apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60575 Commits
2292 Branches
613 Tags
1.8 GiB
 
 
 
 
 
 
Tag: Branch: Tree: c9b2126c4a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c9b2126c4a'
${ noResults }
grafana/.drone.yml

2991 lines
79 KiB
Raw Blame History

---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-verify-drone
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.21.3
name: identify-runner
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.24.4-alpine
name: compile-build-cmd
- commands:
- ./bin/build verify-drone
depends_on:
- compile-build-cmd
image: byrnedo/alpine-curl:0.1.8
name: lint-drone
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- scripts/drone/**
- .drone.yml
- .drone.star
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-verify-starlark
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.21.3
name: identify-runner
- commands:
- go install github.com/bazelbuild/buildtools/buildifier@latest
- buildifier --lint=warn -mode=check -r .
depends_on: []
image: golang:1.24.4-alpine
name: lint-starlark
trigger:
event:
- pull_request
paths:
exclude:
- docs/**
- '*.md'
include:
- scripts/drone/**
- .drone.star
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-build-e2e
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $(/usr/bin/github-app-external-token) > /github-app/token
environment:
GITHUB_APP_ID:
from_secret: github-app-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: github-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: github-app-private-key
failure: ignore
image: us-docker.pkg.dev/grafanalabs-global/docker-deployment-tools-prod/github-app-secret-writer:2024-11-05-v11688112090.1-83920c59
name: github-app-generate-token
volumes:
- name: github-app
path: /github-app
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.21.3
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.1.2/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.24.4-alpine
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.24.4-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: golang:1.24.4-alpine
name: verify-gen-jsonnet
- commands:
- yarn install --immutable || yarn install --immutable
depends_on: []
image: node:22.16.0-alpine
name: yarn-install
- commands:
- apk add --update jq bash
- yarn packages:build
- yarn packages:pack
- ./scripts/validate-npm-packages.sh
depends_on:
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: node:22.16.0-alpine
name: build-frontend-packages
- failure: ignore
image: grafana/drone-downstream
name: trigger-enterprise-downstream
settings:
params:
- SOURCE_BUILD_NUMBER=${DRONE_COMMIT}
- SOURCE_COMMIT=${DRONE_COMMIT}
- OSS_PULL_REQUEST=${DRONE_PULL_REQUEST}
repositories:
- grafana/grafana-enterprise@${DRONE_SOURCE_BRANCH}
server: https://drone.grafana.net
token:
from_secret: drone_token
- commands:
- wget -qO- https://github.com/dagger/dagger/releases/download/v0.18.8/dagger_v0.18.8_linux_amd64.tar.gz
| tar zx -C /bin
- apk add docker
- docker run --privileged --rm tonistiigi/binfmt:qemu-v7.0.0-28 --version
- docker run --privileged --rm tonistiigi/binfmt:qemu-v7.0.0-28 --uninstall 'qemu-*'
- docker run --privileged --rm tonistiigi/binfmt:qemu-v7.0.0-28 --install all
- go run ./pkg/build/cmd artifacts -a targz:grafana:linux/amd64 -a targz:grafana:linux/arm64
-a targz:grafana:linux/arm/v7 -a docker:grafana:linux/amd64 -a docker:grafana:linux/amd64:ubuntu
-a docker:grafana:linux/arm64 -a docker:grafana:linux/arm64:ubuntu -a docker:grafana:linux/arm/v7
-a docker:grafana:linux/arm/v7:ubuntu --yarn-cache=$$YARN_CACHE_FOLDER --build-id=$$DRONE_BUILD_NUMBER
--ubuntu-base=ubuntu-base --alpine-base=alpine-base --tag-format='{{ .version_base
}}-{{ .buildID }}-{{ .arch }}' --ubuntu-tag-format='{{ .version_base }}-{{ .buildID
}}-ubuntu-{{ .arch }}' --verify='false' --grafana-dir=$$PWD > packages.txt
- find ./dist -name '*docker*.tar.gz' -type f | xargs -n1 docker load -i
depends_on:
- yarn-install
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
image: golang:1.24.4-alpine
name: rgm-package
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana
depends_on:
- rgm-package
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GITHUB_APP_ID: "329617"
GITHUB_APP_INSTALLATION_ID: "37346161"
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
failure: ignore
image: google/cloud-sdk:431.0.0
name: publish-images-grafana
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- yarn e2e:plugin:build
depends_on:
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: node:22.16.0-alpine
name: build-test-plugins
- commands:
- apk add --update tar bash
- mkdir grafana
- tar --strip-components=1 -xvf ./dist/*amd64.tar.gz -C grafana
- cp -r devenv scripts tools grafana && cd grafana && ./scripts/grafana-server/start-server
depends_on:
- rgm-package
detach: true
environment:
GF_APP_MODE: development
GF_SERVER_HTTP_PORT: "3001"
GF_SERVER_ROUTER_LOGGING: "1"
image: alpine:3.21.3
name: grafana-server
- commands:
- GITHUB_TOKEN=$(cat /github-app/token)
- cd /
- ./cpp-e2e/scripts/ci-run.sh azure ${DRONE_SOURCE_BRANCH}
depends_on:
- grafana-server
- github-app-generate-token
environment:
AZURE_SP_APP_ID:
from_secret: azure_sp_app_id
AZURE_SP_PASSWORD:
from_secret: azure_sp_app_pw
AZURE_TENANT:
from_secret: azure_tenant
CYPRESS_CI: "true"
HOST: grafana-server
image: us-docker.pkg.dev/grafanalabs-dev/docker-oss-plugin-partnerships-dev/e2e-14.3.2:1.0.0
name: end-to-end-tests-cloud-plugins-suite-azure
volumes:
- name: github-app
path: /github-app
when:
paths:
include:
- pkg/tsdb/azuremonitor/**
- public/app/plugins/datasource/azuremonitor/**
- e2e/cloud-plugins-suite/azure-monitor.spec.ts
repo:
- grafana/grafana
- commands:
- npx wait-on@7.0.1 http://$HOST:$PORT
- yarn playwright install --with-deps chromium
- yarn e2e:playwright --grep @plugins
depends_on:
- grafana-server
- build-test-plugins
environment:
HOST: grafana-server
PORT: "3001"
PROV_DIR: /grafana/scripts/grafana-server/tmp/conf/provisioning
image: node:22-bookworm
name: playwright-plugin-e2e
- commands:
- apt-get update
- apt-get install -yq zip
- printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json
- gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json
- gsutil cp -r ./playwright-report/. gs://releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report
- export E2E_PLAYWRIGHT_REPORT_URL=https://storage.googleapis.com/releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report/index.html
- "echo \"E2E Playwright report uploaded to: \n $${E2E_PLAYWRIGHT_REPORT_URL}\""
depends_on:
- playwright-plugin-e2e
environment:
GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY:
from_secret: gcp_upload_artifacts_key
failure: ignore
image: google/cloud-sdk:431.0.0
name: playwright-e2e-report-upload
when:
status:
- success
- failure
- commands:
- GITHUB_TOKEN=$(cat /github-app/token)
- if [ ! -d ./playwright-report/trace ]; then echo 'all tests passed'; exit 0; fi
- export E2E_PLAYWRIGHT_REPORT_URL=https://storage.googleapis.com/releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report/index.html
- 'curl -L -X POST https://api.github.com/repos/grafana/grafana/issues/${DRONE_PULL_REQUEST}/comments
-H "Accept: application/vnd.github+json" -H "Authorization: Bearer $${GITHUB_TOKEN}"
-H "X-GitHub-Api-Version: 2022-11-28" -d "{\"body\":\"❌ Failed to run Playwright
plugin e2e tests. <br /> <br /> Click [here]($${E2E_PLAYWRIGHT_REPORT_URL}) to
browse the Playwright report and trace viewer. <br /> For information on how to
run Playwright tests locally, refer to the [Developer guide](https://github.com/grafana/grafana/blob/main/contribute/developer-guide.md#to-run-the-playwright-tests).
