echo "Nothing to do for forked PRs, so marking this step successful"
              circleci step halt
            fi
      - checkout
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - run:
          name: Bootstrap lerna
          command: npx lerna bootstrap
      - run:
          name: npm - Prepare auth token
          command: "echo //registry.npmjs.org/:_authToken=$NPM_TOKEN >> ~/.npmrc"
      - run:
          name: Release next packages
          command: ./scripts/circle-release-next-packages.sh
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  package-oss:
    executor: grafana-build
    steps:
      - attach_workspace:
          at: /tmp/workspace
      - checkout
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - install-grabpl
      - run:
          name: Copy artifacts from workspace
          command: cp -r /tmp/workspace/oss/* .
      - run:
          name: Package Grafana
          command: |
            if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
              echo Using test GPG key pair since building a forked PR
              source scripts/build/gpg-test-vars.sh
            fi

            if [[ -n $CIRCLE_TAG ]]; then
              # A release build
              /tmp/grabpl package --jobs 2 --edition oss $CIRCLE_TAG
            elif [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
              # We're testing the release pipeline
              /tmp/grabpl package --jobs 2 --edition oss v6.7.0-beta1
            elif [[ $CIRCLE_BRANCH == "master" ]]; then
              # A master build
              /tmp/grabpl package --jobs 2 --edition oss --build-id $CIRCLE_WORKFLOW_ID
            else
              # A PR build
              /tmp/grabpl package --jobs 2 --edition oss --build-id $CIRCLE_WORKFLOW_ID --variants \
                linux-x64,linux-x64-musl,osx64,win64
            fi
      - run:
          name: Move artifacts
          command: |
            mkdir -p oss
            mv dist oss/
      - persist_to_workspace:
          root: .
          paths:
            - oss/dist/*
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  package-enterprise:
    executor: grafana-build
    steps:
      - run:
          name: Exit if forked PR
          command: |
            if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
              echo "Nothing to do for forked PRs, so marking this step successful"
              circleci step halt
            fi
      - attach_workspace:
          at: /tmp/workspace
      - checkout
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - install-grabpl
      - run:
          name: Copy artifacts from workspace
          command: cp -r /tmp/workspace/enterprise/* .
      - run:
          name: Package Grafana
          command: |
            if [[ -n $CIRCLE_TAG ]]; then
              # A release build
              /tmp/grabpl package --jobs 2 --edition enterprise $CIRCLE_TAG
            elif [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
              # We're testing the release pipeline
              /tmp/grabpl package --jobs 2 --edition enterprise v6.7.0-beta1
            elif [[ $CIRCLE_BRANCH == "master" ]]; then
              # A master build
              /tmp/grabpl package --jobs 2 --edition enterprise --build-id $CIRCLE_WORKFLOW_ID
            else
              # A PR build
              /tmp/grabpl package --jobs 2 --edition enterprise --build-id $CIRCLE_WORKFLOW_ID --variants \
                linux-x64,linux-x64-musl,osx64,win64
            fi
      - run:
          name: Move artifacts
          command: |
            mkdir -p enterprise
            mv dist enterprise/
      - persist_to_workspace:
          root: .
          paths:
            - enterprise/dist/*
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  publish-packages:
    description: "Publish packages"
    parameters:
      edition:
        type: string
    executor: grafana-publish
    steps:
      - run:
          name: Exit if forked PR
          command: |
            if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
              echo "Nothing to do for forked PRs, so marking this step successful"
              circleci step halt
            fi
      - attach_workspace:
          at: /tmp/workspace
      - checkout
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - install-grabpl
      - run:
          name: Publish packages
          command: |
            cp -r /tmp/workspace/<< parameters.edition >>/dist .
            if [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
              # We're testing the release pipeline
              /tmp/grabpl publish-packages --edition << parameters.edition >> \
                --deb-db-bucket grafana-testing-aptly-db --deb-repo-bucket grafana-testing-repo --packages-bucket \
                grafana-downloads-test --rpm-repo-bucket grafana-testing-repo --simulate-release
            else
              /tmp/grabpl publish-packages --edition << parameters.edition >>
            fi
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  publish-storybook:
    description: "Publish Storybook"
    executor: grafana-publish
    steps:
      - checkout
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - run:
          name: Publish Storybook
          command: |
            yarn install --frozen-lockfile --no-progress
            yarn storybook:build

