CI: Add publish-artifact workflow (#107138)

* dispatch GE release build when this one is triggered * Add publish-artifact workflow * workflow_call is its own job * add needs section in publish * fix workflow reference * fix permissions * Use pattern arg instead of name * fix artifacts path * log in to docker hub in build job * remove duplicate key * bucket_path -> bucket-path * remove 'parent' input * PATH -> ARTIFACT_PATH * use find instead of rsync * set min/maxdepth * use cp -r * Add publish-artifact.yml to CODEOWNERS * refer to the workflow on main specifically
6 months ago · c15c7b1fbf
parent cff743fcd5
commit c15c7b1fbf
3 changed files with 150 additions and 18 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -840,7 +840,8 @@ embed.go @grafana/grafana-as-code
 /.github/workflows/trufflehog.yml @Proximyst
 /.github/workflows/changelog.yml @zserge
 /.github/workflows/shellcheck.yml @grafana/grafana-developer-enablement-squad
-/.github/workflows/release-build.yml  @grafana/grafana-developer-enablement-squad
+/.github/workflows/release-build.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/publish-artifact.yml @grafana/grafana-developer-enablement-squad
 /.github/actions/changelog @zserge
 /.github/workflows/swagger-gen.yml @grafana/grafana-backend-group
 /.github/workflows/pr-frontend-unit-tests.yml @grafana/grafana-frontend-platform
--- a/.github/workflows/publish-artifact.yml
+++ b/.github/workflows/publish-artifact.yml
@ -0,0 +1,62 @@
+name: Publish artifacts to bucket
+on:
+  workflow_call:
+    inputs:
+      pattern:
+        description: |
+          (From actinos/download-artifact) Glob pattern of artifacts (instead of `name`)
+          Be careful when using this option; the contents of the root of each artifact are coalesced, so ensure that they do not collide.
+        type: string
+        required: false
+      name:
+        description: (From actinos/download-artifact) Name of the GitHub artifact to upload (Ignored if `pattern` is set)
+        type: string
+        required: false
+      bucket:
+        description: Name of the GCS bucket
+        type: string
+        required: true
+      bucket-path:
+        description: Path in the GCS bucket
+        type: string
+        required: false
+        default: "."
+      environment:
+        description: "'prod' or 'dev'"
+        type: string
+        required: false
+        default: dev
+      run-id:
+        type: string
+        required: true
+jobs:
+  publish:
+    runs-on: github-hosted-ubuntu-x64-small
+    name: Publish
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+        with:
+          name: ${{ inputs.name }}
+          pattern: ${{ inputs.pattern }}
+          run-id: ${{ inputs.run-id }}
+          path: ./artifact
+      - name: Log in to GCS
+        id: login-to-gcs
+        uses: grafana/shared-workflows/actions/login-to-gcs@login-to-gcs/v0.2.1
+        with:
+          environment: ${{ inputs.environment }}
+      - name: Coalesce artifacts
+        run: |
+          mkdir out
+          find ./artifact -mindepth 2 -maxdepth 2 -exec cp -r {} out/ \;
+          ls -al out
+      - name: Upload artifacts
+        uses: grafana/shared-workflows/actions/push-to-gcs@push-to-gcs-v0.2.0
+        with:
+          bucket: ${{ inputs.bucket }}
+          environment: ${{ inputs.environment }}
+          parent: false
+          path: out
+          bucket_path: ${{ inputs.bucket-path }}
--- a/.github/workflows/release-build.yml
+++ b/.github/workflows/release-build.yml
@ -64,6 +64,55 @@ jobs:
          BUILD_ID: ${{ github.run_number }}
      - id: output
        run: echo "version=$(cat VERSION)" >> "$GITHUB_OUTPUT"
+  # Triggers the same workflow in `grafana-enterprise` on the same ref
+  downstream:
+    runs-on: github-hosted-ubuntu-x64-small
+    needs: [setup]
+    permissions:
+      contents: read
+      id-token: write
+    name: Dispatch grafana-enterprise build
+    steps:
+      - name: Log in to GCS
+        id: login-to-gcs
+        uses: grafana/shared-workflows/actions/login-to-gcs@login-to-gcs/v0.2.1