\"}"'
depends_on:
- playwright-e2e-report-upload
- github-app-generate-token
failure: ignore
image: byrnedo/alpine-curl:0.1.8
name: playwright-e2e-report-post-link
volumes:
- name: github-app
path: /github-app
when:
status:
- success
- failure
- commands:
- export GITHUB_TOKEN=$(cat /github-app/token)
- if [ -z `find ./e2e -type f -name *spec.ts.mp4` ]; then echo 'no e2e videos found
from remaining tests'; exit 0; fi
- apt-get update
- apt-get install -yq zip
- printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json
- gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json
- find ./e2e -type f -name "*spec.ts.mp4" | zip e2e/videos.zip -@
- gsutil cp e2e/videos.zip gs://$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- export E2E_ARTIFACTS_VIDEO_ZIP=https://storage.googleapis.com/$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- 'echo "E2E Test artifacts uploaded to: $${E2E_ARTIFACTS_VIDEO_ZIP}"'
- 'curl -X POST https://api.github.com/repos/${DRONE_REPO}/statuses/${DRONE_COMMIT_SHA}
-H "Authorization: token $${GITHUB_TOKEN}" -d "{\"state\":\"success\",\"target_url\":\"$${E2E_ARTIFACTS_VIDEO_ZIP}\",
\"description\": \"Click on the details to download e2e recording videos\", \"context\":
\"e2e_artifacts\"}"'
depends_on:
- end-to-end-tests-cloud-plugins-suite-azure
- playwright-plugin-e2e
- github-app-generate-token
environment:
E2E_TEST_ARTIFACTS_BUCKET: releng-pipeline-artifacts-dev
GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY:
from_secret: gcp_upload_artifacts_key
failure: ignore
image: google/cloud-sdk:431.0.0
name: e2e-tests-artifacts-upload
volumes:
- name: github-app
path: /github-app
when:
status:
- success
- failure
- commands:
- yarn storybook:build
- ./bin/build verify-storybook
depends_on:
- rgm-package
- build-frontend-packages
environment:
NODE_OPTIONS: --max_old_space_size=4096
image: node:22.16.0-alpine
name: build-storybook
when:
paths:
include:
- packages/grafana-ui/**
- commands:
- npx wait-on@7.0.1 http://$HOST:$PORT
- pa11y-ci --config e2e/pa11yci.conf.js
depends_on:
- grafana-server
environment:
GRAFANA_MISC_STATS_API_KEY:
from_secret: grafana_misc_stats_api_key
HOST: grafana-server
NO_THRESHOLDS: "false"
PORT: 3001
failure: always
image: grafana/docker-puppeteer:1.1.0
name: test-a11y-frontend
trigger:
event:
- pull_request
paths:
exclude:
- '*.md'
- docs/**
- latest.json
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: github-app
temp: {}
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: pr-docs
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.21.3
name: identify-runner
- commands:
- yarn install --immutable || yarn install --immutable
depends_on: []
image: node:22.16.0-alpine
name: yarn-install
- commands:
- yarn run prettier:checkDocs
depends_on:
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: node:22.16.0-alpine
name: lint-docs
- commands:
- mkdir -p /hugo/content/docs/grafana/latest
- 'echo -e ''---\nredirectURL: /docs/grafana/latest/\ntype: redirect\nversioned:
true\n---\n'' > /hugo/content/docs/grafana/_index.md'
- cp -r docs/sources/* /hugo/content/docs/grafana/latest/
- cd /hugo && make prod
image: grafana/docs-base:latest
name: build-docs-website
pull: always
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.24.4-alpine
name: verify-gen-cue
trigger:
event:
- pull_request
paths:
include:
- '*.md'
- docs/**
- packages/**/*.md
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-docs
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.21.3
name: identify-runner
- commands:
- yarn install --immutable || yarn install --immutable
depends_on: []
image: node:22.16.0-alpine
name: yarn-install
- commands:
- yarn run prettier:checkDocs
depends_on:
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: node:22.16.0-alpine
name: lint-docs
- commands:
- mkdir -p /hugo/content/docs/grafana/latest
- 'echo -e ''---\nredirectURL: /docs/grafana/latest/\ntype: redirect\nversioned:
true\n---\n'' > /hugo/content/docs/grafana/_index.md'
- cp -r docs/sources/* /hugo/content/docs/grafana/latest/
- cd /hugo && make prod
image: grafana/docs-base:latest
name: build-docs-website
pull: always
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.24.4-alpine
name: verify-gen-cue
trigger:
branch: main
event:
- push
paths:
include:
- '*.md'
- docs/**
- packages/**/*.md
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-build-e2e-publish
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $(/usr/bin/github-app-external-token) > /github-app/token
environment:
GITHUB_APP_ID:
from_secret: github-app-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: github-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: github-app-private-key
failure: ignore
image: us-docker.pkg.dev/grafanalabs-global/docker-deployment-tools-prod/github-app-secret-writer:2024-11-05-v11688112090.1-83920c59
name: github-app-generate-token
volumes:
- name: github-app
path: /github-app
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.21.3
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.1.2/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.24.4-alpine
name: compile-build-cmd
- commands:
- '# It is required that code generated from Thema/CUE be committed and in sync
with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-cue
depends_on: []
image: golang:1.24.4-alpine
name: verify-gen-cue
- commands:
- '# It is required that generated jsonnet is committed and in sync with its inputs.'
- '# The following command will fail if running code generators produces any diff
in output.'