            if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
              echo "Nothing to do for forked PRs, so marking this step successful"
              circleci step halt
            fi

            if [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
              # We're testing the release pipeline
              echo Testing release
            elif [[ $CIRCLE_BRANCH == "master" ]]; then
              echo $GCP_GRAFANA_UPLOAD_KEY > /tmp/gcpkey.json
              gcloud auth activate-service-account --key-file=/tmp/gcpkey.json
              gsutil -m rsync -d -r ./packages/grafana-ui/dist/storybook gs://grafana-storybook/canary
            elif [[ -n $CIRCLE_TAG ]]; then
              echo $GCP_GRAFANA_UPLOAD_KEY > /tmp/gcpkey.json
              gcloud auth activate-service-account --key-file=/tmp/gcpkey.json
              gsutil -m rsync -d -r ./packages/grafana-ui/dist/storybook gs://grafana-storybook/latest
              gsutil -m rsync -d -r ./packages/grafana-ui/dist/storybook gs://grafana-storybook/$CIRCLE_TAG
            fi
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  build-docker-images:
    description: "Build/publish Docker images"
    parameters:
      edition:
        type: string
      ubuntu:
        type: boolean
    executor: base
    environment:
      # Required for building cross-platform images
      DOCKER_BUILDKIT: 1
    steps:
      - run:
          name: Exit if enterprise and forked PR
          command: |
            if [[ "<< parameters.edition >>" == "enterprise"  && -n "$CIRCLE_PR_NUMBER" ]]; then
              echo "Nothing to do for forked PRs, so marking this step successful"
              circleci step halt
            fi
      - attach_workspace:
          at: /tmp/workspace
      - checkout
      - run:
          name: CI job started
          command: ./scripts/ci-job-started.sh
      - setup_remote_docker:
          # This version is necessary for building cross-platform images
          version: 18.09.3
      - install-grabpl
      # XXX: Is this necessary?
      - run: docker run --privileged linuxkit/binfmt:v0.6
      - run:
          name: Copy Grafana archives
          command: |
            cp -r /tmp/workspace/<< parameters.edition >>/dist .
      - run:
          name: Build Docker images
          command: |
            if [[ -n $CIRCLE_TAG || $CIRCLE_BRANCH == "chore/test-release-pipeline" || $CIRCLE_BRANCH == "master" ]]; then
              # It's a full build
              /tmp/grabpl build-docker --jobs 4 --edition << parameters.edition >> \
                --ubuntu=<< parameters.ubuntu >>
            else
              # We're testing a branch
              /tmp/grabpl build-docker --jobs 4 --edition << parameters.edition >> \
                --ubuntu=<< parameters.ubuntu >> --archs amd64
            fi
      - run:
          name: Exit if PR
          command: |
            if [[ -z $CIRCLE_TAG && $CIRCLE_BRANCH != "chore/test-release-pipeline" && $CIRCLE_BRANCH != "master" ]]; then
              echo "Nothing to do for PRs, so marking this step successful"
              circleci step halt
            fi
      - run:
          name: Publish Docker images
          command: |
            if [[ $CIRCLE_BRANCH == "chore/test-release-pipeline" ]]; then
              # We're testing the release pipeline
              /tmp/grabpl publish-docker --jobs 4 --edition << parameters.edition >> --ubuntu=<< parameters.ubuntu >> --dry-run
            elif [[ -n $CIRCLE_TAG ]]; then
              # This is a release
              /tmp/grabpl publish-docker --jobs 4 --edition << parameters.edition >> --ubuntu=<< parameters.ubuntu >>
            else
              # TODO: Don't ignore errors, temporary workaround until we fix #22955
              /tmp/grabpl publish-docker --jobs 4 --edition << parameters.edition >> --ubuntu=<< parameters.ubuntu >> || echo Publishing failed!
            fi
      - run:
          name: CI job failed
          command: ./scripts/ci-job-failed.sh
          when: on_fail
      - run:
          name: CI job succeeded
          command: ./scripts/ci-job-succeeded.sh
          when: on_success