+        with:
+          environment: prod
+      - id: vault-secrets
+        uses: grafana/shared-workflows/actions/get-vault-secrets@main
+        with:
+          repo_secrets: |
+            GRAFANA_DELIVERY_BOT_APP_PEM=delivery-bot-app:PRIVATE_KEY
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
+        with:
+          app_id: ${{ vars.DELIVERY_BOT_APP_ID }}
+          private_key: ${{ env.GRAFANA_DELIVERY_BOT_APP_PEM }}
+          repositories: '["grafana-enterprise"]'
+          permissions: '{"actions": "write"}'
+      - uses: actions/github-script@v7
+        env:
+          REF: ${{ github.ref_name }}
+          VERSION: ${{ needs.setup.outputs.version }}
+          BUILD_ID: ${{ github.run_number }}
+          BUCKET: ${{ steps.login-to-gcs.outputs.bucket }}
+        with:
+          script: |
+            const {REF, VERSION, BUILD_ID, BUCKET} = process.env;
+
+            await github.rest.actions.createWorkflowDispatch({
+                owner: 'grafana',
+                repo: 'grafana-enterprise',
+                workflow_id: 'release-build.yml',
+                ref:  REF,
+                inputs: {
+                  "version": VERSION,
+                  "build-id": BUILD_ID,
+                  "bucket": BUCKET,
+                }
+            })
+
  build:
    runs-on: github-hosted-ubuntu-x64-large
    needs: [setup]
@ -72,6 +121,7 @@ jobs:
      id-token: write
    name: ${{ needs.setup.outputs.version }} / ${{ matrix.name }}
    strategy:
+      fail-fast: false
      matrix:
        # The artifacts in these lists are grouped by their os+arch because the
        # build process can reuse the binaries for each artifact.
@ -97,6 +147,7 @@ jobs:
          - name: darwin-arm64
            artifacts: targz:grafana:darwin/arm64
    steps:
+      - uses: grafana/shared-workflows/actions/dockerhub-login@main
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
@ -115,23 +166,41 @@ jobs:
          output: artifacts-${{ matrix.name }}.txt
          verify: true
          build-id: ${{ github.run_number }}
-      - name: Log in to GCS
-        id: login-to-gcs
-        uses: grafana/shared-workflows/actions/login-to-gcs@login-to-gcs/v0.2.1
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
        with:
-          environment: prod
-      - name: Upload artifacts
-        uses: grafana/shared-workflows/actions/push-to-gcs@push-to-gcs-v0.2.0
+          name: artifacts-list-${{ matrix.name }}
+          path: ${{ steps.build.outputs.file }}
+          retention-days: 1
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
        with:
-          bucket: ${{ steps.login-to-gcs.outputs.bucket }}
-          environment: prod
-          parent: false
+          name: artifacts-${{ matrix.name }}
          path: ${{ steps.build.outputs.dist-dir }}
-          bucket_path: ${{ needs.setup.outputs.version }}
-      - name: Upload manifest
-        uses: grafana/shared-workflows/actions/push-to-gcs@push-to-gcs-v0.2.0
-        with:
-          bucket: ${{ steps.login-to-gcs.outputs.bucket }}
-          environment: prod
-          path: ${{ steps.build.outputs.file }}
-          bucket_path: ${{ needs.setup.outputs.version }}
+          retention-days: 1
+  publish-artifacts:
+    name: Upload artifacts
+    uses: grafana/grafana/.github/workflows/publish-artifact.yml@km/prerelease-builds-gha
+    permissions:
+      id-token: write
+    needs:
+      - setup
+      - build
+    with:
+      bucket: grafana-prerelease
+      pattern: artifacts-*
+      run-id: ${{ github.run_id }}
+      bucket-path: ${{ needs.setup.outputs.version }}
+      environment: prod
+  publish-artifact-lists:
+    name: Upload artifacts
+    uses: grafana/grafana/.github/workflows/publish-artifact.yml@main
+    permissions:
+      id-token: write
+    needs:
+      - setup
+      - build
+    with:
+      bucket: grafana-prerelease
+      pattern: artifacts-list-*
+      run-id: ${{ github.run_id }}
+      bucket-path: ${{ needs.setup.outputs.version }}
+      environment: prod