- apk add --update make
- CODEGEN_VERIFY=1 make gen-jsonnet
depends_on: []
image: golang:1.24.4-alpine
name: verify-gen-jsonnet
- commands:
- yarn install --immutable || yarn install --immutable
depends_on: []
image: node:22.16.0-alpine
name: yarn-install
- commands:
- apk add --update jq
- new_version=$(cat package.json | jq -r .version | sed s/pre/${DRONE_BUILD_NUMBER}/g)
- 'echo "New version: $new_version"'
- yarn run lerna version $new_version --exact --no-git-tag-version --no-push --force-publish
-y
- yarn install --mode=update-lockfile
depends_on:
- yarn-install
image: node:22.16.0-alpine
name: update-package-json-version
- commands:
- apk add --update jq bash
- yarn packages:build
- yarn packages:pack
- ./scripts/validate-npm-packages.sh
depends_on:
- yarn-install
- update-package-json-version
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: node:22.16.0-alpine
name: build-frontend-packages
- commands:
- wget -qO- https://github.com/dagger/dagger/releases/download/v0.18.8/dagger_v0.18.8_linux_amd64.tar.gz
| tar zx -C /bin
- apk add docker
- docker run --privileged --rm tonistiigi/binfmt:qemu-v7.0.0-28 --version
- docker run --privileged --rm tonistiigi/binfmt:qemu-v7.0.0-28 --uninstall 'qemu-*'
- docker run --privileged --rm tonistiigi/binfmt:qemu-v7.0.0-28 --install all
- go run ./pkg/build/cmd artifacts -a targz:grafana:linux/amd64 -a targz:grafana:linux/arm64
-a targz:grafana:linux/arm/v7 -a docker:grafana:linux/amd64 -a docker:grafana:linux/amd64:ubuntu
-a docker:grafana:linux/arm64 -a docker:grafana:linux/arm64:ubuntu -a docker:grafana:linux/arm/v7
-a docker:grafana:linux/arm/v7:ubuntu --yarn-cache=$$YARN_CACHE_FOLDER --build-id=$$DRONE_BUILD_NUMBER
--ubuntu-base=ubuntu-base --alpine-base=alpine-base --tag-format='{{ .version_base
}}-{{ .buildID }}-{{ .arch }}' --ubuntu-tag-format='{{ .version_base }}-{{ .buildID
}}-ubuntu-{{ .arch }}' --verify='false' --grafana-dir=$$PWD > packages.txt
- find ./dist -name '*docker*.tar.gz' -type f | xargs -n1 docker load -i
depends_on:
- update-package-json-version
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
image: golang:1.24.4-alpine
name: rgm-package
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana
depends_on:
- rgm-package
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
GITHUB_APP_ID: "329617"
GITHUB_APP_INSTALLATION_ID: "37346161"
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0
name: publish-images-grafana
volumes:
- name: docker
path: /var/run/docker.sock
when:
repo:
- grafana/grafana
- commands:
- yarn e2e:plugin:build
depends_on:
- yarn-install
environment:
NODE_OPTIONS: --max_old_space_size=8192
image: node:22.16.0-alpine
name: build-test-plugins
- commands:
- apk add --update tar bash
- mkdir grafana
- tar --strip-components=1 -xvf ./dist/*amd64.tar.gz -C grafana
- cp -r devenv scripts tools grafana && cd grafana && ./scripts/grafana-server/start-server
depends_on:
- rgm-package
detach: true
environment:
GF_APP_MODE: development
GF_SERVER_HTTP_PORT: "3001"
GF_SERVER_ROUTER_LOGGING: "1"
image: alpine:3.21.3
name: grafana-server
- commands:
- GITHUB_TOKEN=$(cat /github-app/token)
- cd /
- ./cpp-e2e/scripts/ci-run.sh azure ${DRONE_SOURCE_BRANCH}
depends_on:
- grafana-server
- github-app-generate-token
environment:
AZURE_SP_APP_ID:
from_secret: azure_sp_app_id
AZURE_SP_PASSWORD:
from_secret: azure_sp_app_pw
AZURE_TENANT:
from_secret: azure_tenant
CYPRESS_CI: "true"
HOST: grafana-server
image: us-docker.pkg.dev/grafanalabs-dev/docker-oss-plugin-partnerships-dev/e2e-14.3.2:1.0.0
name: end-to-end-tests-cloud-plugins-suite-azure
volumes:
- name: github-app
path: /github-app
when:
paths:
include:
- pkg/tsdb/azuremonitor/**
- public/app/plugins/datasource/azuremonitor/**
- e2e/cloud-plugins-suite/azure-monitor.spec.ts
repo:
- grafana/grafana
- commands:
- npx wait-on@7.0.1 http://$HOST:$PORT
- yarn playwright install --with-deps chromium
- yarn e2e:playwright --grep @plugins
depends_on:
- grafana-server
- build-test-plugins
environment:
HOST: grafana-server
PORT: "3001"
PROV_DIR: /grafana/scripts/grafana-server/tmp/conf/provisioning
image: node:22-bookworm
name: playwright-plugin-e2e
- commands:
- apt-get update
- apt-get install -yq zip
- printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json
- gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json
- gsutil cp -r ./playwright-report/. gs://releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report
- export E2E_PLAYWRIGHT_REPORT_URL=https://storage.googleapis.com/releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report/index.html
- "echo \"E2E Playwright report uploaded to: \n $${E2E_PLAYWRIGHT_REPORT_URL}\""
depends_on:
- playwright-plugin-e2e
environment:
GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY:
from_secret: gcp_upload_artifacts_key
failure: ignore
image: google/cloud-sdk:431.0.0
name: playwright-e2e-report-upload
when:
status:
- success
- failure
- commands:
- GITHUB_TOKEN=$(cat /github-app/token)
- if [ ! -d ./playwright-report/trace ]; then echo 'all tests passed'; exit 0; fi
- export E2E_PLAYWRIGHT_REPORT_URL=https://storage.googleapis.com/releng-pipeline-artifacts-dev/${DRONE_BUILD_NUMBER}/playwright-report/index.html
- 'curl -L -X POST https://api.github.com/repos/grafana/grafana/issues/${DRONE_PULL_REQUEST}/comments
-H "Accept: application/vnd.github+json" -H "Authorization: Bearer $${GITHUB_TOKEN}"
-H "X-GitHub-Api-Version: 2022-11-28" -d "{\"body\":\"❌ Failed to run Playwright
plugin e2e tests. <br /> <br /> Click [here]($${E2E_PLAYWRIGHT_REPORT_URL}) to
browse the Playwright report and trace viewer. <br /> For information on how to
run Playwright tests locally, refer to the [Developer guide](https://github.com/grafana/grafana/blob/main/contribute/developer-guide.md#to-run-the-playwright-tests).