  end-to-end-tests:
    docker:
      - image: circleci/node:12-browsers
    steps:
      - attach_workspace:
          at: /tmp/workspace
      - checkout
      - restore_cache:
          keys:
            - v2-yarn-{{ checksum "yarn.lock" }}
            # Used if checksum fails
            - v2-yarn-
      - run:
          name: yarn install
          command: yarn install --frozen-lockfile --no-progress
          no_output_timeout: 5m
      - save_cache:
          key: v2-yarn-{{ checksum "yarn.lock" }}
          paths:
            - node_modules
      - run:
          name: Copy artifacts from workspace
          command: |
            mkdir -p dist
            cp -r /tmp/workspace/oss/dist/*.tar.gz dist/
      - run:
          name: Start grafana-server
          command: ./e2e/start-server
          background: true
      - run:
          name: "Wait for Grafana to start"
          command: './e2e/wait-for-grafana'
      - run:
          name: Run end-to-end tests
          command: ./e2e/run-suite
          no_output_timeout: 5m
      - store_artifacts:
          path: e2e/suite1/screenshots
          destination: screenshots
      - store_artifacts:
          path: e2e/suite1/videos
          destination: output-videos
      - store_artifacts:
          path: e2e/tmp/data/log
          destination: logs

  mysql-integration-test:
    docker:
      - image: cimg/go:1.14
      - image: circleci/mysql:5.6-ram
        environment:
          MYSQL_ROOT_PASSWORD: rootpass
          MYSQL_DATABASE: grafana_tests
          MYSQL_USER: grafana
          MYSQL_PASSWORD: password
    steps:
      - checkout
      - run:
          name: ci job started
          command: "./scripts/ci-job-started.sh"
      - run: sudo apt update
      - run: sudo apt install -y default-mysql-client
      - run: dockerize -wait tcp://127.0.0.1:3306 -timeout 120s
      - run: cat devenv/docker/blocks/mysql_tests/setup.sql | mysql -h 127.0.0.1 -P 3306 -u root -prootpass
      - run:
          name: mysql integration tests
          command: "./scripts/circle-test-mysql.sh"
      - run:
          name: ci job failed
          command: "./scripts/ci-job-failed.sh"
          when: on_fail
      - run:
          name: ci job succeeded
          command: "./scripts/ci-job-succeeded.sh"
          when: on_success

  postgres-integration-test:
    docker:
      - image: cimg/go:1.14
      - image: circleci/postgres:9.3-ram
        environment:
          POSTGRES_USER: grafanatest
          POSTGRES_PASSWORD: grafanatest
          POSTGRES_DB: grafanatest
    steps:
      - checkout
      - run:
          name: ci job started
          command: "./scripts/ci-job-started.sh"
      - run: sudo apt update
      - run: sudo apt install -y postgresql-client
      - run: dockerize -wait tcp://127.0.0.1:5432 -timeout 120s
      - run: "PGPASSWORD=grafanatest psql -p 5432 -h 127.0.0.1 -U grafanatest -d grafanatest -f devenv/docker/blocks/postgres_tests/setup.sql"
      - run:
          name: postgres integration tests
          command: "./scripts/circle-test-postgres.sh"
      - run:
          name: ci job failed
          command: "./scripts/ci-job-failed.sh"
          when: on_fail
      - run:
          name: ci job succeeded
          command: "./scripts/ci-job-succeeded.sh"
          when: on_success

  codespell:
    docker:
      - image: cimg/python:3.8
    steps:
      - checkout
      - run:
          name: Install codespell
          command: "pip install codespell"
      - run:
          # Important: all words have to be in lowercase, and separated by "\n".
          name: exclude known exceptions
          command: 'echo -e "unknwon\nreferer\nerrorstring\neror" > words_to_ignore.txt'
      - run:
          name: check documentation spelling errors
          command: "codespell -I ./words_to_ignore.txt docs/"

  lint-go:
    executor: go
    environment:
      # we need CGO because of go-sqlite3
      CGO_ENABLED: 1
      # Reduce golangci-lint memory usage (default is 100)
      GOGC: 20
    steps:
      - checkout
      - run:
          name: Install Go linters
          command: |
            pushd /tmp
            curl -fLO https://github.com/golangci/golangci-lint/releases/download/v1.24.0/golangci-lint-1.24.0-linux-amd64.tar.gz
            echo 241ca454102e909de04957ff8a5754c757cefa255758b3e1fba8a4533d19d179 \
              golangci-lint-1.24.0-linux-amd64.tar.gz | sha256sum --check --strict --status
            tar -xf golangci-lint-1.24.0-linux-amd64.tar.gz
            sudo mv golangci-lint-1.24.0-linux-amd64/golangci-lint /usr/local/bin/
            popd
            make scripts/go/bin/revive scripts/go/bin/gosec
      - run:
          name: Lint Go
          command: |
            go vet ./pkg/...
            golangci-lint run -v -j 4 --config scripts/go/configs/ci/.golangci.yml -E deadcode -E gofmt \
              -E gosimple -E ineffassign -E structcheck -E typecheck ./pkg/...
            golangci-lint run -v -j 4 --config scripts/go/configs/ci/.golangci.yml -E unconvert -E unused \
              -E varcheck -E goconst -E errcheck -E staticcheck ./pkg/...
            ./scripts/go/bin/revive -formatter stylish -config ./scripts/go/configs/revive.toml ./pkg/...
            ./scripts/go/bin/revive -formatter stylish -config ./scripts/go/configs/revive-strict.toml \
              ./pkg/services/alerting/... \
              ./pkg/services/provisioning/datasources/... \
              ./pkg/services/provisioning/dashboards/...

            ./scripts/go/bin/gosec -quiet -exclude=G104,G107,G108,G201,G202,G204,G301,G304,G401,G402,G501 \
              -conf=./scripts/go/configs/gosec.json ./pkg/...

  test-frontend:
    executor: node
    steps:
      - checkout
      - run:
          name: CI job started
          command: "./scripts/ci-job-started.sh"
      - restore_cache:
          keys:
            - v2-yarn-{{ checksum "yarn.lock" }}
            # Used if checksum fails
            - v2-yarn-
      - run:
          name: yarn install
          command: "yarn install --frozen-lockfile --no-progress"
          no_output_timeout: 15m
      - save_cache:
          key: v2-yarn-{{ checksum "yarn.lock" }}
          paths:
            - node_modules
      - run:
          name: frontend tests
          command: "./scripts/circle-test-frontend.sh"
      - store_test_results:
          path: reports/junit
      - run:
          name: CI job failed
          command: "./scripts/ci-job-failed.sh"
          when: on_fail
      - run:
          name: CI job succeeded
          command: "./scripts/ci-job-succeeded.sh"
          when: on_success

  test-backend:
    executor: go
    steps:
      - checkout
      - run:
          name: CI job started
          command: "./scripts/ci-job-started.sh"
      - run:
          name: build backend and run go tests
          command: "./scripts/circle-test-backend.sh"
      - run:
          name: CI job failed
          command: "./scripts/ci-job-failed.sh"
          when: on_fail
      - run:
          name: CI job succeeded
          command: "./scripts/ci-job-succeeded.sh"
          when: on_success

  build-docs-website:
    executor: grafana-build
    steps:
      - checkout
      - setup_remote_docker
      - run:
          name: CI job started
          command: "./scripts/ci-job-started.sh"
      - run:
          name: Install docker
          command: |
            apt-get update
            apt-get install -y docker.io
      - run:
          name: Build Grafana docs website
          command: |
            # Use latest revision here, since we want to catch if it breaks
            IMAGE=grafana/docs-base:latest