\"}"'
depends_on:
- playwright-e2e-report-upload
- github-app-generate-token
failure: ignore
image: byrnedo/alpine-curl:0.1.8
name: playwright-e2e-report-post-link
volumes:
- name: github-app
path: /github-app
when:
status:
- success
- failure
- commands:
- export GITHUB_TOKEN=$(cat /github-app/token)
- if [ -z `find ./e2e -type f -name *spec.ts.mp4` ]; then echo 'no e2e videos found
from remaining tests'; exit 0; fi
- apt-get update
- apt-get install -yq zip
- printenv GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY > /tmp/gcpkey_upload_artifacts.json
- gcloud auth activate-service-account --key-file=/tmp/gcpkey_upload_artifacts.json
- find ./e2e -type f -name "*spec.ts.mp4" | zip e2e/videos.zip -@
- gsutil cp e2e/videos.zip gs://$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- export E2E_ARTIFACTS_VIDEO_ZIP=https://storage.googleapis.com/$${E2E_TEST_ARTIFACTS_BUCKET}/${DRONE_BUILD_NUMBER}/artifacts/videos/videos.zip
- 'echo "E2E Test artifacts uploaded to: $${E2E_ARTIFACTS_VIDEO_ZIP}"'
- 'curl -X POST https://api.github.com/repos/${DRONE_REPO}/statuses/${DRONE_COMMIT_SHA}
-H "Authorization: token $${GITHUB_TOKEN}" -d "{\"state\":\"success\",\"target_url\":\"$${E2E_ARTIFACTS_VIDEO_ZIP}\",
\"description\": \"Click on the details to download e2e recording videos\", \"context\":
\"e2e_artifacts\"}"'
depends_on:
- end-to-end-tests-cloud-plugins-suite-azure
- playwright-plugin-e2e
- github-app-generate-token
environment:
E2E_TEST_ARTIFACTS_BUCKET: releng-pipeline-artifacts-dev
GCP_GRAFANA_UPLOAD_ARTIFACTS_KEY:
from_secret: gcp_upload_artifacts_key
failure: ignore
image: google/cloud-sdk:431.0.0
name: e2e-tests-artifacts-upload
volumes:
- name: github-app
path: /github-app
when:
status:
- success
- failure
- commands:
- yarn storybook:build
- ./bin/build verify-storybook
depends_on:
- rgm-package
- build-frontend-packages
environment:
NODE_OPTIONS: --max_old_space_size=4096
image: node:22.16.0-alpine
name: build-storybook
when:
paths:
include:
- packages/grafana-ui/**
- commands:
- npx wait-on@7.0.1 http://$HOST:$PORT
- pa11y-ci --config e2e/pa11yci.conf.js
depends_on:
- grafana-server
environment:
GRAFANA_MISC_STATS_API_KEY:
from_secret: grafana_misc_stats_api_key
HOST: grafana-server
NO_THRESHOLDS: "true"
PORT: 3001
failure: ignore
image: grafana/docker-puppeteer:1.1.0
name: test-a11y-frontend
- commands:
- ./bin/build store-storybook --deployment canary
depends_on:
- build-storybook
- end-to-end-tests-cloud-plugins-suite-azure
- playwright-plugin-e2e
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: store-storybook
when:
paths:
include:
- packages/grafana-ui/**
repo:
- grafana/grafana
- commands:
- apk add --update bash grep git
- ./scripts/ci-frontend-metrics.sh ./grafana/public/build | ./bin/build publish-metrics
$$GRAFANA_MISC_STATS_API_KEY
depends_on:
- test-a11y-frontend
environment:
GRAFANA_MISC_STATS_API_KEY:
from_secret: grafana_misc_stats_api_key
failure: ignore
image: node:22.16.0-alpine
name: publish-frontend-metrics
when:
repo:
- grafana/grafana
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana-oss
depends_on:
- rgm-package
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
GITHUB_APP_ID: "329617"
GITHUB_APP_INSTALLATION_ID: "37346161"
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0
name: publish-images-grafana-oss
volumes:
- name: docker
path: /var/run/docker.sock
when:
repo:
- grafana/grafana
- commands:
- apk add --update bash git
- ./scripts/publish-npm-packages.sh --dist-tag 'canary' --registry 'https://registry.npmjs.org'
depends_on:
- end-to-end-tests-cloud-plugins-suite-azure
- playwright-plugin-e2e
- build-frontend-packages
environment:
NPM_TOKEN:
from_secret: npm_token
image: node:22.16.0-alpine
name: release-canary-npm-packages
when:
paths:
include:
- packages/**
repo:
- grafana/grafana
- commands:
- ./bin/build upload-packages --edition oss
depends_on:
- rgm-package
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: upload-packages
when:
repo:
- grafana/grafana
- commands:
- ./bin/build upload-cdn --edition oss
depends_on:
- rgm-package
environment:
GCP_KEY:
from_secret: gcp_grafanauploads
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: upload-cdn-assets
when:
repo:
- grafana/grafana
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: github-app
temp: {}
---
clone:
retries: 3
depends_on:
- main-build-e2e-publish
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: main-trigger-downstream
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- image: grafana/drone-downstream
name: trigger-enterprise-downstream
settings:
params:
- SOURCE_BUILD_NUMBER=${DRONE_COMMIT}
- SOURCE_COMMIT=${DRONE_COMMIT}
repositories:
- grafana/grafana-enterprise@main
server: https://drone.grafana.net
token:
from_secret: drone_token
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- main-build-e2e-publish
kind: pipeline
name: main-notify
platform:
arch: amd64
os: linux
steps:
- image: plugins/slack
name: slack
settings:
channel: grafana-ci-notifications
template: |-
Build {{build.number}} failed for commit: <https://github.com/{{repo.owner}}/{{repo.name}}/commit/{{build.commit}}|{{ truncate build.commit 8 }}>: {{build.link}}
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>
Author: {{build.author}}
webhook:
from_secret: slack_webhook
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- latest.json
repo:
- grafana/grafana
status:
- failure
type: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rrc-trigger-downstream
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- image: grafana/drone-downstream
name: trigger-enterprise-downstream
settings:
params:
- SOURCE_BUILD_NUMBER=${DRONE_COMMIT}
- SOURCE_COMMIT=${DRONE_COMMIT}
- SOURCE_TAG=${DRONE_TAG}
repositories:
- grafana/grafana-enterprise@${DRONE_SOURCE_BRANCH}
server: https://drone.grafana.net
token:
from_secret: drone_token
trigger:
branch:
- instant
- fast
- steady
- slow
ref:
include:
- refs/tags/rrc*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: publish-docker-public
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.21.3
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.1.2/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.24.4-alpine
name: compile-build-cmd
- commands:
- ./bin/build artifacts docker fetch --edition oss
depends_on:
- compile-build-cmd
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
image: google/cloud-sdk:431.0.0
name: fetch-images
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- apk add bash
- |2-
bash -c '
IMAGE_TAG=$(echo "$${TAG}" | sed -e "s/+/-/g")
debug=
if [[ -n $${DRY_RUN} ]]; then debug=echo; fi
docker login -u $${DOCKER_USER} -p $${DOCKER_PASSWORD}
# Push the grafana-image-tags images
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-amd64
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-arm64
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-armv7
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-amd64
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-arm64
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-armv7
# Create the grafana manifests
$$debug docker manifest create grafana/grafana:$${IMAGE_TAG} grafana/grafana-image-tags:$${IMAGE_TAG}-amd64 grafana/grafana-image-tags:$${IMAGE_TAG}-arm64 grafana/grafana-image-tags:$${IMAGE_TAG}-armv7
$$debug docker manifest create grafana/grafana:$${IMAGE_TAG}-ubuntu grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-amd64 grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-arm64 grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-armv7
# Push the grafana manifests
$$debug docker manifest push grafana/grafana:$${IMAGE_TAG}
$$debug docker manifest push grafana/grafana:$${IMAGE_TAG}-ubuntu
# if LATEST is set, then also create & push latest
if [[ -n $${LATEST} ]]; then
$$debug docker manifest create grafana/grafana:latest grafana/grafana-image-tags:$${IMAGE_TAG}-amd64 grafana/grafana-image-tags:$${IMAGE_TAG}-arm64 grafana/grafana-image-tags:$${IMAGE_TAG}-armv7
$$debug docker manifest create grafana/grafana:latest-ubuntu grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-amd64 grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-arm64 grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-armv7
$$debug docker manifest push grafana/grafana:latest
$$debug docker manifest push grafana/grafana:latest-ubuntu
fi'
depends_on:
- fetch-images
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
image: docker:27-cli
name: publish-images-grafana
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --dockerhub-repo grafana/grafana-oss --version-tag
${DRONE_TAG}
depends_on:
- fetch-images
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
GITHUB_APP_ID: "329617"
GITHUB_APP_INSTALLATION_ID: "37346161"
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0
name: publish-images-grafana-oss
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: manually-publish-docker-public
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $DRONE_RUNNER_NAME
image: alpine:3.21.3
name: identify-runner
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.1.2/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.24.4-alpine
name: compile-build-cmd
- commands:
- ./bin/build artifacts docker fetch --edition oss
depends_on:
- compile-build-cmd
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_grafanauploads
image: google/cloud-sdk:431.0.0
name: fetch-images
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- apk add bash
- |2-
bash -c '
IMAGE_TAG=$(echo "$${TAG}" | sed -e "s/+/-/g")
debug=
if [[ -n $${DRY_RUN} ]]; then debug=echo; fi
docker login -u $${DOCKER_USER} -p $${DOCKER_PASSWORD}
# Push the grafana-image-tags images
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-amd64
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-arm64
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-armv7
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-amd64
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-arm64
$$debug docker push grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-armv7
# Create the grafana manifests
$$debug docker manifest create grafana/grafana:$${IMAGE_TAG} grafana/grafana-image-tags:$${IMAGE_TAG}-amd64 grafana/grafana-image-tags:$${IMAGE_TAG}-arm64 grafana/grafana-image-tags:$${IMAGE_TAG}-armv7
$$debug docker manifest create grafana/grafana:$${IMAGE_TAG}-ubuntu grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-amd64 grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-arm64 grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-armv7
# Push the grafana manifests
$$debug docker manifest push grafana/grafana:$${IMAGE_TAG}
$$debug docker manifest push grafana/grafana:$${IMAGE_TAG}-ubuntu
# if LATEST is set, then also create & push latest
if [[ -n $${LATEST} ]]; then
$$debug docker manifest create grafana/grafana:latest grafana/grafana-image-tags:$${IMAGE_TAG}-amd64 grafana/grafana-image-tags:$${IMAGE_TAG}-arm64 grafana/grafana-image-tags:$${IMAGE_TAG}-armv7
$$debug docker manifest create grafana/grafana:latest-ubuntu grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-amd64 grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-arm64 grafana/grafana-image-tags:$${IMAGE_TAG}-ubuntu-armv7
$$debug docker manifest push grafana/grafana:latest
$$debug docker manifest push grafana/grafana:latest-ubuntu
fi'
depends_on:
- fetch-images
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
image: docker:27-cli
name: publish-images-grafana
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
event:
- promote
target:
- publish-docker-public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: create-release-pr
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- export GITHUB_TOKEN=$(cat /github-app/token)
- apk add perl
- v_target=`echo $${TAG} | perl -pe 's/^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/v\1.\2.x/'`
- curl -L $${GH_CLI_URL} | tar -xz --strip-components=1 -C /usr
- gh workflow run -f dry_run=$${DRY_RUN} -f version=$${TAG} -f target=$${v_target}
-f latest=$${LATEST} --repo=grafana/grafana release-pr.yml
depends_on: []
environment:
GH_CLI_URL: https://github.com/cli/cli/releases/download/v2.50.0/gh_2.50.0_linux_amd64.tar.gz
image: byrnedo/alpine-curl:0.1.8
name: create-release-pr
volumes:
- name: github-app
path: /github-app
trigger:
event:
- promote
target: release-pr
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: github-app
temp: {}
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: publish-artifacts-public
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.24.4-alpine
name: compile-build-cmd
- commands:
- ./bin/build artifacts packages --artifacts-editions=oss --tag $${DRONE_TAG} --src-bucket
$${PRERELEASE_BUCKET}
depends_on:
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: publish-artifacts
- commands:
- ./bin/build artifacts storybook --tag ${DRONE_TAG}
depends_on:
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
image: grafana/grafana-ci-deploy:1.3.3
name: publish-storybook
- commands:
- echo $(/usr/bin/github-app-external-token) > /github-app/token
environment:
GITHUB_APP_ID:
from_secret: github-app-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: github-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: github-app-private-key
failure: ignore
image: us-docker.pkg.dev/grafanalabs-global/docker-deployment-tools-prod/github-app-secret-writer:2024-11-05-v11688112090.1-83920c59
name: github-app-generate-token
volumes:
- name: github-app
path: /github-app
- commands:
- export GITHUB_TOKEN=$(cat /github-app/token)
- apk add perl
- v_target=`echo $${TAG} | perl -pe 's/^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/v\1.\2.x/'`
- curl -L $${GH_CLI_URL} | tar -xz --strip-components=1 -C /usr
- gh workflow run -f dry_run=$${DRY_RUN} -f version=$${TAG} -f target=$${v_target}
-f latest=$${LATEST} --repo=grafana/grafana release-pr.yml
depends_on:
- publish-artifacts
- github-app-generate-token
environment:
GH_CLI_URL: https://github.com/cli/cli/releases/download/v2.50.0/gh_2.50.0_linux_amd64.tar.gz
image: byrnedo/alpine-curl:0.1.8
name: create-release-pr
volumes:
- name: github-app
path: /github-app
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: github-app
temp: {}
---
clone:
retries: 3
depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: publish-npm-packages-public
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.24.4-alpine
name: compile-build-cmd
- commands:
- yarn install --immutable || yarn install --immutable
depends_on: []
image: node:22.16.0-alpine
name: yarn-install
- commands:
- ./bin/build artifacts npm retrieve --tag ${DRONE_TAG}
depends_on:
- compile-build-cmd
- yarn-install
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
PRERELEASE_BUCKET:
from_secret: prerelease_bucket
failure: ignore
image: grafana/grafana-ci-deploy:1.3.3
name: retrieve-npm-packages