            # In order to copy sources into the remote container, we need to employ a trick of creating a container
            # with a volume, that we copy the sources into. Then, we launch the build container, with the volume
            # from the other container
            docker create -v /hugo/content/docs/grafana --name docs alpine:3.11 /bin/true
            docker cp ${PWD}/docs/sources docs:/hugo/content/docs/grafana/latest
            docker run --volumes-from docs $IMAGE /bin/bash -c 'make prod'
      - run:
          name: CI job failed
          command: "./scripts/ci-job-failed.sh"
          when: on_fail
      - run:
          name: CI job succeeded
          command: "./scripts/ci-job-succeeded.sh"
          when: on_success

  deploy-to-kubernetes:
    description: "Deploy Grafana master Docker image to Kubernetes"
    executor: base
    steps:
      - install-grabpl
      - run:
          name: Deploy to Kubernetes
          command: |
            /tmp/grabpl deploy-to-k8s $CIRCLE_WORKFLOW_ID

  release-packages:
    executor: node
    steps:
      - run:
          name: Exit if forked PR
          command: |
            if [[ -n "$CIRCLE_PR_NUMBER" ]]; then
              echo "Nothing to do for forked PRs, so marking this step successful"
              circleci step halt
            fi
      - checkout
      - run:
          name: CI job started
          command: "./scripts/ci-job-started.sh"
      - run:
          name: Bootstrap lerna
          command: "npx lerna bootstrap"
      - run:
          name: npm - Prepare auth token
          command: "echo //registry.npmjs.org/:_authToken=$NPM_TOKEN >> ~/.npmrc"
      - run:
          name: Release packages
          command: ./scripts/build/release-packages.sh "${CIRCLE_TAG}"
      - run:
          name: CI job failed
          command: "./scripts/ci-job-failed.sh"
          when: on_fail
      - run:
          name: CI job succeeded
          command: "./scripts/ci-job-succeeded.sh"
          when: on_success

  scan-docker-images:
    docker:
      - image: circleci/buildpack-deps:stretch
    steps:
      - setup_remote_docker
      - restore_cache:
          key: vulnerability-db
      - run:
          name: Install trivy
          command: |
            VERSION=$(
                curl --silent "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | \
                grep '"tag_name":' | \
                sed -E 's/.*"v([^"]+)".*/\1/'
            )

            wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz
            tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz
            sudo mv trivy /usr/local/bin
      - run:
          name: Clear trivy cache
          command: trivy --clear-cache
      - run:
          name: Scan grafana/grafana:master
          command: trivy --exit-code 1 grafana/grafana:master
      - run:
          name: Scan grafana/grafana:master-ubuntu
          command: trivy --exit-code 1 grafana/grafana:master-ubuntu
      - run:
          name: Scan grafana/grafana-enterprise:master
          command: trivy --exit-code 1 grafana/grafana-enterprise:master
      - run:
          name: Scan grafana/grafana-enterprise:master-ubuntu
          command: trivy --exit-code 1 grafana/grafana-enterprise:master-ubuntu
      - run:
          name: Scan grafana/grafana:latest
          command: trivy --exit-code 1 grafana/grafana:latest
      - run:
          name: Scan grafana/grafana:latest-ubuntu
          command: trivy --exit-code 1 grafana/grafana:latest-ubuntu
      - run:
          name: Scan grafana/grafana-enterprise:latest
          command: trivy --exit-code 1 grafana/grafana-enterprise:latest
      - run:
          name: Scan grafana/grafana-enterprise:latest-ubuntu
          command: trivy --exit-code 1 grafana/grafana-enterprise:latest-ubuntu
      - save_cache:
          key: vulnerability-db
          paths:
            - $HOME/.cache/trivy