- commands:
- ./bin/build artifacts npm release --tag ${DRONE_TAG}
depends_on:
- compile-build-cmd
- retrieve-npm-packages
environment:
NPM_TOKEN:
from_secret: npm_token
failure: ignore
image: node:22.16.0-alpine
name: release-npm-packages
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: verify-grafanacom-artifacts
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- apk add curl bash
- "\n for i in {1..5}; do\n if ./scripts/drone/verify-grafanacom.sh;
then\n exit 0\n elif [ $i -eq 5 ]; then\n exit
1\n else\n sleep 60\n fi\n done\n
\ "
depends_on: []
image: node:22.16.0-alpine
name: verify-grafanacom
trigger:
event:
- promote
target: verify-grafanacom-artifacts
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- publish-artifacts-public
- publish-docker-public
environment:
EDITION: oss
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: publish-packages
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.24.4-alpine
name: compile-build-cmd
- depends_on:
- compile-build-cmd
image: us.gcr.io/kubernetes-dev/package-publish:latest
name: publish-linux-packages-deb
privileged: true
settings:
access_key_id:
from_secret: packages_access_key_id
deb_distribution: auto
gpg_passphrase:
from_secret: packages_gpg_passphrase
gpg_private_key:
from_secret: packages_gpg_private_key
gpg_public_key:
from_secret: packages_gpg_public_key
package_path: gs://grafana-prerelease/artifacts/downloads/*${DRONE_TAG}/oss/**.deb
secret_access_key:
from_secret: packages_secret_access_key
service_account_json:
from_secret: packages_service_account
target_bucket: grafana-packages
- depends_on:
- compile-build-cmd
image: us.gcr.io/kubernetes-dev/package-publish:latest
name: publish-linux-packages-rpm
privileged: true
settings:
access_key_id:
from_secret: packages_access_key_id
deb_distribution: auto
gpg_passphrase:
from_secret: packages_gpg_passphrase
gpg_private_key:
from_secret: packages_gpg_private_key
gpg_public_key:
from_secret: packages_gpg_public_key
package_path: gs://grafana-prerelease/artifacts/downloads/*${DRONE_TAG}/oss/**.rpm
secret_access_key:
from_secret: packages_secret_access_key
service_account_json:
from_secret: packages_service_account
target_bucket: grafana-packages
- commands:
- ./bin/build publish grafana-com --edition oss ${DRONE_TAG}
depends_on:
- publish-linux-packages-deb
- publish-linux-packages-rpm
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
GRAFANA_COM_API_KEY:
from_secret: grafana_api_key
image: grafana/grafana-ci-deploy:1.3.3
name: publish-grafanacom
- commands:
- apk add curl bash
- "\n for i in {1..5}; do\n if ./scripts/drone/verify-grafanacom.sh;
then\n exit 0\n elif [ $i -eq 5 ]; then\n exit
1\n else\n sleep 60\n fi\n done\n
\ "
depends_on:
- publish-grafanacom
image: node:22.16.0-alpine
name: verify-grafanacom
trigger:
event:
- promote
target:
- public
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: publish-grafanacom
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.24.4-alpine
name: compile-build-cmd
- commands:
- ./bin/build publish grafana-com --edition oss ${DRONE_TAG}
depends_on:
- compile-build-cmd
environment:
GCP_KEY:
from_secret: gcp_grafanauploads_base64
GRAFANA_COM_API_KEY:
from_secret: grafana_api_key
image: grafana/grafana-ci-deploy:1.3.3
name: publish-grafanacom
trigger:
event:
- promote
target: publish-grafanacom
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-main-prerelease
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- wget -qO- https://github.com/dagger/dagger/releases/download/v0.18.8/dagger_v0.18.8_linux_amd64.tar.gz
| tar zx -C /bin
- apk add docker
- export GRAFANA_DIR=$$(pwd)
- export GITHUB_TOKEN=$(cat /github-app/token)
- ./pkg/build/daggerbuild/scripts/drone_build_main.sh
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.21.3
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: golang:1.24.4-alpine
name: rgm-build
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- name: github-app
path: /github-app
trigger:
branch: main
event:
- push
paths:
exclude:
- '*.md'
- docs/**
- packages/**/*.md
- latest.json
repo:
- grafana/grafana
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-tag-prerelease
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- wget -qO- https://github.com/dagger/dagger/releases/download/v0.18.8/dagger_v0.18.8_linux_amd64.tar.gz
| tar zx -C /bin
- apk add docker
- export GRAFANA_DIR=$$(pwd)
- export GITHUB_TOKEN=$(cat /github-app/token)
- ./pkg/build/daggerbuild/scripts/drone_build_tag_grafana.sh
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.21.3
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: golang:1.24.4-alpine
name: rgm-build
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- name: github-app
path: /github-app
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- rgm-tag-prerelease
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-tag-verify-prerelease-assets
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- apt-get update && apt-get install -yq gettext
- printenv GCP_KEY | base64 -d > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- ./scripts/list-release-artifacts.sh ${DRONE_TAG} | xargs -n1 gsutil stat >> /tmp/stat.log
- '! cat /tmp/stat.log | grep "No URLs matched"'
depends_on:
- clone
environment:
BUCKET: grafana-prerelease
GCP_KEY:
from_secret: gcp_key_base64
image: google/cloud-sdk:431.0.0
name: gsutil-stat
trigger:
event:
exclude:
- promote
ref:
exclude:
- refs/tags/*-cloud*
include:
- refs/tags/v*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-version-branch-prerelease
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- wget -qO- https://github.com/dagger/dagger/releases/download/v0.18.8/dagger_v0.18.8_linux_amd64.tar.gz
| tar zx -C /bin
- apk add docker
- export GRAFANA_DIR=$$(pwd)
- export GITHUB_TOKEN=$(cat /github-app/token)
- ./pkg/build/daggerbuild/scripts/drone_build_tag_grafana.sh
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.21.3
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: golang:1.24.4-alpine
name: rgm-build
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- name: github-app
path: /github-app
trigger:
ref:
- refs/heads/v[0-9]*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- rgm-version-branch-prerelease
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-prerelease-verify-prerelease-assets
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- apt-get update && apt-get install -yq gettext
- printenv GCP_KEY | base64 -d > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- ./scripts/list-release-artifacts.sh ${DRONE_TAG} | xargs -n1 gsutil stat >> /tmp/stat.log
- '! cat /tmp/stat.log | grep "No URLs matched"'
depends_on:
- clone
environment:
BUCKET: grafana-prerelease
GCP_KEY:
from_secret: gcp_key_base64
image: google/cloud-sdk:431.0.0
name: gsutil-stat
trigger:
ref:
- refs/heads/v[0-9]*
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-nightly-build
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- wget -qO- https://github.com/dagger/dagger/releases/download/v0.18.8/dagger_v0.18.8_linux_amd64.tar.gz
| tar zx -C /bin
- apk add docker
- export GRAFANA_DIR=$$(pwd)
- export GITHUB_TOKEN=$(cat /github-app/token)
- ./pkg/build/daggerbuild/scripts/drone_build_nightly_grafana.sh
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.21.3
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: golang:1.24.4-alpine
name: rgm-build
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- name: github-app
path: /github-app
- commands:
- mkdir -p $${DESTINATION}/$${DRONE_BUILD_EVENT}
- printenv GCP_KEY_BASE64 | base64 -d > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- gcloud storage cp -r $${DRONE_WORKSPACE}/dist/* $${DESTINATION}/$${DRONE_BUILD_EVENT}
depends_on:
- rgm-build
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
image: google/cloud-sdk:alpine
name: rgm-copy
trigger:
cron:
include:
- nightly-release
event:
include:
- cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on:
- rgm-nightly-build
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-nightly-publish
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- mkdir -p $${DRONE_WORKSPACE}/dist
- printenv GCP_KEY_BASE64 | base64 -d > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- gcloud storage cp -r $${DESTINATION}/$${DRONE_BUILD_EVENT}/*_$${DRONE_BUILD_NUMBER}_*
$${DRONE_WORKSPACE}/dist
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
image: google/cloud-sdk:alpine
name: rgm-copy
- commands:
- wget -qO- https://github.com/dagger/dagger/releases/download/v0.18.8/dagger_v0.18.8_linux_amd64.tar.gz
| tar zx -C /bin
- apk add docker
- export GRAFANA_DIR=$$(pwd)
- export GITHUB_TOKEN=$(cat /github-app/token)
- ./pkg/build/daggerbuild/scripts/drone_publish_nightly_grafana.sh
depends_on:
- rgm-copy
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.21.3
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: golang:1.24.4-alpine
name: rgm-publish
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- name: github-app
path: /github-app
- depends_on:
- rgm-publish
image: us.gcr.io/kubernetes-dev/package-publish:latest
name: publish-deb
privileged: true
settings:
access_key_id:
from_secret: packages_access_key_id
gpg_passphrase:
from_secret: packages_gpg_passphrase
gpg_private_key:
from_secret: packages_gpg_private_key
gpg_public_key:
from_secret: packages_gpg_public_key
package_path: file:///drone/src/dist/*.deb
secret_access_key:
from_secret: packages_secret_access_key
service_account_json:
from_secret: packages_service_account
target_bucket: grafana-packages
- depends_on:
- rgm-publish
image: us.gcr.io/kubernetes-dev/package-publish:latest
name: publish-rpm
privileged: true
settings:
access_key_id:
from_secret: packages_access_key_id
gpg_passphrase:
from_secret: packages_gpg_passphrase
gpg_private_key:
from_secret: packages_gpg_private_key
gpg_public_key:
from_secret: packages_gpg_public_key
package_path: file:///drone/src/dist/*.rpm
secret_access_key:
from_secret: packages_secret_access_key
service_account_json:
from_secret: packages_service_account
target_bucket: grafana-packages
trigger:
cron:
include:
- nightly-release
event:
include:
- cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- gcr
- gar
kind: pipeline
name: rgm-promotion
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- echo $(/usr/bin/github-app-external-token) > /github-app/token
environment:
GITHUB_APP_ID:
from_secret: github-app-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: github-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: github-app-private-key
failure: ignore
image: us-docker.pkg.dev/grafanalabs-global/docker-deployment-tools-prod/github-app-secret-writer:2024-11-05-v11688112090.1-83920c59
name: github-app-generate-token
volumes:
- name: github-app
path: /github-app
- commands:
- wget -qO- https://github.com/dagger/dagger/releases/download/v0.18.8/dagger_v0.18.8_linux_amd64.tar.gz
| tar zx -C /bin
- apk add docker
- export GITHUB_TOKEN=$(cat /github-app/token)
- dagger run --silent go run ./pkg/build/cmd artifacts -a $${ARTIFACTS} --grafana-ref=$${GRAFANA_REF}
--enterprise-ref=$${ENTERPRISE_REF} --grafana-repo=$${GRAFANA_REPO} --build-id=$${DRONE_BUILD_NUMBER}
--version=$${VERSION}
depends_on:
- github-app-generate-token
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
ALPINE_BASE: alpine:3.21.3
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
UBUNTU_BASE: ubuntu:22.04
image: golang:1.24.4-alpine
name: rgm-build
pull: always
volumes:
- name: docker
path: /var/run/docker.sock
- name: github-app
path: /github-app
- commands:
- printenv GCP_KEY_BASE64 | base64 -d > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- gcloud storage cp -r dist/* $${UPLOAD_TO}
depends_on:
- rgm-build
environment:
_EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
from_secret: dagger_token
CDN_DESTINATION:
from_secret: rgm_cdn_destination
DESTINATION:
from_secret: destination
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
DOWNLOADS_DESTINATION:
from_secret: rgm_downloads_destination
GCOM_API_KEY:
from_secret: grafana_api_key
GCP_KEY_BASE64:
from_secret: gcp_key_base64
GPG_PASSPHRASE:
from_secret: packages_gpg_passphrase
GPG_PRIVATE_KEY:
from_secret: packages_gpg_private_key
GPG_PUBLIC_KEY:
from_secret: packages_gpg_public_key
NPM_TOKEN:
from_secret: npm_token
STORYBOOK_DESTINATION:
from_secret: rgm_storybook_destination
image: google/cloud-sdk:alpine
name: rgm-copy
trigger:
event:
- promote
target: upload-packages
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: github-app
path: /github-app
- name: github-app
temp: {}
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:latest-image
platform:
arch: amd64
os: linux
steps:
- commands:
- echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
environment:
GCR_CREDENTIALS:
from_secret: gcr_credentials
image: docker:dind
name: authenticate-gcr
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:latest failed: {{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:main-image
platform:
arch: amd64
os: linux
steps:
- commands:
- echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
environment:
GCR_CREDENTIALS:
from_secret: gcr_credentials
image: docker:dind
name: authenticate-gcr
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:main failed: {{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:latest-ubuntu-image
platform:
arch: amd64
os: linux
steps:
- commands:
- echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
environment:
GCR_CREDENTIALS:
from_secret: gcr_credentials
image: docker:dind
name: authenticate-gcr
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:latest-ubuntu
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:latest-ubuntu
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:latest-ubuntu failed:
{{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
kind: pipeline
name: scan-grafana/grafana:main-ubuntu-image
platform:
arch: amd64
os: linux
steps:
- commands:
- echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
environment:
GCR_CREDENTIALS:
from_secret: gcr_credentials
image: docker:dind
name: authenticate-gcr
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana:main-ubuntu
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy image --exit-code 1 --severity HIGH,CRITICAL grafana/grafana:main-ubuntu
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for grafana/grafana:main-ubuntu failed:
{{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
clone:
retries: 3
kind: pipeline
name: scan-build-test-and-publish-docker-images
platform:
arch: amd64
os: linux
steps:
- commands:
- echo $${GCR_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
environment:
GCR_CREDENTIALS:
from_secret: gcr_credentials
image: docker:dind
name: authenticate-gcr
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM docker:27-cli