workflows:
  build-pipeline:
    jobs:
      - build-backend:
          filters: *filter-master-or-release
          edition: oss
          variant: armv6
          name: build-oss-backend-armv6
          requires:
            - lint-go
      - build-backend:
          filters: *filter-master-or-release
          edition: oss
          variant: armv7
          name: build-oss-backend-armv7
          requires:
            - lint-go
      - build-backend:
          filters: *filter-master-or-release
          edition: oss
          variant: armv7-musl
          name: build-oss-backend-armv7-musl
          requires:
            - lint-go
      - build-backend:
          filters: *filter-master-or-release
          edition: oss
          variant: arm64
          name: build-oss-backend-arm64
          requires:
            - lint-go
      - build-backend:
          filters: *filter-master-or-release
          edition: oss
          variant: arm64-musl
          name: build-oss-backend-arm64-musl
          requires:
            - lint-go
      - build-backend:
          filters: *filter-all
          edition: oss
          variant: osx64
          name: build-oss-backend-osx64
          requires:
            - lint-go
      - build-backend:
          filters: *filter-all
          edition: oss
          variant: win64
          name: build-oss-backend-win64
          requires:
            - lint-go
      - build-backend:
          filters: *filter-all
          edition: oss
          variant: linux-x64
          name: build-oss-backend-linux-x64
          requires:
            - lint-go
      - build-backend:
          filters: *filter-all
          edition: oss
          variant: linux-x64-musl
          name: build-oss-backend-linux-x64-musl
          requires:
            - lint-go
      - build-frontend:
          filters: *filter-all
          name: build-oss-frontend
          edition: oss
      - build-plugins:
          filters: *filter-all
          name: build-oss-plugins
          edition: oss
          requires:
            - lint-go
      - build-backend:
          filters: *filter-master-or-release
          name: build-enterprise-backend-armv6
          edition: enterprise
          variant: armv6
          requires:
            - lint-go
      - build-backend:
          filters: *filter-master-or-release
          name: build-enterprise-backend-armv7
          edition: enterprise
          variant: armv7
          requires:
            - lint-go
      - build-backend:
          filters: *filter-master-or-release
          name: build-enterprise-backend-armv7-musl
          edition: enterprise
          variant: armv7-musl
          requires:
            - lint-go
      - build-backend:
          filters: *filter-master-or-release
          name: build-enterprise-backend-arm64
          edition: enterprise
          variant: arm64
          requires:
            - lint-go
      - build-backend:
          filters: *filter-master-or-release
          name: build-enterprise-backend-arm64-musl
          edition: enterprise
          variant: arm64-musl
          requires:
            - lint-go
      - build-backend:
          filters: *filter-all
          name: build-enterprise-backend-osx64
          edition: enterprise
          variant: osx64
          requires:
            - lint-go
      - build-backend:
          filters: *filter-all
          name: build-enterprise-backend-win64
          edition: enterprise
          variant: win64
          requires:
            - lint-go
      - build-backend:
          filters: *filter-all
          name: build-enterprise-backend-linux-x64
          edition: enterprise
          variant: linux-x64
          requires:
            - lint-go
      - build-backend:
          filters: *filter-all
          name: build-enterprise-backend-linux-x64-musl
          edition: enterprise
          variant: linux-x64-musl
          requires:
            - lint-go
      - build-frontend:
          filters: *filter-all
          name: build-enterprise-frontend
          edition: enterprise
      - build-plugins:
          filters: *filter-all
          name: build-enterprise-plugins
          edition: enterprise
          requires:
            - lint-go
      - build-release-publisher:
          filters: *filter-master-or-release
      - codespell:
          filters: *filter-all
      - lint-go:
          filters: *filter-all
      - shellcheck:
          filters: *filter-all
      - test-backend:
          filters: *filter-all
          requires:
            - lint-go
      - test-frontend:
          filters: *filter-all
      - mysql-integration-test:
          filters: *filter-all
          requires:
            - lint-go
            - test-backend
            - test-frontend
      - postgres-integration-test:
          filters: *filter-all
          requires:
            - lint-go
            - test-backend
            - test-frontend
      - package-oss:
          filters: *filter-all
          requires:
            - build-oss-backend-armv6
            - build-oss-backend-armv7
            - build-oss-backend-armv7-musl
            - build-oss-backend-arm64
            - build-oss-backend-arm64-musl
            - build-oss-backend-osx64
            - build-oss-backend-win64
            - build-oss-backend-linux-x64
            - build-oss-backend-linux-x64-musl
            - build-oss-frontend
            - test-backend
            - test-frontend
            - codespell
            - shellcheck
            - build-oss-plugins
      - package-enterprise:
          filters: *filter-all
          requires:
            - build-enterprise-backend-armv6
            - build-enterprise-backend-armv7
            - build-enterprise-backend-armv7-musl
            - build-enterprise-backend-arm64
            - build-enterprise-backend-arm64-musl
            - build-enterprise-backend-osx64
            - build-enterprise-backend-win64
            - build-enterprise-backend-linux-x64
            - build-enterprise-backend-linux-x64-musl
            - build-enterprise-frontend
            - test-backend
            - test-frontend
            - codespell
            - shellcheck
            - build-enterprise-plugins
      - build-oss-windows-installer:
          filters: *filter-all
          requires:
            - package-oss
      - build-enterprise-windows-installer:
          filters: *filter-all
          requires:
            - package-enterprise
      - release-next-packages:
          filters: *filter-only-master
          requires:
            - end-to-end-tests
      - release-packages:
          filters: *filter-only-release
          requires:
            - end-to-end-tests
            - mysql-integration-test
            - postgres-integration-test
      - publish-packages:
          filters: *filter-master-or-release
          name: publish-oss-packages
          edition: oss
          requires:
            - package-oss
            - build-oss-windows-installer
            - end-to-end-tests
            - mysql-integration-test
            - postgres-integration-test
            - build-release-publisher
      - publish-packages:
          filters: *filter-master-or-release
          name: publish-enterprise-packages
          edition: enterprise
          requires:
            - package-enterprise
            - build-enterprise-windows-installer
            - end-to-end-tests
            - mysql-integration-test
            - postgres-integration-test
            - build-release-publisher
      - publish-storybook:
          filters: *filter-all
          requires:
            - test-backend
            - test-frontend
      - build-docker-images:
          filters: *filter-all
          name: build-oss-docker-images
          edition: oss
          ubuntu: false
          requires:
            - end-to-end-tests
            - mysql-integration-test
            - postgres-integration-test
            - package-oss
            - build-oss-windows-installer
      - build-docker-images:
          filters: *filter-all
          name: build-oss-ubuntu-docker-images
          edition: oss
          ubuntu: true
          requires:
            - end-to-end-tests
            - mysql-integration-test
            - postgres-integration-test
            - package-oss
            - build-oss-windows-installer
      - build-docker-images:
          filters: *filter-all
          name: build-enterprise-docker-images
          edition: enterprise
          ubuntu: false
          requires:
            - end-to-end-tests
            - mysql-integration-test
            - postgres-integration-test
            - package-enterprise
            - build-enterprise-windows-installer
      - build-docker-images:
          filters: *filter-all
          name: build-enterprise-ubuntu-docker-images
          edition: enterprise
          ubuntu: true
          requires:
            - end-to-end-tests
            - mysql-integration-test
            - postgres-integration-test
            - package-enterprise
            - build-enterprise-windows-installer
      - end-to-end-tests:
          filters: *filter-all
          requires:
            - package-oss
      - build-docs-website:
          filters: *filter-not-release-or-master
          requires:
            - mysql-integration-test
            - postgres-integration-test
      - deploy-to-kubernetes:
          filters: *filter-only-master
          requires:
            - build-enterprise-docker-images

  nightly:
    triggers:
      - schedule:
          cron: "0 0 * * *"
          filters: *filter-only-master
    jobs:
      - scan-docker-images