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM alpine/git:2.40.1
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM golang:1.24.4-alpine
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM node:22.16.0-alpine
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM node:22-bookworm
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM google/cloud-sdk:431.0.0
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana-ci-deploy:1.3.3
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM alpine:3.21.3
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM ubuntu:22.04
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM byrnedo/alpine-curl:0.1.8
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM plugins/slack
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM us.gcr.io/kubernetes-dev/package-publish:latest
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/drone-downstream
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/docker-puppeteer:1.1.0
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/docs-base:latest
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM cypress/included:14.3.2
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM jwilder/dockerize:0.6.1
- trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM us-docker.pkg.dev/grafanalabs-global/docker-deployment-tools-prod/github-app-secret-writer:2024-11-05-v11688112090.1-83920c59
depends_on:
- authenticate-gcr
image: aquasec/trivy:0.21.0
name: scan-unknown-low-medium-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- commands:
- trivy --exit-code 1 --severity HIGH,CRITICAL docker:27-cli
- trivy --exit-code 1 --severity HIGH,CRITICAL alpine/git:2.40.1
- trivy --exit-code 1 --severity HIGH,CRITICAL golang:1.24.4-alpine
- trivy --exit-code 1 --severity HIGH,CRITICAL node:22.16.0-alpine
- trivy --exit-code 1 --severity HIGH,CRITICAL node:22-bookworm
- trivy --exit-code 1 --severity HIGH,CRITICAL google/cloud-sdk:431.0.0
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana-ci-deploy:1.3.3
- trivy --exit-code 1 --severity HIGH,CRITICAL alpine:3.21.3
- trivy --exit-code 1 --severity HIGH,CRITICAL ubuntu:22.04
- trivy --exit-code 1 --severity HIGH,CRITICAL byrnedo/alpine-curl:0.1.8
- trivy --exit-code 1 --severity HIGH,CRITICAL plugins/slack
- trivy --exit-code 1 --severity HIGH,CRITICAL us.gcr.io/kubernetes-dev/package-publish:latest
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/drone-downstream
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/docker-puppeteer:1.1.0
- trivy --exit-code 1 --severity HIGH,CRITICAL grafana/docs-base:latest
- trivy --exit-code 1 --severity HIGH,CRITICAL cypress/included:14.3.2
- trivy --exit-code 1 --severity HIGH,CRITICAL jwilder/dockerize:0.6.1
- trivy --exit-code 1 --severity HIGH,CRITICAL us-docker.pkg.dev/grafanalabs-global/docker-deployment-tools-prod/github-app-secret-writer:2024-11-05-v11688112090.1-83920c59
depends_on:
- authenticate-gcr
environment:
GOOGLE_APPLICATION_CREDENTIALS:
from_secret: gcr_credentials_json
image: aquasec/trivy:0.21.0
name: scan-high-critical-vulnerabilities
volumes:
- name: docker
path: /var/run/docker.sock
- name: config
path: /root/.docker/
- image: plugins/slack
name: slack-notify-failure
settings:
channel: grafana-backend-ops
template: 'Nightly docker image scan job for build-images failed: {{build.link}}'
webhook:
from_secret: slack_webhook_backend
when:
status: failure
trigger:
cron: nightly
event: cron
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
- name: config
temp: {}
---
get:
name: app-id
path: ci/data/repo/grafana/grafana/github-app
kind: secret
name: github-app-app-id
---
get:
name: app-installation-id
path: ci/data/repo/grafana/grafana/github-app
kind: secret
name: github-app-installation-id
---
get:
name: private-key
path: ci/data/repo/grafana/grafana/github-app
kind: secret
name: github-app-private-key
---
get:
name: credentials.json
path: infra/data/ci/grafana-release-eng/grafanauploads
kind: secret
name: gcp_grafanauploads
---
get:
name: credentials_base64
path: infra/data/ci/grafana-release-eng/grafanauploads
kind: secret
name: gcp_grafanauploads_base64
---
get:
name: api_key
path: infra/data/ci/grafana-release-eng/grafanacom
kind: secret
name: grafana_api_key
---
get:
name: .dockerconfigjson
path: secret/data/common/gcr
kind: secret
name: gcr
---
get:
name: .dockerconfigjson
path: secret/data/common/gar
kind: secret
name: gar
---
get:
name: machine-user-token
path: infra/data/ci/drone
kind: secret
name: drone_token
---
get:
name: bucket
path: infra/data/ci/grafana/prerelease
kind: secret
name: prerelease_bucket
---
get:
name: username
path: ci/data/common/dockerhub
kind: secret
name: docker_username
---
get:
name: password
path: ci/data/common/dockerhub
kind: secret
name: docker_password
---
get:
name: credentials.json
path: infra/data/ci/grafana/releng/artifacts-uploader-service-account
kind: secret
name: gcp_upload_artifacts_key
---
get:
name: credentials.json
path: infra/data/ci/grafana/assets-downloader-build-container-service-account
kind: secret
name: gcp_download_build_container_assets_key
---
get:
name: application_id
path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials
kind: secret
name: azure_sp_app_id
---
get:
name: application_secret
path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials
kind: secret
name: azure_sp_app_pw
---
get:
name: tenant_id
path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials
kind: secret
name: azure_tenant
---
get:
name: token
path: infra/data/ci/grafana-release-eng/npm
kind: secret
name: npm_token
---
get:
name: public-key-b64
path: infra/data/ci/packages-publish/gpg
kind: secret
name: packages_gpg_public_key
---
get:
name: private-key-b64
path: infra/data/ci/packages-publish/gpg
kind: secret
name: packages_gpg_private_key
---
get:
name: passphrase
path: infra/data/ci/packages-publish/gpg
kind: secret
name: packages_gpg_passphrase
---
get:
name: credentials.json
path: infra/data/ci/packages-publish/service-account
kind: secret
name: packages_service_account
---
get:
name: AccessID
path: infra/data/ci/packages-publish/bucket-credentials
kind: secret
name: packages_access_key_id
---
get:
name: Secret
path: infra/data/ci/packages-publish/bucket-credentials
kind: secret
name: packages_secret_access_key
---
get:
name: static_asset_editions
path: infra/data/ci/grafana-release-eng/artifact-publishing
kind: secret
name: static_asset_editions
---
get:
name: gcp_service_account_prod_base64
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: gcp_key_base64
---
get:
name: destination_prod
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: destination
---
get:
name: storybook_destination
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: rgm_storybook_destination
---
get:
name: cdn_destination
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: rgm_cdn_destination
---
get:
name: downloads_destination
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: rgm_downloads_destination
---
get:
name: dagger_token
path: infra/data/ci/grafana-release-eng/rgm
kind: secret
name: dagger_token
---
get:
name: PRIVATE_KEY
path: ci/data/repo/grafana/grafana/delivery-bot-app
kind: secret
name: delivery-bot-app-private-key
---
get:
name: service-account
path: secret/data/common/gcr
kind: secret
name: gcr_credentials
---
kind: signature
hmac: d20f1d6e2e8347701f82114ad352f53db57dc95b5b3831941fa93d063a92b9d8
...